I’ve had a couple of instances now where I have needed to export a record of the mailbox folder permissions ahead of a mailbox migration.
The following script uses a mailbox server as the input and outputs to a text file, listing mailbox, folder, delegate and access permissions.
########################################################
### Script to get list of mailbox folder permissions ###
### ###
### ALAshcroft ###
### v3.3 ###
########################################################
########################
### Define variables ###
########################
$Server = read-host "Enter the name of an Exchnage server hosting mailboxes..."
$Databases = Get-MailboxDatabase -Server $Server
$PSscriptRoot = "D:\Source\silversands\"
$Logfile = ($PSScriptRoot + "\MBXFolderPermissions-" + $Server + ".log")
#######################################
### Create the array for the Output ###
#######################################
$Output = @()
#############################
### Get list of Mailboxes ###
#############################
foreach ($Database in $Databases) {
$Mailboxes = (Get-Mailbox -Database $Database -Resultsize Unlimited)
#################################
#### Counter for progress bar ###
#################################
$MailboxCount = ($Mailboxes | Measure-Object).Count
$Count = 1
foreach ($Mailbox in $Mailboxes)
{
#################################################
### Show progress of the permission gathering ###
#################################################
$Status = "Database $Database - Getting folders for mailbox: $($Mailbox.PrimarySMTPAddress)"
$Activity = "Working... [$($Count)/$($MailboxCount)]"
Write-Progress -Status $Status -Activity $Activity -PercentComplete (($Count/$MailboxCount)*100)
#####################################
### Retrieve list of folder names ###
#####################################
$FolderNames = Get-MailboxFolderStatistics $Mailbox.name | where {$_.name -notmatch "Top of Information Store|Conversation Action Settings|Contacts|RSS Feeds|Sync Issues|Recoverable Items|Outbox|Tasks|Purges|Deletions|Junk E-Mail|Suggested Contacts|Junk E-Mail|Notes|Journal|Deleted Items|Drafts|Conflicts|Server Failures|Conversation History|Quarantine|Local Failures|Versions|Calendar Logging"} | select -ExpandProperty Identity
###########################################
### For each folder get the permissions ###
###########################################
foreach ($Folder in $FolderNames) {
$Folder = $Folder -replace $Mailbox.name,$($Mailbox.name + ':')
$Folder = $Folder.replace([char]63743,"/") # Replace the special character used to represent forward slashes
$Permissions = Get-MailboxFolderPermission -Identity $Folder -ErrorAction SilentlyContinue | where-Object {$_.User -notlike "Default" -and $_.User -notlike "Anonymous" -and $_.accessrights -notlike "Owner" -and $_.accessrights -notlike "None" } | select @{name='Mailbox';expression={$Mailbox.PrimarySMTPAddress}},FolderName, @{name='User';expression={$_.User -join ','}}, @{name='AccessRights';expression={$_.AccessRights -join ','}}
$Output += $Permissions
}
$count++
}
}
#########################################
### Write permissions to the log file ###
#########################################
$Output | ft -autosize | out-string -width 500 | out-file $Logfile
Alashcroft's Blog 