This post is also available in: Polish
Sometimes you add permissions to mailbox folders for other users.
You can check permission to mailbox folder using Outlook but then you need to check each folder.
If you want to get list of permissions assigned for users to specified mailbox folders you can use below script.
In this script we use Get-MailboxFolderStatistics to get list of mailbox folders and subfolders, and Get-MailboxFolderPermission to get permissions assigned to those folders and subfolders.
When we connect both commands we will get script which will list all permissions assigned to all folders and subfolders in mailbox.
To check specified mailbox, assign mailbox alias or smtp address to variable $MBX_tocheck
$MBXFolders = @()
$MBXFoldersCorr = New-Object System.Collections.ArrayList
$Permissions = @()
$MBX_tocheck = "JSmith"
$MBXFolders = Get-MailboxFolderStatistics $MBX_tocheck | select folderpath
foreach ($item in $MBXFolders) {
$temp = $item.FolderPath
$temp = $Temp.Replace("/","\")
$MBXFoldersCorr.Add($temp) | out-null
}
foreach ($item in $MBXFoldersCorr) {
Try {
$MailboxFolder = $MBX_tocheck + ":" + $item
$Permissions += $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
}
Catch {
$ReturnedObj = New-Object PSObject
$ReturnedObj | Add-Member NoteProperty -Name "FolderName" -Value $item
$ReturnedObj | Add-Member NoteProperty -Name "User" -Value "*Not Applicable*"
$ReturnedObj | Add-Member NoteProperty -Name "AccessRights" -Value "*Not Applicable*"
$Permissions += $ReturnedObj
Continue
}
}
$Permissions | Sort-Object FolderName,User | Format-Table
As output you will get list with three columns, FolderName, User and AccessRights (Permissions).
If you want to get output with Folder Path you can use following script:
$MBXFolders = @()
$MBXFoldersCorr = New-Object System.Collections.ArrayList
$Permissions = @()
$MBX_tocheck = "rszatkowski"
$MBXFolders = Get-MailboxFolderStatistics $MBX_tocheck | select folderpath
foreach ($item in $MBXFolders) {
$temp = $item.FolderPath
$temp = $Temp.Replace("/","\")
$MBXFoldersCorr.Add($temp) | out-null
}
foreach ($item in $MBXFoldersCorr) {
Try {
$MailboxFolder = $MBX_tocheck + ":" + $item
$FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
Foreach ($perm in $FolderPermission){
$ReturnedObj1 = New-Object PSObject
$ReturnedObj1 | Add-Member NoteProperty -Name "FolderName" -Value $($Perm.FolderName)
$ReturnedObj1 | Add-Member NoteProperty -Name "FolderPath" -Value $MailboxFolder
$ReturnedObj1 | Add-Member NoteProperty -Name "User" -Value $($Perm.User)
$ReturnedObj1 | Add-Member NoteProperty -Name "AccessRights" -Value $($Perm.AccessRights)
$Permissions += $ReturnedObj1
}
}
Catch {
$ReturnedObj = New-Object PSObject
$ReturnedObj | Add-Member NoteProperty -Name "FolderName" -Value $item
$ReturnedObj | Add-Member NoteProperty -Name "FolderPath" -Value $MailboxFolder
$ReturnedObj | Add-Member NoteProperty -Name "User" -Value "*Not Applicable*"
$ReturnedObj | Add-Member NoteProperty -Name "AccessRights" -Value "*Not Applicable*"
$Permissions += $ReturnedObj
Continue
}
}
$Permissions | Sort-Object FolderName,User | Format-Table
English 
polski
How would you modify the script to show the folder path (not just the folder name) in the output?
Never mind. I think I got it by replacing the line:
$MailboxFolder = $MBX_tocheck + “:” + $item
to…
$MailboxFolder = $MBX_tocheck + “:” + $temp
yes but then you will get folder path with changed / to \
if you want to get original path then use $($item.FolderPath)
Thanks. The change you recommended does use the original folder path however the permissions are now being reported as *Not applicable* for all folders. Is there a way to print the folder path, and display the folder permissions correctly?
Hi.
I posted new script with folder path.
Very Cool. That works great for me. Thank You!
Hello
its a Great Script, Many Thanks.
but if we need to run this for couple of users like list from text file or user id starting with like userAccount* then
Please Advise.
Thanks in Advance.
Hi
do you need to have all users and all permissions in one file ?
or each file for each user ?
Hi
its better to have all users permissions in one file with format-table and excluding self permissions
Many Thanks again.
it will be ready for tomorow, I will send you by email
check your email
I would like to show only the permissions that a particular user has.
i tried to filter in this part by User A:
$FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction| where {$_.User -like “User A”} |Select-Object FolderName,User,AccessRights) but it does not work.
Do you have any idea?
Hi Matias
You should use $_.user.ToString() -like “John”
or $_.user.ToString() -match “John”
thanks for your posting. But when I try this, I get the same result as when I do not use the filter. I get always a list with all folders and all permissions. I want to have a list on which subfolders a specific user have permissons. Do you have another idea?
I’ve send you script by an email hope it works like you want.
Yes, thank it works. Thank you.
Hey, thanks for the script. I changed it up so it prompts for the username to check and also provides permissions for the user’s personal archive, if they have one.
$MBXFolders = @()
$MBXFoldersCorr = New-Object System.Collections.ArrayList
$ArchiveFoldersCorr = New-Object System.Collections.ArrayList
$Permissions = @()
#$MBX_tocheck = “jastaj”
$MBX_tocheck = read-host ‘Please enter the mailbox alias you would like to check.’
$MBXFolders = Get-MailboxFolderStatistics $MBX_tocheck | select folderpath
$ArchiveFolders = Get-MailboxFolderStatistics $MBX_tocheck -archive | select folderpath
$Archive = get-mailbox $MBX_tocheck
foreach ($item in $MBXFolders) {
$temp = $item.FolderPath
$temp = $Temp.Replace(“/”,”\”)
$MBXFoldersCorr.Add($temp) | out-null
}
foreach ($item in $MBXFoldersCorr) {
Try {
$MailboxFolder = $MBX_tocheck + “:” + $item
$FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
Foreach ($perm in $FolderPermission){
$ReturnedObj1 = New-Object PSObject
$ReturnedObj1 | Add-Member NoteProperty -Name “FolderName” -Value $($Perm.FolderName)
$ReturnedObj1 | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
$ReturnedObj1 | Add-Member NoteProperty -Name “User” -Value $($Perm.User)
$ReturnedObj1 | Add-Member NoteProperty -Name “AccessRights” -Value $($Perm.AccessRights)
$Permissions += $ReturnedObj1
}
}
Catch {
$ReturnedObj = New-Object PSObject
$ReturnedObj | Add-Member NoteProperty -Name “FolderName” -Value $item
$ReturnedObj | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
$ReturnedObj | Add-Member NoteProperty -Name “User” -Value “*Not Applicable*”
$ReturnedObj | Add-Member NoteProperty -Name “AccessRights” -Value “*Not Applicable*”
$Permissions += $ReturnedObj
Continue
}
}
write-host “”
write-host “The following are the mailbox permissions for $MBX_tocheck”
write-host “”
$Permissions | Sort-Object FolderName,User | Format-Table
if ($Archive.archivedatabase.name -ne $False) {foreach ($item in $ArchiveFolders)
{
$temp = $item.FolderPath
$temp = $Temp.Replace(“/”,”\”)
$ArchiveFoldersCorr.Add($temp) | out-null
}
foreach ($item in $ArchiveFoldersCorr) {
Try {
$MailboxFolder = $MBX_tocheck + “:” + $item
$FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
Foreach ($perm in $FolderPermission){
$ReturnedObj1 = New-Object PSObject
$ReturnedObj1 | Add-Member NoteProperty -Name “FolderName” -Value $($Perm.FolderName)
$ReturnedObj1 | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
$ReturnedObj1 | Add-Member NoteProperty -Name “User” -Value $($Perm.User)
$ReturnedObj1 | Add-Member NoteProperty -Name “AccessRights” -Value $($Perm.AccessRights)
$Permissions += $ReturnedObj1
}
}
Catch {
$ReturnedObj = New-Object PSObject
$ReturnedObj | Add-Member NoteProperty -Name “FolderName” -Value $item
$ReturnedObj | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
$ReturnedObj | Add-Member NoteProperty -Name “User” -Value “*Not Applicable*”
$ReturnedObj | Add-Member NoteProperty -Name “AccessRights” -Value “*Not Applicable*”
$Permissions += $ReturnedObj
Continue
}
}
write-host “”
write-host “The following are the archive permissions for $MBX_tocheck”
write-host “”
$Permissions | Sort-Object FolderName,User | Format-Table
}
Is there a way to run this script and loop it for every user in an organization?
Hi
yes you can loop this script for all users, use Matt Niswonger modificated script but at the top first use:
$mailboxes = get-mailbox -resultsize unlimited | select alias
foreach ($mailbox in $mailboxes){
$MBXFolders = @()
$MBXFoldersCorr = New-Object System.Collections.ArrayList
$ArchiveFoldersCorr = New-Object System.Collections.ArrayList
$Permissions = @()
$MBX_tocheck = $mailbox.alias
now rest of the script
but everywhere where is:
$Permissions | Sort-Object FolderName,User | Format-Table
replace it by:
$Permissions | Sort-Object FolderName,User | out-file d:\scripts\$($mailbox.alias).txt
and at the end of script add
}
it should works if not let me know I didn’t test it, but it should create .txt file with mailbox alias in d:\scripts\ for each mailbox
I know its an old post. But i am taking my chance. If you are still listening to this post, can you please email the full script. If possible, I need to import mailbox names from a text file or CSV which ever works. I tried Get-Content but I am hitting an error somewhere.
Also, I don’t need archive mailbox to be included in the report. So, make all these modification is causing typo.