Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Home > Blogs > Exchange Server > Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Like This Blog 1Mike Pfeiffer
Added by September 27, 2013

 

Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Now one of the things that can be really useful in the Exchange Management Shell (EMS) is pushing out mailbox‑folder permissions. This could be on any folder in the mailbox but I’m going to focus mainly on the calendar because that’s usually one of the common ones. Normally you want to share out or give people review or access to your mailbox calendar or you want to have a certain users calendar be able to be seen by everyone in the organization and doing that by hand obviously could take forever.

Let’s just start off by doing this manually for one calendar. I’m in my administrator mailbox.

001-Mailbox-Folder-Permissions-using-PowerShell

I go into the properties of my calendar. I can come over to permissions

002-Mailbox-Folder-Permissions-using-PowerShell

I’ll pull out Allan Miller.

003-new-vpn-properties-Windows-Server-2012-R2-Group-Policy-IPv6-Enhancements

We’ll let him be a reviewer so he can see my appointments and the content all that good stuff and hit apply.

004-add-user-Mailbox-Folder-Permissions-using-PowerShell

Now I might want to be able to just take the entire organization and basically give everyone in the organization the same exact permissions and there’s a cmdlet that can help us. It’s called Add-MailboxFolder permission. We also have an equivalent which is Get-MailboxFolderPermission and we can run that against the administrator by using administrator :\calendar.

005-add-user-Mailbox-Folder-Permissions-using-PowerShell

Which will give me the mailbox folder permissions folder and you see what I get back is the one that I just added and of course the others.

006-get-folder-permissions-using-PowerShell

So we’ve got Allan Miller as reviewer and a couple of others. So we can do a Get or other things. Let’s take a look at this use case of doing this for every user in the organization.

You may also like:  CompTIA Series: Risk Analysis Calculations

I’m going to save a collection.

$mailboxes = Get-Mailbox –ResultSize unlimited

What I want to do is basically result size unlimited and by default Get-Mailbox will only retreive the first thousand mailboxes but I want to ignore that because I want all the mailboxes and put them into this variable.

I will take this variable and pipe it over to the ForEach object alias which is the % sign and I’m going to create my script block with the starting curly brace {. From there I’m just going to add mailbox permission, the permission is going to be assigned to each user that comes across the pipelines.

007-get-folder-permissions-using-PowerShell

So in here I need to reference their name.

008-get-folder-permissions-using-PowerShell

When we did the administrator it looked like this, administrator:\calendar

008-get-folder-permissions-using-PowerShell

But we don’t want the administrator, we want each user as they come across the pipelines. We got to use that south expression syntax here so we do a $ sign and then an open parenthesis [ and then a $ sign underscore _ and we’ll use the alias property because that’s an easy one and that’s unique.

009-get-folder-permissions-using-PowerShell

So that will get it expanded in that “ “ string and we’ll sign the administrator to that given the access rights of the reviewer.

010-get-folder-permissions-using-PowerShell

So basically what we’re doing here is for everybody in the organization, we’re giving the administrator reviewer rights to the mailbox.

Let’s go ahead and hit enter. I got it red error on one of them that already had permission set but it looks like I’m getting all these objects back. As you can see.

011-get-folder-permissions-using-PowerShell

Looking at these objects for this particular one here’s the run space ID which really does not mean a lot but the reviewer access was set for each of those objects that came across the pipeline.

You may also like:  Changing the Network Location in Windows 8 and 8.1

012-get-folder-permissions-using-PowerShell

So it is valid and really the only time that you got to worry about it is if you get red and actually coming back and telling you something. If you read the errors usually that’s pretty helpful. So I don’t have the one up here earlier but it was actually saying that you know you’ve already done this.

This is a easy way for you to give a particular user read access or reviewer access to every calendar in the organization. Now you can spot‑check that by opening up the mailbox for another user and looking at the permissions. So we can do this in the Shell instead of Outlook so if I do get mailbox, folder permission for Clayton English as an example and we’ll look at his calendar folder.

013-get-folder-permissions-using-PowerShell

We can see that we were able to give the administrator reviewer access to his calendar.

014-get-folder-permissions-using-PowerShell

Keep in mind that are numerous access rights properties. If you look at the properties of the calendar for example, there’s different properties, added on, full details if you’re busy, etc…

015-get-folder-permissions-using-PowerShell

That’s all controllable through the access rights parameter. So I encourage you to use the help system Get-Help against the set folders permissions cmdlet and also the get-mailbox folder permission cmdlet.

 

Videos You May Like

Agile Methodology in Project Management

0 57 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 98 1

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

2 191 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. David

    That’s great but what if I want to add the permissions at the database level. The method described above works well in a stagnant environment. But what if you have new employees being added all the time and want to ensure they have the correct rights as soon as their mailbox and calendar is created? Can this be done just as easy. We have 16 Exchange 2013 databases. I have seen this handled through a mail enabled security group but that still requires ongoing maintenance for membership. I’m thinking the database solution could be scripted and a daily maintenance task added to update automatically. Anyone have any thoughts. I am not a gifted scripter.

    Thanks,

Share your thoughts...

Please fill out the comment form below to post a reply.