Get permissions for all folders in a mailbox: PS

Iron Contributor

Hi Community,

 

Many times, as admins, we need to export all the folder permissions for a specific, ( or many ), mailbox/es. Why?

 

. Aduit reasons

. Backup reasons

. Replicate the permissions

. The user has hundreds of folders with different permissions entries

. Etc...

 

For that, I created the following script that will export in a csv file (C:\temp\FoldersPermissionsOutput.csv) all the user permissions for all the folders in a mailbox. The script will skip the default permissions entries and also the owner itself.

If no users permissions were found, you'll get the following output in PS and no file will be exported: 

"There are no user permissions for this mailbox folders"

 

To run the script, the "mailbox" parameter is mandatory. Simply specify for which mailbox would you like to check the folders permissions:

 

EXAMPLE:

 

.\FolderPermissions.ps1 -mailbox "UserEmailAddress"

 

Feel free to edit/adapt it to your own needs. And as always, note the the script is provided AS IS. You are solely responsible for reviewing it and executing it if you deem it appropriate.

 

<#
.DESCRIPTION

###########################################################################################################
# Author: Francisco Manigrasso                                                                            #
# Version: 1.0 03/23/2023                                                                                 #
#                                                                                                         #
# This script will provide you all the folders permissions and permission level for a specific mailbox,   #
# avoiding the default ones. The script output is a csv file in C:\temp\FoldersPermissionsOutput.csv.     #
# If the script doesn't find any user permissions, it will not export any file and you'll see the output  #
# in PS: "There are no user permissions for this mailbox folders"                                         #
###########################################################################################################

------------------------------------------- DISCLAIMER ----------------------------------------------------

                  The sample script is provided AS IS without warranty of any kind.
      You are solely responsible for reviewing it and executing it if you deem it appropriate.

-----------------------------------------------------------------------------------------------------------


.PARAMETER mailbox
Specify the email address of the mailbox for which you would like to get all folders permissions.

.EXAMPLE

.\FolderPermissions.ps1 -mailbox email address removed for privacy reasons

#>

param (
  [Parameter(Position=0,Mandatory=$True,HelpMessage='Specifies the mailbox to be accessed')]
  [ValidateNotNullOrEmpty()]
  [string]$mailbox
  );

Write-Host "Getting folders information..." -ForegroundColor Green
$permissions = @()
$folders = Get-Mailboxfolderstatistics $mailbox | % {$_.folderpath} | % {$_.replace(“/”,”\”)}
$folderKey = $mailbox + ":" + "\"

Write-Host "Getting Permissions information..." -ForegroundColor Green
$permissions += Get-MailboxFolderPermission -identity $folderKey -ErrorAction SilentlyContinue | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None” -and $_.User -notlike $mailbox}

$list = ForEach ($folder in $folders)
   {
    $folderKey = $mailbox + ":" + $folder
    $permissions += Get-MailboxFolderPermission -identity $folderKey -ErrorAction SilentlyContinue | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None” -and $_.User -notlike $mailbox}
   }

if (!$Permissions) {Write-Host "There are no user permissions for this mailbox folders" -ForegroundColor Magenta}
if ($Permissions ) {
$permissions | Export-csv -path C:\temp\FoldersPermissionsOutput.csv -NoTypeInformation
Write-Host "Permissions file exported successfully" -ForegroundColor Green
}

 

4 Replies

Hi @AndresBohren,

Looks great. Thanks for the contribution!

@FcoManigrasso You can easily export all permissions of the specific folder in exchange online using the single cmdlet:

Get-MailboxFolderPermission -Identity <UserUPN>:\<FolderName> | Export-CSV <FilePath> 

For for info on mailbox folder permission management, do refer: https://m365scripts.com/exchange-online/microsoft-365-mailbox-folder-permission-management-using-pow...

 

Hi @Thiraviam5316,

 

Sure, that's the standard cmdlt for a folder permission. My post talks about a complete report with all the folders and excluding the system permission ones. Take a look to my script or the one that Andres Bohren shared, those are very useful for such activities. 

Anyway, thanks for the clarification :) 

Have a good day.