Powershell list permssions for top of information store for all mailboxes in a specific object unit RRS feed

  • Question

  • Hi community,

    I need to list permissions to Top of Information store (or any other specified folder like Inbox) for all users in a specific OU. I came across to the following code but it does not work probably due to some syntax issue, need advise. 

    Get-Mailbox -ResultSize Unlimited -OrganizationalUnit "ou=test,ou=internal,ou=net,dc=local,dc=net" | foreach { Get-MailboxFolderPermission -Identity $ }| Export-Csv \\networkshare\mailboxpermissions.csv


    I think I need to specify Identity in another way and also I need to specify that I need permissions for Top of Information Store. For a single script I just put username:

    Wednesday, April 19, 2017 10:53 AM

All replies

  • What version of Exchange are you running?  And what error are you getting when you run the above?  When I ran it on my Ex2016CU3 server without the export, it worked fine, and I'm sure it will work with the export added.

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Wednesday, April 19, 2017 12:19 PM
  • Basically, I was able to solve the current problem but facing a new one. I've scripted a new piece of code which is the following: 

    import-csv "\\networkshare\import.csv" | foreach {Get-MailboxFolderPermission -Identity $_.user} | Export-csv \\networkshare\export.csv. 

    Where import.csv contains list of usernames which mailboxes I need to list permissions. The problem is that Export.csv file contains User and Identity fields which are equal to each other and there is no connection with mailbox owner. How to modify the script or should I bind anything else? 

    Because, when I simply run Get-MailboxFolderPermission -Identity username I can see it on screen in the way I need it.

    Wednesday, April 19, 2017 12:29 PM
  • If you want the mailbox owner, you need to pull it from the Get-Mailbox command you ran.  If we go back to your original scriptlet, we can add output from the first command to the second so we have what I believe you are looking for:

    Get-Mailbox -ResultSize Unlimited -OrganizationalUnit "ou=test,ou=internal,ou=net,dc=local,dc=net" | Sort Name | foreach { $MbxAlias = $_.Alias ; $MbxOwner = $_.Name ; Get-MailboxFolderPermission -Identity $ } | Select *, @{E={ $MbxAlias };L='MailboxAlias'}, @{E={ $MbxOwner };L='MailboxOwner'} | Export-Csv \\networkshare\mailboxpermissions.csv

    Not knowing the exact error you said you first had, I believe it was probably that your pipe was getting messed up (by having a pipe already running).  The Sort Name fixes this.  And I've saved the alias and name of the mailbox you are checking so we can add them to the output of your Get-MailboxFolderStatistics command in the foreach statement.  HTH ...

    Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

    Thursday, April 20, 2017 11:36 AM