Browse All Articles > Set Outlook Folder Permissions using Powershell
As an Exchange Administrator, I have been asked numerous times "grant this person access to my folder and all of its subfolders". Prior to Exchange 2010 there was no simple way to assign MAPI permissions to all of these Outlook folders. Exchange 2010 has added the
Add-MailboxFolderPermission cmdlet which allows an administrator to now complete this task from the Exchange Management Shell.
You may also notice that Exchange 2010 provided another cmdlet, Get-MailboxFolder. When I saw this I thought "Wow! I can run the Get-MailboxFolder and pipe the Add-MailboxFolderPermission and I'm done." Did you really think it would be that easy? The Get-MailboxFolder cmdlet only runs against the currently logged in user. Yes, you can't run this cmdlet against another mailbox. Take a look at the management role where this cmdlet is available.
Okay. Then how can we use the Add-MailboxFolderPermission to run against a root folder and all of its subfolders? Looking at all the parameters available for the cmdlet there is no recurse (wouldn't that be nice). I was able to accomplish this task in two steps:
1. Get a list of folders from the mailbox
2. Add the permission to the folder
[b] Get-MailboxFolderStatistics[/b]
The first thing we need to obtain is the list of folders that we will apply permissions. We can utilize the Get-MailboxFolderStatistics cmdlet for this purpose. The result we want is the FolderPath value that is returned in the format "/Folderpath".
[b] Add-MailboxFolderPermission[/b]
Then we can use the Add-MailboxFolderPermission cmdlet to assign the permissions. The format for the folder name is "Mailbox:FolderPath" so we will need to modify the result from earlier to accomodate the expected value. The following example illustrates the example where Jane's manager John wants her to access his Clients folder and all of its subfolders.
[b] Conclusion[/b]
This is only an example of how you can accomplish this task. Use this with caution and always test prior to running against a production mailbox. The one known issue is the possible results when using the Get-MailboxFolderStatistics cmdlet. You need to adjust your where clause appropriately so that you don't get unwanted results.
Please send me any questions, comments, and/or suggestions to jim at endital dot com. Thanks.
You may also notice that Exchange 2010 provided another cmdlet, Get-MailboxFolder. When I saw this I thought "Wow! I can run the Get-MailboxFolder and pipe the Add-MailboxFolderPermissio
Get-ManagementRole -Cmdlet Get-MailboxFolder
Okay. Then how can we use the Add-MailboxFolderPermissio
1. Get a list of folders from the mailbox
2. Add the permission to the folder
[b] Get-MailboxFolderStatistic
The first thing we need to obtain is the list of folders that we will apply permissions. We can utilize the Get-MailboxFolderStatistic
Get-MailboxFolderStatistics owner | Where { $_.FolderPath.Contains("FolderName") -eq $true }
[b] Add-MailboxFolderPermissio
Then we can use the Add-MailboxFolderPermissio
ForEach($f in (Get-MailboxFolderStatistics John | Where { $_.FolderPath.Contains("/Clients") -eq $True } ) ) {
$fname = "John:" + $f.FolderPath.Replace("/","\");
Add-MailboxFolderPermission $fname -User Jane -AccessRights Reviewer
} }
[b] Conclusion[/b]
This is only an example of how you can accomplish this task. Use this with caution and always test prior to running against a production mailbox. The one known issue is the possible results when using the Get-MailboxFolderStatistic
Please send me any questions, comments, and/or suggestions to jim at endital dot com. Thanks.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)