I found myself again trying to help a user add folder permissions for another user in a large hierarchy of folders inside their mailbox. What I wanted to do was tell this person they had to manually add the user to each folder in an attempt to deter it from happening but I couldn’t.
I figured there has got to be a way to do this in powershell using the -recurse switch, Get-MailboxFolder and piping that to the add-mailboxfolderpermission cmdlet that I have used in the past. I attempted the below cmdlet and failed miserably.
Get-MailboxFolder -Identity “user:\rootfolder” -recurse | Add-MailboxFolderPermission -User user2 -AccessRights owner
Running the command resulted in the below error.
The term ‘Get-MailboxFolder’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I was certain that this was a valid cmdlet so I started digging only to find that this cmdlet, “Get-MailboxFolder”, is in fact a valid cmdlet, but it can only be used for the logged in user and not run against another user. See details and syntax information for Get-MailboxFolder using the below link.
http://technet.microsoft.com/en-us/library/dd351164.aspx
I started thinking about how this made sense and how an end user would ever be able to execute this cmdlet. RBAC and self service in Exchange came to mind. As I started to research this further I came across a post on TechNet forums that reinforced the fact the cmdlet could only be run against the logged in user. It also mentions using EWS to programatically achieve what I sent out to accomplish but I am not confortable with EWS so I continued to look for a way to set the permissions in powershell.
Using the below cmdlets, you will be able to retreive folder statistics for a particular folder within a mailbox, modify the path in the results to adhere to what is required to set permissions on a folder, and use a where clause to add permissions to the folders so that another user can view a long list or hierarchy of folders with Outlook.
I will not take credit for the shell commands or idea. I found it someowhere on the internet but didn’t bookmark to link it here, my apologies to the author. I simply want to share this and have a place to reference it myself the next time it comes up. It surely will!
Get-MailboxFolderStatistics username | Where { $_.FolderPath.Contains(“Clients”) -eq $true }
ForEach($f in (Get-MailboxFolderStatistics mcaruso | Where {$_.FolderPath.Contains(“/Clients”) -eq $True } ) ) {$fname = “username:” + $f.FolderPath.Replace(“/”,”\”);Add-MailboxFolderPermission $fname -User anotheruser -AccessRights Owner }
Awesome. Spend time trying to get get-mailboxfolder to work against someone else’s mailbox and then realised it wasn’t going to work. We have someone on long term leave who has a large folder structure that others need access to. This saved me lots of time manually changing the folder permissions. Great post.