Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Home > Blogs > Exchange Server > Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Like This Blog 1 Mike Pfeiffer
Added by September 27, 2013

 

Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Now one of the things that can be really useful in the Exchange Management Shell (EMS) is pushing out mailbox‑folder permissions. This could be on any folder in the mailbox but I’m going to focus mainly on the calendar because that’s usually one of the common ones. Normally you want to share out or give people review or access to your mailbox calendar or you want to have a certain users calendar be able to be seen by everyone in the organization and doing that by hand obviously could take forever.

Let’s just start off by doing this manually for one calendar. I’m in my administrator mailbox.

001-Mailbox-Folder-Permissions-using-PowerShell

I go into the properties of my calendar. I can come over to permissions

002-Mailbox-Folder-Permissions-using-PowerShell

I’ll pull out Allan Miller.

003-new-vpn-properties-Windows-Server-2012-R2-Group-Policy-IPv6-Enhancements

We’ll let him be a reviewer so he can see my appointments and the content all that good stuff and hit apply.

004-add-user-Mailbox-Folder-Permissions-using-PowerShell

Now I might want to be able to just take the entire organization and basically give everyone in the organization the same exact permissions and there’s a cmdlet that can help us. It’s called Add-MailboxFolder permission. We also have an equivalent which is Get-MailboxFolderPermission and we can run that against the administrator by using administrator :\calendar.

005-add-user-Mailbox-Folder-Permissions-using-PowerShell

Which will give me the mailbox folder permissions folder and you see what I get back is the one that I just added and of course the others.

006-get-folder-permissions-using-PowerShell

So we’ve got Allan Miller as reviewer and a couple of others. So we can do a Get or other things. Let’s take a look at this use case of doing this for every user in the organization.

I’m going to save a collection.

$mailboxes = Get-Mailbox –ResultSize unlimited

What I want to do is basically result size unlimited and by default Get-Mailbox will only retreive the first thousand mailboxes but I want to ignore that because I want all the mailboxes and put them into this variable.

I will take this variable and pipe it over to the ForEach object alias which is the % sign and I’m going to create my script block with the starting curly brace {. From there I’m just going to add mailbox permission, the permission is going to be assigned to each user that comes across the pipelines.

007-get-folder-permissions-using-PowerShell

So in here I need to reference their name.

008-get-folder-permissions-using-PowerShell

When we did the administrator it looked like this, administrator:\calendar

008-get-folder-permissions-using-PowerShell

But we don’t want the administrator, we want each user as they come across the pipelines. We got to use that south expression syntax here so we do a $ sign and then an open parenthesis [ and then a $ sign underscore _ and we’ll use the alias property because that’s an easy one and that’s unique.

009-get-folder-permissions-using-PowerShell

So that will get it expanded in that “ “ string and we’ll sign the administrator to that given the access rights of the reviewer.

010-get-folder-permissions-using-PowerShell

So basically what we’re doing here is for everybody in the organization, we’re giving the administrator reviewer rights to the mailbox.

Let’s go ahead and hit enter. I got it red error on one of them that already had permission set but it looks like I’m getting all these objects back. As you can see.

011-get-folder-permissions-using-PowerShell

Looking at these objects for this particular one here’s the run space ID which really does not mean a lot but the reviewer access was set for each of those objects that came across the pipeline.

012-get-folder-permissions-using-PowerShell

So it is valid and really the only time that you got to worry about it is if you get red and actually coming back and telling you something. If you read the errors usually that’s pretty helpful. So I don’t have the one up here earlier but it was actually saying that you know you’ve already done this.

This is a easy way for you to give a particular user read access or reviewer access to every calendar in the organization. Now you can spot‑check that by opening up the mailbox for another user and looking at the permissions. So we can do this in the Shell instead of Outlook so if I do get mailbox, folder permission for Clayton English as an example and we’ll look at his calendar folder.

013-get-folder-permissions-using-PowerShell

We can see that we were able to give the administrator reviewer access to his calendar.

014-get-folder-permissions-using-PowerShell

Keep in mind that are numerous access rights properties. If you look at the properties of the calendar for example, there’s different properties, added on, full details if you’re busy, etc…

015-get-folder-permissions-using-PowerShell

That’s all controllable through the access rights parameter. So I encourage you to use the help system Get-Help against the set folders permissions cmdlet and also the get-mailbox folder permission cmdlet.

 

Videos You May Like

A Simple Introduction to Cisco CML2

0 3624 0

Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2

Configuring Windows Mobility Center and How to Turn it On and Off

1 1402 1

Video transcription Steve Fullmer: In our Windows training courses, we often share information about the Windows 8.1 Mobility Center. Mobility Center was introduced for mobile and laptop devices in Windows 7. It’s present and somewhat enhanced in Windows 8. Since we don’t have mobile devices in our classrooms, I decided to take a little bit … Continue reading Configuring Windows Mobility Center and How to Turn it On and Off

How to create a Cisco IOS Banner – Login and MOTD Message of the Day

0 4145 4

In this video, Cisco CCNA instructor Mark Jacob shows how to create a Login and Message of the Day (MOTD) banners in Cisco IOS. The Banner is an interesting feature of the Cisco IOS. You could probably get by without it, but in a commercial environment you want to have it.

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.