Using PowerShell to manage mailbox folder permissions in Exchange Server 2010
Using PowerShell to manage mailbox folder permissions in Exchange Server 2010
Now one of the things that can be really useful in the Exchange Management Shell (EMS) is pushing out mailbox‑folder permissions. This could be on any folder in the mailbox but I’m going to focus mainly on the calendar because that’s usually one of the common ones. Normally you want to share out or give people review or access to your mailbox calendar or you want to have a certain users calendar be able to be seen by everyone in the organization and doing that by hand obviously could take forever.
Let’s just start off by doing this manually for one calendar. I’m in my administrator mailbox.
I go into the properties of my calendar. I can come over to permissions
I’ll pull out Allan Miller.
We’ll let him be a reviewer so he can see my appointments and the content all that good stuff and hit apply.
Now I might want to be able to just take the entire organization and basically give everyone in the organization the same exact permissions and there’s a cmdlet that can help us. It’s called Add-MailboxFolder permission. We also have an equivalent which is Get-MailboxFolderPermission and we can run that against the administrator by using administrator :\calendar.
Which will give me the mailbox folder permissions folder and you see what I get back is the one that I just added and of course the others.
So we’ve got Allan Miller as reviewer and a couple of others. So we can do a Get or other things. Let’s take a look at this use case of doing this for every user in the organization.
I’m going to save a collection.
$mailboxes = Get-Mailbox –ResultSize unlimited
What I want to do is basically result size unlimited and by default Get-Mailbox will only retreive the first thousand mailboxes but I want to ignore that because I want all the mailboxes and put them into this variable.
I will take this variable and pipe it over to the ForEach object alias which is the % sign and I’m going to create my script block with the starting curly brace {. From there I’m just going to add mailbox permission, the permission is going to be assigned to each user that comes across the pipelines.
So in here I need to reference their name.
When we did the administrator it looked like this, administrator:\calendar
But we don’t want the administrator, we want each user as they come across the pipelines. We got to use that south expression syntax here so we do a $ sign and then an open parenthesis [ and then a $ sign underscore _ and we’ll use the alias property because that’s an easy one and that’s unique.
So that will get it expanded in that “ “ string and we’ll sign the administrator to that given the access rights of the reviewer.
So basically what we’re doing here is for everybody in the organization, we’re giving the administrator reviewer rights to the mailbox.
Let’s go ahead and hit enter. I got it red error on one of them that already had permission set but it looks like I’m getting all these objects back. As you can see.
Looking at these objects for this particular one here’s the run space ID which really does not mean a lot but the reviewer access was set for each of those objects that came across the pipeline.
So it is valid and really the only time that you got to worry about it is if you get red and actually coming back and telling you something. If you read the errors usually that’s pretty helpful. So I don’t have the one up here earlier but it was actually saying that you know you’ve already done this.
This is a easy way for you to give a particular user read access or reviewer access to every calendar in the organization. Now you can spot‑check that by opening up the mailbox for another user and looking at the permissions. So we can do this in the Shell instead of Outlook so if I do get mailbox, folder permission for Clayton English as an example and we’ll look at his calendar folder.
We can see that we were able to give the administrator reviewer access to his calendar.
Keep in mind that are numerous access rights properties. If you look at the properties of the calendar for example, there’s different properties, added on, full details if you’re busy, etc…
That’s all controllable through the access rights parameter. So I encourage you to use the help system Get-Help against the set folders permissions cmdlet and also the get-mailbox folder permission cmdlet.
A Simple Introduction to Cisco CML2
Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2
Cable Testers and How to Use them in Network Environments
This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments
Government Edition – Encrypting a USB Flash Drive in Windows 10
In this video, Security Instructor Mike Danseglio demonstrates how to use BitLocker in Window 10 to secure files on a USB Flash drive that adhere to stricter data protection requirements as found inside Government entities. BitLocker 2-day instructor-led training is now available at Interface: BITLOCK: Planning and Deploying BitLocker Drive Encryption Training Video Transcription: Hi. … Continue reading Government Edition – Encrypting a USB Flash Drive in Windows 10
Write a Comment
See what people are saying...