Set Outlook Folder Permissions using Powershell

endital1097Customer Engineer
As an Exchange Administrator, I have been asked numerous times "grant this person access to my folder and all of its subfolders". Prior to Exchange 2010 there was no simple way to assign MAPI permissions to all of these Outlook folders. Exchange 2010 has added the Add-MailboxFolderPermission cmdlet which allows an administrator to now complete this task from the Exchange Management Shell.

You may also notice that Exchange 2010 provided another cmdlet, Get-MailboxFolder. When I saw this I thought "Wow! I can run the Get-MailboxFolder and pipe the Add-MailboxFolderPermissio n and I'm done." Did you really think it would be that easy? The Get-MailboxFolder cmdlet only runs against the currently logged in user. Yes, you can't run this cmdlet against another mailbox. Take a look at the management role where this cmdlet is available.
Get-ManagementRole -Cmdlet Get-MailboxFolder

Open in new window

Okay. Then how can we use the Add-MailboxFolderPermissio n to run against a root folder and all of its subfolders? Looking at all the parameters available for the cmdlet there is no recurse (wouldn't that be nice). I was able to accomplish this task in two steps:

1. Get a list of folders from the mailbox
2. Add the permission to the folder

[b] Get-MailboxFolderStatistics[/b]

The first thing we need to obtain is the list of folders that we will apply permissions. We can utilize the Get-MailboxFolderStatistic s cmdlet for this purpose. The result we want is the FolderPath value that is returned in the format "/Folderpath".
Get-MailboxFolderStatistics owner | Where { $_.FolderPath.Contains("FolderName") -eq $true }

Open in new window

[b] Add-MailboxFolderPermission[/b]

Then we can use the Add-MailboxFolderPermissio n cmdlet to assign the permissions. The format for the folder name is "Mailbox:FolderPath" so we will need to modify the result from earlier to accomodate the expected value. The following example illustrates the example where Jane's manager John wants her to access his Clients folder and all of its subfolders.
ForEach($f in (Get-MailboxFolderStatistics John | Where { $_.FolderPath.Contains("/Clients") -eq $True } ) ) {
                      $fname = "John:" + $f.FolderPath.Replace("/","\");
                      Add-MailboxFolderPermission $fname -User Jane -AccessRights Reviewer
                      } }

Open in new window

[b] Conclusion[/b]

This is only an example of how you can accomplish this task. Use this with caution and always test prior to running against a production mailbox. The one known issue is the possible results when using the Get-MailboxFolderStatistic s cmdlet. You need to adjust your where clause appropriately so that you don't get unwanted results.

Please send me any questions, comments, and/or suggestions to jim at endital dot com. Thanks.
endital1097Customer Engineer

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.