Managing Exchange Public Folder Permissions

Article
12/03/2013

Over the years, there has been a request for finding various permissions on Public Folder objects within Exchange. I figured that I would share how to do some of these tasks, specific to Exchange 2010 and 2013.

NOTE: The following commands use the Exchange Management Shell

Exchange 2010
List All Top Level Public Folders Default Permissions
Get-PublicFolder \ -GetChildren | Get-PublicFolderClientPermission | Where {$_.User.IsDefault -eq $True} | FT Identity, User, AccessRights -auto -wrap

List All Top Level Public Folders Anonymous Permissions
Get-PublicFolder \ -GetChildren | Get-PublicFolderClientPermission | ?{$_.User.IsAnonymous -eq $True} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Where Anonymous is set to Owner
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{($_.User.IsAnonymous -eq $True) -AND ($_.AccessRights -eq 'Owner')} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Where Default is NOT Author
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{($_.User.IsDefault -eq $True) -AND ($_.AccessRights -ne 'Author')} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Where JoeUser is set to Owner
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{($_.User -like "*JoeUser*") -AND ($_.AccessRights -eq 'Owner')} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Containing Old/Deleted Users with Permissions
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{$_.User -like "*NT User:*"} | FT Identity, User, AccessRights -auto -wrap

Remove Old/Deleted Users from Public Folders (w/ WhatIf)
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{$_.User -like "*NT User:*"} | ForEach {Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -AccessRights $_.AccessRights -WhatIf

Modify/Add JoeUser to be an Owner of a Folder
Add-PublicFolderClientPermission -Identity "\MyPublicFolder\Reports" -User JoeUser -AccessRights Owner

Exchange 2013
List All Top Level Public Folders Default Permissions
Get-PublicFolder \ -GetChildren | Get-PublicFolderClientPermission | Where { $_.User.UserType -eq 'Default' } | FT Identity, User, AccessRights -auto -wrap

List All Top Level Public Folders Anonymous Permissions
Get-PublicFolder \ -GetChildren | Get-PublicFolderClientPermission | ?{$_.User.UserType -eq 'Anonymous'} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Where Anonymous is set to Owner
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ? {($_.User.UserType -eq 'Anonymous') -AND ($_.AccessRights -eq 'Owner')} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Where Default is NOT Author
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{($_.User.UserType -eq 'Default') -AND ($_.AccessRights -ne 'Author')} | FT Identity, User, AccessRights -auto -wrap

List All Public Folders Containing Old/Deleted Users with Permissions
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{$_.User.UserType -like "Unknown"} | FT Identity, User, AccessRights -auto -wrap

Remove Old/Deleted Users from Public Folders (w/ WhatIf)
Get-PublicFolder \ -Recurse | Get-PublicFolderClientPermission | ?{$_.User.UserType -like "Unknown"} | ForEach {Remove-PublicFolderClientPermission -Identity $_.Identity -User $_.User -AccessRights $_.AccessRights -WhatIf}

Modify JoeUser to be an Owner of a Folder
Add-PublicFolderClientPermission -Identity "\MyPublicFolder\Reports" -User JoeUser -AccessRights Owner

More information on managing Public Folders can be found on TechNet for Exchange.

Good Luck

Managing Exchange Public Folder Permissions

Additional resources