Another script to run Get-FolderPermission against all the folders in a mailbox

  • Article

I think this script might be helpful for administrators in organizations where sharing of mailbox folders is extensive. I’ve tested it both in remote PowerShell for Exchange Online, and in Exchange Management Shell for Exchange 2013 SP1. There are others like it out there, but I like this one for its singularity of purpose . . . just running a read-only “Get” for an entire mailbox’s folder permissions.

The impetus to write it came when one of my customers asked to check some mailboxes to see if a particular user had access to some folders in them. You may already be aware that in Exchange Management Shell it’s not really possible to run Get-MailboxFolder beyond the scope of the presently logged on user. So as wonderful as it would be, it’s not possible to feed the output of Get-MailboxFolder to Get-MailboxFolderPermission for other users in the organization.

Nevertheless I knew from other examples that PowerShell would make it possible to take the output of another cmdlet, Get-MailboxFolderStatistics, and reshape it for piping into Get-MailboxFolderPermission. So I set about writing a script that would take a single user mailbox’s alias as input, enumerate all the folders visible in the mailbox, then run Get-MailboxFolderPermission against that output.

The following is the result of that effort. I wrote it to display the folders and permissions on screen, and then also write the data to a text file. I recommend use either as is or modify it for your own purposes as you see fit.

#############################################################################
#
# This script runs Get-MailboxFolderPermission for a valid mailbox specified
# by the user.  It displays the folder-level permissions on screen and also
# dumps them to a text file.
#
# Created by jtedoff@microsoft.com
# Last modified 5/24/2014
#
#############################################################################

# This function collects a mailbox from the user. It checks that the mailbox exists and that the input results in only one mailbox.

Function GetMailbox
{
$mb = Read-Host "Alias of mailbox to retrieve folder permissions?"

$check = Get-Mailbox -Identity $mb -erroraction silentlycontinue
If ($check){
 $chk = $check.count
 If ($chk -and $chk -gt 1){
  Write-Host ""
  Write-Host "Please specify only one mailbox" -ForeGroundColor Yellow
  Write-Host ""
  GetMailbox
  }
  Else {
  Enumerate
  }
 }
 Else {
 Write-Host ""
 Write-Host "This is not a valid mailbox alias, please retry" -ForeGroundColor Red
 Write-Host ""
 GetMailbox
 }
}

# This function runs Get-MailboxFolderStatistics for the mailbox found in GetMailbox. It then takes the output and reformats it for a foreach loop that runs Get-MailboxFolderPermission for each folder path found

Function Enumerate
{
 Write-Host ""
 Write-Host "Analyzing mailbox" $check -ForeGroundColor Green
 Write-Host ""

$file = ("." + $check.alias + "-" + $check.DisplayName + ".txt")

$mbfs = Get-MailboxFolderStatistics -Identity $check.Identity

$flist = $mbfs.folderpath

$flist | foreach {$chg = $_ -replace "/" , ""
 $pchg = ($check.alias + ":" + $chg)
 $go = Get-MailboxFolderPermission -Identity $pchg -erroraction silentlycontinue
 If ($go) {
  Write-Host ""  
  Write-Host "Folder permission for" $pchg -ForegroundColor Green
  $pchg | Out-File $file -append
  $go
  $go | Out-File $File -append
 }
 Else {}
 }

}

# After the functions are defined the script calls the first one

GetMailbox