Forum Discussion
Solved
Recursive Script to Get/Set/Remove Exchange Mailbox Folder Permissions
Okay, I have a tiny issue. I'm okay at PS scripting, not a guru by any stretch of the imagination. So here's the situation. Situation: Mailbox needs to move from on-prem to Exchange Online. ...
LeonPavesic Over the weekend, I found something that works for me and it's only 6 lines of code. So, in the first 4 lines of code:
- $Alias = Read-Host "Please enter the mailbox alias"
- $Folders = Get-MailboxFolderStatistics -Identity $Alias | Where-Object {$_.FolderType}
- $FolderID = ForEach ($F in $Folders) {$Alias + ":" + $F.FolderID}
- $Perms = ForEach ($F in $FolderID) {Get-MailboxFolderPermission -Identity $F}
Once I take the output from $Perms and condense it down to a usable user list, I can run the last two:
- $Users = Get-Content "C:\Temp\Users.txt"
- ForEach ($F in $FolderID) {ForEach ($U in $Users) {Remove-MailboxFolderPermission $F -User $U -Confirm:$false | Write-Host $F}}
Hi JimBlunt,
Let´s try to solve your problem completely or at least help you to get closer to the soultion.
let's rewrite the script from your original question to handle folder names with special characters properly. We'll use the -EscapeCharacters parameter when constructing folder identities. Here's the modified script:
# Define the mailbox alias
$mailboxAlias = "<Alias>"
# Function to recursively process mailbox folder permissions
function Process-FolderPermissions($folderPath) {
$escapedFolderPath = $folderPath.Replace("/", "\")
$folderIdentity = "$mailboxAlias:`"$escapedFolderPath`""
# Get folder permissions
$folderPermissions = Get-MailboxFolderPermission -Identity $folderIdentity
# Process folder permissions as needed (e.g., set, remove, or display)
# Example: Set-MailboxFolderPermission -Identity $folderIdentity -User email address removed for privacy reasons -AccessRights FullAccess
# Display folder permissions
Write-Host "Folder: $folderPath"
$folderPermissions | Format-Table -AutoSize
# Recursively process subfolders
$subfolders = Get-MailboxFolderStatistics -Identity $mailboxAlias | Where-Object { $_.FolderPath -like "$folderPath/*" }
foreach ($subfolder in $subfolders) {
Process-FolderPermissions "$folderPath/$($subfolder.FolderName)"
}
}
# Start processing folder permissions from the root folder
Process-FolderPermissions ""
In this corrected script:
- We still define the $mailboxAlias variable to specify the mailbox alias.
- The Process-FolderPermissions function now properly escapes the folder names using the .Replace() method to replace forward slashes ("/") with backslashes ("").
- We construct the folder identity using the -EscapeCharacters parameter, which allows us to include folder names with special characters without encountering issues.
Replace <Alias> with the actual mailbox alias, and customize the permission processing logic as needed for your specific use case.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
LeonPavesic Over the weekend, I found something that works for me and it's only 6 lines of code. So, in the first 4 lines of code:
- $Alias = Read-Host "Please enter the mailbox alias"
- $Folders = Get-MailboxFolderStatistics -Identity $Alias | Where-Object {$_.FolderType}
- $FolderID = ForEach ($F in $Folders) {$Alias + ":" + $F.FolderID}
- $Perms = ForEach ($F in $FolderID) {Get-MailboxFolderPermission -Identity $F}
Once I take the output from $Perms and condense it down to a usable user list, I can run the last two:
- $Users = Get-Content "C:\Temp\Users.txt"
- ForEach ($F in $FolderID) {ForEach ($U in $Users) {Remove-MailboxFolderPermission $F -User $U -Confirm:$false | Write-Host $F}}