[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Set Outlook Folder Permissions using Powershell

Published on
16,435 Points
2 Endorsements
Last Modified:
As an Exchange Administrator, I have been asked numerous times "grant this person access to my folder and all of its subfolders". Prior to Exchange 2010 there was no simple way to assign MAPI permissions to all of these Outlook folders. Exchange 2010 has added the Add-MailboxFolderPermission cmdlet which allows an administrator to now complete this task from the Exchange Management Shell.

You may also notice that Exchange 2010 provided another cmdlet, Get-MailboxFolder. When I saw this I thought "Wow! I can run the Get-MailboxFolder and pipe the Add-MailboxFolderPermission and I'm done." Did you really think it would be that easy? The Get-MailboxFolder cmdlet only runs against the currently logged in user. Yes, you can't run this cmdlet against another mailbox. Take a look at the management role where this cmdlet is available.
Get-ManagementRole -Cmdlet Get-MailboxFolder

Open in new window

Okay. Then how can we use the Add-MailboxFolderPermission to run against a root folder and all of its subfolders? Looking at all the parameters available for the cmdlet there is no recurse (wouldn't that be nice). I was able to accomplish this task in two steps:

1. Get a list of folders from the mailbox
2. Add the permission to the folder


The first thing we need to obtain is the list of folders that we will apply permissions. We can utilize the Get-MailboxFolderStatistics cmdlet for this purpose. The result we want is the FolderPath value that is returned in the format "/Folderpath".
Get-MailboxFolderStatistics owner | Where { $_.FolderPath.Contains("FolderName") -eq $true }

Open in new window


Then we can use the Add-MailboxFolderPermission cmdlet to assign the permissions. The format for the folder name is "Mailbox:FolderPath" so we will need to modify the result from earlier to accomodate the expected value. The following example illustrates the example where Jane's manager John wants her to access his Clients folder and all of its subfolders.
ForEach($f in (Get-MailboxFolderStatistics John | Where { $_.FolderPath.Contains("/Clients") -eq $True } ) ) {
$fname = "John:" + $f.FolderPath.Replace("/","\");
Add-MailboxFolderPermission $fname -User Jane -AccessRights Reviewer
} }

Open in new window


This is only an example of how you can accomplish this task. Use this with caution and always test prior to running against a production mailbox. The one known issue is the possible results when using the Get-MailboxFolderStatistics cmdlet. You need to adjust your where clause appropriately so that you don't get unwanted results.

Please send me any questions, comments, and/or suggestions to jim at endital dot com. Thanks.

Featured Post

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Join & Write a Comment

In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
Check How effective MS Exchange Expert thinks Exchange Mailbox Recovery by SysTools IS. Visit the Official site to get detailed information:- https://www.systoolsgroup.com/exchange-recovery.html (https://www.systoolsgroup.com/exchange-recovery.h…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month