Script to Assign MailboxFolderPermission in Bulk
In Exchange 2003 and Exchange 2007, We had to use pfdavadmin to assign permissions centrally on user’s calendar or any other folder. For few users we used to open up mailbox and assign calendar permissions.
In Exchange 2010 we have a new feature call Mailbox folder permission. This enables you to "manage folder-level permissions for all folders within a user's mailbox centrally.
In Exchange 2010 We can also use Exfolders (Replacement of Pfdavadmin) to assign mailbox folder permission centrally but we cannot set filters in Exfolders to get only list of users basis on our requirement.
Here are few examples.
Example 1-
The following command will give everybody read rights to the calendar in the "ConferenceRoom" calendar.
Add-MailboxFolderPermission ConferenceRoom@xyz.com:\calendar -User Default -AccessRights reviewer
Example 2-
Want to assign Editor permission to a user on all user’s Calendar folder which are under one particular OU
Run following shell commands to achieve the same.
1- Get-User -OrganizationalUnit "OU=OU NAME,DC=XYZ,DC=COM" | select-Object Samaccountname | Export-Csv C:\Users.csv
Select Samaccountname because we don’t get the alias when we run Get-user command and Display name will not work while assigning permissions.
2- Open up users.csv file and remove the first line which would be “#TYPE Selected.Microsoft.Exchange.Data.Directory.Management.User” and save file
3- Now run the command
Import-csv C:\users.csv | foreach-object {Add-MailboxFolderPermission -identity $_Samaccountname":\Calendar" -User "username" -AccessRights "Editor"}
Similarly we can get the list of users based on custom filters and assign the mailbox folder permissions as per our need.
For more information on Get-User filters, Please follow
http://technet.microsoft.com/en-us/library/aa996896%28v=exchg.80%29.aspx
Example 3-
Want to assign Reviewer permission to multiple users on a particular user’s Inbox folder. Those all users are in different OU.
1- Set custom attribute on all those users. For example we set CustomAttribute5 “VIP”
2- Get-user -Filter {(CustomAttribute5 -eq "VIP")} | select-Object Samaccountname | Export-Csv C:\Users.csv
3- Open up users.csv file and remove the first line which would be “#TYPE Selected.Microsoft.Exchange.Data.Directory.Management.User” and save file
4- Import-csv C:\users.csv | foreach-object {Add-MailboxFolderPermission -identity XYZ@domain.com:\Inbox -User $_.Samaccountname -AccessRights "Reviewer"}
The possible AccessRights can be seen here:
http://technet.microsoft.com/de-de/library/ff522363.aspx
Similarly we can use following shell commands to view, modify or remove the mailbox folder permissions
Add-MailboxFolderPermission – http://technet.microsoft.com/en-us/library/dd298062.aspx
Get-MailboxFolderPermission – http://technet.microsoft.com/en-us/library/dd335061.aspx
Set-MailboxFolderPermission – http://technet.microsoft.com/en-us/library/ff522363.aspx
Remove-MailboxFolderPermission – http://technet.microsoft.com/en-us/library/dd351181.aspx
Please let us know if you have any queries or comments.
Cheers,
Team MSS
3 Responses to “Script to Assign MailboxFolderPermission in Bulk”
Leave a Reply
Search
Recent Posts
- SQL Server Reporting Services Integration with SharePoint – Error On attempt to setup subscription for an external email address
- Mysites deleted after recreating User profile Sync connection – SharePoint 2010
- Outlook Profile Still Pointing to Exchange Server 2007 After Move Mailbox to Exchange Server 2010 – Exchange 2007 to Exchange 2010 Migration Issue
- How to Install Exchange 2013 RTM on Windows Server 2012
- How to Grant Read Access Permission on a Mailbox in Exchange Server 2010/2013
Categories
- BlackBerry Enterprise Server
- Exchange Server 2007
- Exchange Server 2010
- Exchange Server 2013
- Uncategorized
Blog Archive
- April 2013
- March 2013
- January 2013
- December 2012
- November 2012
- October 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- October 2011
when i do the steps in your example 2 then Igot this error
An existing permission entry was found for user: Peter .
+ CategoryInfo : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], UserAlreadyExis…nEntryException
+ FullyQualifiedErrorId : AC4E6849,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
whats going wrong ???
This is because user already have some permission on the mailbox folder. If user already have existing permission on mailbox folder, We will have to use Set-Mailboxfolderpermission to modify the permission.
http://technet.microsoft.com/en-us/library/ff522363.aspx
Hi. When I try your example 2 (with the set-mailboxfolderpermission) I only get a Warning, the command completed succesfully, but no permission….. on my OWN mailbox (the user I am logged in as. It doesnt seem as it takes all the users in the CSV – any ideas?
Br
Steen