by alashcroft

Script for Documenting Mailbox Folder Permissions

I’ve had a couple of instances now where I have needed to export a record of the mailbox folder permissions ahead of a mailbox migration.

The following script uses a mailbox server as the input and outputs to a text file, listing mailbox, folder, delegate and access permissions.

########################################################
### Script to get list of mailbox folder permissions ###
###                                                  ###
### ALAshcroft                                       ###
### v3.3                                             ###
########################################################

########################
### Define variables ###
########################

$Server = read-host "Enter the name of an Exchnage server hosting mailboxes..."
$Databases = Get-MailboxDatabase -Server $Server
$PSscriptRoot = "D:\Source\silversands\"
$Logfile = ($PSScriptRoot + "\MBXFolderPermissions-" + $Server + ".log")

#######################################
### Create the array for the Output ###
#######################################

$Output = @()

#############################
### Get list of Mailboxes ###
#############################

foreach ($Database in $Databases) {

$Mailboxes = (Get-Mailbox -Database $Database -Resultsize Unlimited)

#################################
#### Counter for progress bar ###
#################################

$MailboxCount = ($Mailboxes | Measure-Object).Count
 $Count = 1

foreach ($Mailbox in $Mailboxes)
 {

#################################################
### Show progress of the permission gathering ###
#################################################

$Status = "Database $Database - Getting folders for mailbox: $($Mailbox.PrimarySMTPAddress)"
$Activity = "Working... [$($Count)/$($MailboxCount)]"

Write-Progress -Status $Status -Activity $Activity -PercentComplete (($Count/$MailboxCount)*100)

#####################################
### Retrieve list of folder names ###
#####################################

$FolderNames = Get-MailboxFolderStatistics $Mailbox.name | where {$_.name -notmatch "Top of Information Store|Conversation Action Settings|Contacts|RSS Feeds|Sync Issues|Recoverable Items|Outbox|Tasks|Purges|Deletions|Junk E-Mail|Suggested Contacts|Junk E-Mail|Notes|Journal|Deleted Items|Drafts|Conflicts|Server Failures|Conversation History|Quarantine|Local Failures|Versions|Calendar Logging"} | select -ExpandProperty Identity

###########################################
### For each folder get the permissions ###
###########################################

foreach ($Folder in $FolderNames) {

$Folder = $Folder -replace $Mailbox.name,$($Mailbox.name + ':')

$Folder = $Folder.replace([char]63743,"/") # Replace the special character used to represent forward slashes

$Permissions = Get-MailboxFolderPermission -Identity $Folder -ErrorAction SilentlyContinue | where-Object {$_.User -notlike "Default" -and $_.User -notlike "Anonymous" -and $_.accessrights -notlike "Owner" -and $_.accessrights -notlike "None" } | select @{name='Mailbox';expression={$Mailbox.PrimarySMTPAddress}},FolderName, @{name='User';expression={$_.User -join ','}}, @{name='AccessRights';expression={$_.AccessRights -join ','}}

$Output += $Permissions

}

$count++
 }
 }

#########################################
### Write permissions to the log file ###
#########################################

$Output | ft -autosize | out-string -width 500 | out-file $Logfile

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s