Exchange 2010: And then there is the long awaited cmdlet Add-MailboxFolderPermission

So many new features have been included in Exchange 2010, that it would indeed take me more than days to talk about all of these, but there are so many very nice features that you should keep in mind when thinking about Exchange 2010, and one is these is the new built-in cmdlet “Add-MailboxFolderPermission”.

What’s this: Add-MailboxFolderPermission

Looking at the description posted on TechNet this cmdlet enables you to “manage folder-level permissions for all folders within a user’s mailbox“,  meaning you can use this cmdlet to delegate any of the following roles to any mailbox folder for any mailbox-enabled user in your organization, given you have sufficient permissions 🙂

(Source = Add-MailboxFolderPermission)

  • ReadItems   The user has the right to read items within the specified folder.

  • CreateItems   The user has the right to create items within the specified folder.

  • EditOwnedItems   The user has the right to edit the items that the user owns in the specified folder.

  • DeleteOwnedItems   The user has the right to delete items that the user owns in the specified folder.

  • EditAllItems   The user has the right to edit all items in the specified folder.

  • DeleteAllItems   The user has the right to delete all items in the specified folder.

  • CreateSubfolders   The user has the right to create subfolders in the specified folder.

  • FolderOwner   The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items.

  • FolderContact   The user is the contact for the specified public folder.

  • FolderVisible   The user can view the specified folder, but can’t read or edit items within the specified public folder.

The AccessRights parameter also specifies the permissions for the user with the following roles, which are a combination of the rights listed previously:

  • None   FolderVisible

  • Owner   CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

  • PublishingEditor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

  • Editor   CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

  • PublishingAuthor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • Author   CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems

  • NonEditingAuthor   CreateItems, ReadItems, FolderVisible

  • Reviewer   ReadItems, FolderVisible

  • Contributor   CreateItems, FolderVisible

The following roles apply specifically to calendar folders:

  • AvailabilityOnly   View only availability data

  • LimitedDetails   View availability data with subject and location

The permissions you need in order to be able to do so, are any of the followin built-in management roles (as stated here), there is no need to have been granted full mailbox access prior to being able to change those folder permissions (!): Organization Management, Recipient Management, Help Desk.

Let’s have a look at an example. Here are the permission settings for my test mailbox Ilse, and as you can see, these are the default settings, without previous changes:

Can we get this information using the power of the (Remote) Exchange Management Shell? Yes, by using the cmdlet Get-MailboxFolderPermission, as can be seen in the example below, when running Get-MailboxFolderPermission ilsevancriekinge@exchange.local:\Calendar

And then we can run the following cmdlet to add User7 with the permission of Editor:

Add-MailboxFolderPermission -Identity ilsevancriekinge@exchange.local :\Calendar -User user7@exchange.local -AccessRights editor

And when checking with Microsoft Office Outlook, it’s clear the permissions have been set:


Comments (15)

  1. obi ejiofor says:

    Use these commands to set calendar or remove calendar permissions on multiple mailboxes.

    get-content C:tempCalendar.txt | ForEach-Object {Add-MailboxFolderPermission $_":Calendar" -User -AccessRights Reviewer}

    get-content C:tempCalendar.txt | ForEach-Object {Remove-MailboxFolderPermission $_":Calendar" -User -AccessRights Reviewer}

  2. Robbie De Sutter says:

    Thank you for the tutorial. I do have two questions.

    First of all I'm running an international business, hence my users do not have a "Calendar" folder, but an "Agenda" (Dutch) or "Kalendar" (German) or … How to deal with that (without me tracking which language every user is using)?

    Secondly, can I change the standard permission level of Default to "LimitedDetails" such that new mailbox automatically get there Calendar details shared with subject and location?

    Thank in advance for your feedback.

  3. Sagadudud says:

    This may be coming in too late but, the answer to your question is to use :Agenda or :Kalendar inplace of :Calendar and the rest of the Add-MailboxFolderPermission/Get-MailboxFolderPermission/Remove-MailboxFolderPermission is pretty much thesame.

  4. Dave Borsh says:

    Is there a way to capture all folders, not specify Inbox or Calendar?

  5. Ruud says:

    Get-MailboxFolderStatistics <mailbox> | %{Get-MailboxFolderPermission ("<mailbox>:{0}" -f $_.FolderId


    Also solves the 'problem' of different folder names due to chosen language.

  6. m_a_tt says:

    Function Set-Reviewer-On-Mailbox($mailboxsmtp, $reviewersmtp, $remove = $false){

    # Need Exchange tools.

    if ( (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue) -eq $null )


    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010


    Write-host "Getting folders for $mailboxsmtp"

    $stats = Get-MailboxFolderStatistics $mailboxsmtp

    Write-Host Got $stats.count folders

    foreach ($folder in $stats){

    $ident = $mailboxsmtp + ":" + $folder.FolderID

    if (-not $remove){

    Write-host Adding Reviewer Permission for $reviewersmtp on folder path $folder.folderPath

    Add-MailboxFolderPermission -Identity $ident -AccessRights Reviewer -User $reviewersmtp  | Out-Null


    else {

    Write-host Removing Reviewer Permission for $reviewersmtp on folder path $folder.folderPath

    Remove-MailboxFolderPermission -Identity $ident -User $reviewersmtp -Confirm:$false | Out-Null





  7. m_a_tt says:

    Ruud put me on the right track.  Use SMTP addresses for the first 2 params.  The mailbox you want to give access out to, then the reviewer's smtp address.  Sending in the $true param at the end will Remove any rights.  (This is also useful to revoke or if there are already some other rights that were delegated before you ever got there.)

    # give sam reviewer rights to joe's mailbox


    # revoke sam's reviewer rights to joe's mailbox

    Set-Reviewer-On-Mailbox $true

  8. S.L. says:

    How do I remove Exchange mailbox folder permissions for ALL folders (recursively) without specifying anything? We are using Exchaneg 2010 SP1.

    I tried using following with no luck:

    Get-MailboxFolderStatistics <smtp> | %{Get-MailboxFolderPermission ("smtp:{0}" -f $_.FolderId)}| Remove-MailboxFolderPermission -User <smtp>

  9. GB says:

    I wonder why this was so much easier in previous versions of Exchange… all this required shell stuff and no GUI makes lazy admins sad.

  10. ML49448 says:

    For those who are in an international environment, you can use

    get-mailbox $mailboxName | Get-MailboxFolderStatistics | where-object {$_.FolderType -eq ‘Calendar’} | Set-MailboxFolderPermission -user default -AccessRights reviewer

  11. CMR says:

    How do you create custom -AccessRights, meaning specific ACL? I need to only allow users to read full details but no other permissions.

  12. MS says:

    I wish to give only read the email and edit subject line. Which permission will be applicable.

  13. MS says:

    I wish to give only read the email and edit subject line. Which permission will be applicable.

  14. Frustrated User says:

    I know this is really late, but can I point out how awfully stupid it is that Get-MailboxPermission doesn’t list anyone who has access to a subfolder?

  15. show box says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets. – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above
    all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.
    Movie Box, an esteemed movies application in which you can find stacks of programs and films. The guide is given here to download Movie Box app to Android and to Apple iOS 9.0.2, iOS 8.4/8.3 and also for the lower versions without Jailbreak.
    Please do login to Showbox application with the help of Ymail. You can login in Ymail from here –
    Sign Up & Do registration for latest movies on Showbox application