List Exchange mailbox folder permissions – script

This post is also available in: Polish

Sometimes you add permissions to mailbox folders for other users.

You can check permission to mailbox folder using Outlook but then you need to check each folder.

If you want to get list of permissions assigned for users to specified mailbox folders you can use below script.

In this script we use Get-MailboxFolderStatistics to get list of mailbox folders and subfolders, and  Get-MailboxFolderPermission to get permissions assigned to those folders and subfolders.

When we connect both commands we will get script which will list all permissions assigned to all folders and subfolders in mailbox.

To check specified mailbox, assign mailbox alias or smtp address to variable $MBX_tocheck

$MBXFolders = @()
$MBXFoldersCorr = New-Object System.Collections.ArrayList
$Permissions = @()
$MBX_tocheck = "JSmith"
$MBXFolders = Get-MailboxFolderStatistics $MBX_tocheck | select folderpath
foreach ($item in $MBXFolders) {
 $temp = $item.FolderPath
 $temp = $Temp.Replace("/","\")
 $MBXFoldersCorr.Add($temp) | out-null
}
foreach ($item in $MBXFoldersCorr) {
Try {
 $MailboxFolder = $MBX_tocheck + ":" + $item
 $Permissions += $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
 }
Catch {
 $ReturnedObj = New-Object PSObject
 $ReturnedObj | Add-Member NoteProperty -Name "FolderName" -Value $item
 $ReturnedObj | Add-Member NoteProperty -Name "User" -Value "*Not Applicable*"
 $ReturnedObj | Add-Member NoteProperty -Name "AccessRights" -Value "*Not Applicable*"
 $Permissions += $ReturnedObj
 Continue
 }
}
$Permissions | Sort-Object FolderName,User | Format-Table

 

As output you will get list with three columns, FolderName, User and AccessRights (Permissions).

If you want to get output with Folder Path you can use following script:

$MBXFolders = @()
$MBXFoldersCorr = New-Object System.Collections.ArrayList
$Permissions = @()
$MBX_tocheck = "rszatkowski"
$MBXFolders = Get-MailboxFolderStatistics $MBX_tocheck | select folderpath
foreach ($item in $MBXFolders) {
 $temp = $item.FolderPath
 $temp = $Temp.Replace("/","\")
 $MBXFoldersCorr.Add($temp) | out-null
}
foreach ($item in $MBXFoldersCorr) {
Try {
 $MailboxFolder = $MBX_tocheck + ":" + $item
 $FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
 Foreach ($perm in $FolderPermission){
 $ReturnedObj1 = New-Object PSObject
 $ReturnedObj1 | Add-Member NoteProperty -Name "FolderName" -Value $($Perm.FolderName)
 $ReturnedObj1 | Add-Member NoteProperty -Name "FolderPath" -Value $MailboxFolder
 $ReturnedObj1 | Add-Member NoteProperty -Name "User" -Value $($Perm.User)
 $ReturnedObj1 | Add-Member NoteProperty -Name "AccessRights" -Value $($Perm.AccessRights)
 $Permissions += $ReturnedObj1
 }
 }
Catch {
 $ReturnedObj = New-Object PSObject
 $ReturnedObj | Add-Member NoteProperty -Name "FolderName" -Value $item
 $ReturnedObj | Add-Member NoteProperty -Name "FolderPath" -Value $MailboxFolder
 $ReturnedObj | Add-Member NoteProperty -Name "User" -Value "*Not Applicable*"
 $ReturnedObj | Add-Member NoteProperty -Name "AccessRights" -Value "*Not Applicable*"
 $Permissions += $ReturnedObj
 Continue
 }
}
$Permissions | Sort-Object FolderName,User | Format-Table

 

Print Friendly
Tagged , , . Bookmark the permalink.

20 Responses to List Exchange mailbox folder permissions – script

  1. How would you modify the script to show the folder path (not just the folder name) in the output?

  2. Never mind. I think I got it by replacing the line:
    $MailboxFolder = $MBX_tocheck + “:” + $item
    to…
    $MailboxFolder = $MBX_tocheck + “:” + $temp

    • Remigiusz Szatkowski says:

      yes but then you will get folder path with changed / to \
      if you want to get original path then use $($item.FolderPath)

  3. Thanks. The change you recommended does use the original folder path however the permissions are now being reported as *Not applicable* for all folders. Is there a way to print the folder path, and display the folder permissions correctly?

  4. Very Cool. That works great for me. Thank You!

  5. Aasmir says:

    Hello

    its a Great Script, Many Thanks.

    but if we need to run this for couple of users like list from text file or user id starting with like userAccount* then

    Please Advise.
    Thanks in Advance.

    • Remigiusz Szatkowski says:

      Hi
      do you need to have all users and all permissions in one file ?
      or each file for each user ?

  6. Aasmir says:

    Hi
    its better to have all users permissions in one file with format-table and excluding self permissions

    Many Thanks again.

  7. Matias Basgier says:

    I would like to show only the permissions that a particular user has.
    i tried to filter in this part by User A:
    $FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction| where {$_.User -like “User A”} |Select-Object FolderName,User,AccessRights) but it does not work.
    Do you have any idea?

    • Remigiusz Szatkowski says:

      Hi Matias
      You should use $_.user.ToString() -like “John”
      or $_.user.ToString() -match “John”

      • Matias Basgier says:

        thanks for your posting. But when I try this, I get the same result as when I do not use the filter. I get always a list with all folders and all permissions. I want to have a list on which subfolders a specific user have permissons. Do you have another idea?

  8. Matias Basgier says:

    Yes, thank it works. Thank you.

  9. Matt Niswonger says:

    Hey, thanks for the script. I changed it up so it prompts for the username to check and also provides permissions for the user’s personal archive, if they have one.

    $MBXFolders = @()
    $MBXFoldersCorr = New-Object System.Collections.ArrayList
    $ArchiveFoldersCorr = New-Object System.Collections.ArrayList
    $Permissions = @()
    #$MBX_tocheck = “jastaj”
    $MBX_tocheck = read-host ‘Please enter the mailbox alias you would like to check.’
    $MBXFolders = Get-MailboxFolderStatistics $MBX_tocheck | select folderpath
    $ArchiveFolders = Get-MailboxFolderStatistics $MBX_tocheck -archive | select folderpath
    $Archive = get-mailbox $MBX_tocheck

    foreach ($item in $MBXFolders) {
    $temp = $item.FolderPath
    $temp = $Temp.Replace(“/”,”\”)
    $MBXFoldersCorr.Add($temp) | out-null
    }
    foreach ($item in $MBXFoldersCorr) {
    Try {
    $MailboxFolder = $MBX_tocheck + “:” + $item
    $FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
    Foreach ($perm in $FolderPermission){
    $ReturnedObj1 = New-Object PSObject
    $ReturnedObj1 | Add-Member NoteProperty -Name “FolderName” -Value $($Perm.FolderName)
    $ReturnedObj1 | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
    $ReturnedObj1 | Add-Member NoteProperty -Name “User” -Value $($Perm.User)
    $ReturnedObj1 | Add-Member NoteProperty -Name “AccessRights” -Value $($Perm.AccessRights)
    $Permissions += $ReturnedObj1
    }
    }
    Catch {
    $ReturnedObj = New-Object PSObject
    $ReturnedObj | Add-Member NoteProperty -Name “FolderName” -Value $item
    $ReturnedObj | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
    $ReturnedObj | Add-Member NoteProperty -Name “User” -Value “*Not Applicable*”
    $ReturnedObj | Add-Member NoteProperty -Name “AccessRights” -Value “*Not Applicable*”
    $Permissions += $ReturnedObj
    Continue
    }
    }
    write-host “”
    write-host “The following are the mailbox permissions for $MBX_tocheck”
    write-host “”
    $Permissions | Sort-Object FolderName,User | Format-Table

    if ($Archive.archivedatabase.name -ne $False) {foreach ($item in $ArchiveFolders)
    {
    $temp = $item.FolderPath
    $temp = $Temp.Replace(“/”,”\”)
    $ArchiveFoldersCorr.Add($temp) | out-null
    }
    foreach ($item in $ArchiveFoldersCorr) {
    Try {
    $MailboxFolder = $MBX_tocheck + “:” + $item
    $FolderPermission = $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights)
    Foreach ($perm in $FolderPermission){
    $ReturnedObj1 = New-Object PSObject
    $ReturnedObj1 | Add-Member NoteProperty -Name “FolderName” -Value $($Perm.FolderName)
    $ReturnedObj1 | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
    $ReturnedObj1 | Add-Member NoteProperty -Name “User” -Value $($Perm.User)
    $ReturnedObj1 | Add-Member NoteProperty -Name “AccessRights” -Value $($Perm.AccessRights)
    $Permissions += $ReturnedObj1
    }
    }
    Catch {
    $ReturnedObj = New-Object PSObject
    $ReturnedObj | Add-Member NoteProperty -Name “FolderName” -Value $item
    $ReturnedObj | Add-Member NoteProperty -Name “FolderPath” -Value $MailboxFolder
    $ReturnedObj | Add-Member NoteProperty -Name “User” -Value “*Not Applicable*”
    $ReturnedObj | Add-Member NoteProperty -Name “AccessRights” -Value “*Not Applicable*”
    $Permissions += $ReturnedObj
    Continue
    }
    }
    write-host “”
    write-host “The following are the archive permissions for $MBX_tocheck”
    write-host “”
    $Permissions | Sort-Object FolderName,User | Format-Table
    }

  10. Rick says:

    Is there a way to run this script and loop it for every user in an organization?

    • Remigiusz Szatkowski says:

      Hi
      yes you can loop this script for all users, use Matt Niswonger modificated script but at the top first use:
      $mailboxes = get-mailbox -resultsize unlimited | select alias
      foreach ($mailbox in $mailboxes){
      $MBXFolders = @()
      $MBXFoldersCorr = New-Object System.Collections.ArrayList
      $ArchiveFoldersCorr = New-Object System.Collections.ArrayList
      $Permissions = @()

      $MBX_tocheck = $mailbox.alias
      now rest of the script
      but everywhere where is:
      $Permissions | Sort-Object FolderName,User | Format-Table
      replace it by:
      $Permissions | Sort-Object FolderName,User | out-file d:\scripts\$($mailbox.alias).txt

      and at the end of script add
      }

      it should works if not let me know I didn’t test it, but it should create .txt file with mailbox alias in d:\scripts\ for each mailbox

  11. Pravin Jha says:

    I know its an old post. But i am taking my chance. If you are still listening to this post, can you please email the full script. If possible, I need to import mailbox names from a text file or CSV which ever works. I tried Get-Content but I am hitting an error somewhere.

    Also, I don’t need archive mailbox to be included in the report. So, make all these modification is causing typo.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>