Link to home
Start Free TrialLog in
Avatar of Brian
BrianFlag for United States of America

asked on

Power Shell or Exchange PS to Get Mailbox Folder Permissions for Calendar but only from one Particular OU.

Hello All,

I've spent hours trying to work this out myself but knowing nothing of PS, I'm going to use a lifeline.

I have one OU that has 150+ ConfRooms in it. ( get-mailboxfolderpermission -Identity first.last:\calendar works for one mailbox but not 100's )
I need to get mailbox folder permissions from the calendar of those ConfRoom's ( -OrganizationalUnit "OU=ROOMS,OU=MANAGEDRESOURCES,DC=CORP,DC=DOMAIN,DC=COM" )
I would like to pipe to csv ( -export-csv "c:\temp\MailBoxFolderPermissions.csv )


My goal is to get a list of folder permissions ( calendar ) to see if all have Default user assigned as Reviewer. If not, I'll need to update the mailboxes that are not set with default reviewer.

And maybe this is a silly question but is there a way to set the default reviewer at the Rooms OU level so that any mailbox created/moved into that OU gets the permissions?

I hope that makes sense.

Thanks in advance!
Avatar of Amit Kumar
Amit Kumar
Flag of India image

Please try this.

get-mailbox | where {$_.Organizationalunit -eq "yourdomain.local/users/TopLevel"} | %{Get-MailboxFolderPermission -identity $_:\calendar | select User, FolderName, AccessRight} | export-csv c:\permission.csv

Open in new window

SOLUTION
Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian

ASKER

Thanks guys,

I will try both of them tomorrow and get back to you.

Brian
Avatar of Brian

ASKER

Hi Amit,
I tried running the code in EPS. Got the following

Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

I see that this happens in Exchange 2010 and that the  solution is to create varibles and break out the sections of code to the variables but I cannot get the syntax right.

Tried something like:
>$mailbox = get-mailbox | where {$_.Organizationalunit -eq "domainname.com/managed objects/rooms"}
$mailbox | %{Get-MailboxFolderPermission -identity $_:\calendar | select User, FolderName, AccessRight} | export-csv c:\permission.csv

but then get :
$mailbox | %{Get-MailboxFolderPermission -identity $_:\calendar | select User, FolderName, AccessRight} | export-csv c:\permission.csv


PowerShell is kickin' my rear end.......
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian

ASKER

Thank Amit,

The grabbing of the variable works. I run:

$mbx = get-mailbox -resultsize unlimited -OrganizationalUnit "OU=rooms,OU=managed objects,DC=corp,DC=domain,DC=com"

 but upon running the Get-MailboxFolderPermissons set, i get:

The specified mailbox "corp.domain.com/Managed Objects/ADM Accounts/IT/First Last ADM" doesn't exist. Reason: corp.domain.com/Managed Objects/ADM Accounts/IT/First Last ADM isn't a mail
box user.
    + CategoryInfo          : NotSpecified: (0:Int32) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : CB6B0BF6,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

Not sure why the second 1/2 of the script is looking in a different OU than what I specified in the variable section.

Permissions related? I'm running the Exchange PS as administrator
Please export $mbx variable to an csv file and check what is the data:

$mbx | select * | export-csv c:\users.csv

or you can run:

get-mailbox -resultsize unlimited -OrganizationalUnit "OU=rooms,OU=managed objects,DC=corp,DC=domain,DC=com" | select * | export-csv c:\users.csv
Avatar of Brian

ASKER

The data in the csv looks good. It was retrieved from the correct OU ( rooms ). Fields which I suspect are needed seem to be there:

RunsapceID, UserPrincipleName, Alias, OU, DisplayName, LegacyExchangeDN, PrimarySMTPAddress, WindowsEmailAddress, Name, DistinguishedName, Identity, GUID. The csv looks good.
so above previous command should not give you diff. OU's result. please try again.
Avatar of Brian

ASKER

Evening,
So. I'm perplexed. I set the variable using the given 1st line. If I export the variable, I get what looks like a good csv.
When I run the second command, I receive that weird error. I had another admin start Exchange PS using his credentials and upon running the second cmd, we get the same error, but instead of my name in the "first last adm" line, we get his.

I'm not sure why its trying to look in corp.domain.com/Managed Objects/ADM Accounts/IT/First Last ADM or look for a mailbox of the running user but it is ( and there are no mailbox for our adm accounts ). The CSV file from the variable contains only mailboxes from the /Managed Objects/Rooms OU and does not contain anything from the /ADM Accounts.

Anyone have any ideas?
Not sure why it is happening, if command is stopping because of this then run commands as below mentioned sequence in powershell, it will silent your errors and will continue to next with results

$ErrorActionPreference = silentlycontinue

$mbx = get-mailbox -resultsize unlimited -OrganizationalUnit "OU=Regions,DC=domain,DC=local"

$mbx | %{Get-MailboxFolderPermission -Identity ($mbx.alias+':\Calendar')} | select User, FolderName,{$_.Accessrights} | Export-Csv C:\accessrights.csv
Avatar of Brian

ASKER

The command isn't stopping per-se, it just displays the error dozens of times and then finishes at the prompt. The csv gets created, but it is 0 bytes and empty.

I tried using the Slientlycontinue command. The get-mailboxfolderpermission still creates the csv but is still empty.
Please try with samaccountname below, may be alias is not working for you.

$mbx = get-mailbox -resultsize unlimited -OrganizationalUnit "OU=Regions,DC=domain,DC=local"

$mbx | %{Get-MailboxFolderPermission -Identity ($mbx.samaccountname+':\Calendar')} | select User, FolderName,{$_.Accessrights} | Export-Csv C:\accessrights.csv
Avatar of Brian

ASKER

Hey Amit,

Sorry but its still coming back with that error.  I'm at a loss here. I'll try more troubleshooting if you are willing but I hate to keep wasting your time.
Not sure, this command I have tested in my env and working perfect.
Avatar of Brian

ASKER

Amit,
OK. Thank you for your help. I am at a loss here. I don't know why it wont work in our environment. Question is... what should I do for points? While your solution may work, I cant verify. What is typical in this situation?
mark your solution say it haven't confirm and allocate partial points to the relevant contributor will do.
Dont be in loss just choose any of your comment accept that as solution with giving 0 points
Avatar of Brian

ASKER

Amit,
Well.. I was trying to solve the issue with the error via PS. Thinking about the error I was getting,  I thought I would just mail enable administrator account. Then I ran your PS commands and they run successfully. I get a csv that displays user, foldername and access rights to the Calendar folder. What the csv doesn't show is the Room name. I tried to add "displayname" to the:

$mbx | %{Get-MailboxFolderPermission -Identity ($mbx.alias+':\Calendar')} | select DisplayName, User, FolderName,{$_.Accessrights} | Export-Csv C:\temp\accessrights.csv

but the "displayname" column in the csv is blank. I have no way to correlate the folder with the room. Any isngihts into getting the alias, samaccountname or displayname to show up in the csv?

Thanks,

-Brian
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian

ASKER

The help was much appreciated. Although I didn't get all the information I needed from the help, it did get me started. Awarding points to both Amit and limjianan.
Hi... I got it working, please find below code, copy this code in a PS1 file and run this. You need to change OU path accordingly. You will be able to get display name.

$Mailboxes = Get-Mailbox -Resultsize unlimited -OrganizationalUnit "OU=Regions,DC=domain,DC=local"
$AllCalPerms = @()
$CalPermAttribs = "" | Select Mailbox,Identity,User,AccessRights

$Mailboxes | ForEach-Object {
    $User=$_.Alias
    $Name=$_.Name	
    $Path=$User+':\Calendar'
    foreach ($CalPermAccessRights in Get-MailboxFolderPermission –identity $Path) {
       $CalPermAttribs.Mailbox = $Name
       $CalPermAttribs.Identity = $CalPermAccessRights.Identity
       $CalPermAttribs.User = $CalPermAccessRights.User
       $CalPermAttribs.AccessRights = $CalPermAccessRights.AccessRights
       $AllCalPerms += $CalPermAttribs | Select Mailbox,Identity,User,@{l='AccessRights';e={$_.AccessRights}}
    }
}
$AllCalPerms | Export-Csv -Path C:\Permission.csv -NoTypeInformation

Open in new window