官术网_书友最值得收藏!

Managing folder/calendar permission

In this topic, we will review the usage of folder permissions within a mailbox using PowerShell in Exchange 2013 and 2016 On-Premise and the Exchange Online environment. The three cmdlets that will help us to modify and view the permission on inpidual folders are Add-MailboxFolderPermission, Set-MailboxFolderPermission, Get-MailboxFolderPermission, and Remove-MailboxFolderPermission.

You can specify the following access rights using the Access Rights parameter, which are self-explanatory. If you want to understand about a particular access rights, type Get-Help Set-Mailbox folder permission. The access rights available are: Read Items, Create Items, Edit Owned Items, Delete Owned Items, Edit All Items, Delete All Items, Create Subfolders, Folder Owner, Folder Contact, and Folder Visible

There is a provision to specify a combination of the previously mentioned access rights by using: None, Owner, Publishing Editor, Editor, Publishing Author, Author, Non Editing Author, Reviewer, and Contributor.

For Calendars, we have two levels of access:

  • Availability Only: This right will only show availability data.
  • Limited Details: This will allow users to view the availability data along with its subject and location

The following command will add Amy Alberts as the Owner of the marketing folder in John Doe's mailbox:

Add-MailboxFolderPermission -Identity johnd@contoso.com:\Marketing -User amya@contoso.com -AccessRights Owner

Now, the administrator who gave the permission earlier figured out that he wanted to only allow Amy as a Publishing Editor and not an owner. He will fix this using this command:

Set-MailboxFolderPermission -Identity johnd@contoso.com:\Marketing -User amya@contoso.com -AccessRights PublishingEditor

Now, let's add Holly as the Publishing Editor for John Doe's calendar:

Add-MailboxFolderPermission Johnd:\calendar -AccessRight PublishingEditor -User hollyh

Similarly, add Holly to John's contact folder as a Publishing Editor:

Add-MailboxFolderPermission Johnd:\contacts -AccessRight PublishingEditor -User hollyh

Now, let's view the results using the Get-Mailbox Folder permission. You can use the pipeline and select the desired results and even export it to a CSV file to review later:

Get-MailboxFolderPermission John:\calendar | Select FolderName, user, AccessRights
Get-MailboxFolderPermission John:\contacts
Get-MailboxFolderPermission John:\contacts | Select FolderName, user, AccessRights
Get-Mailbox | Get-MailboxFolderPermission | Export-CSV c:\temp\users.csv

Removing the permissions that are no longer required can be done by typing the following command:

Remove-MailboxFolderPermission Johnd:\calendar -User hollyh -Confirm:$false
Remove-MailboxFolderPermission Johnd:\contacts -User hollyh

As an Exchange administrator, there are times when you want to remove a particular user's access from all the mailboxes for a particular folder, such as the calendar in this case. The unfortunate user is John Doe in this case. The first cmdlet called Get-Mailbox will return all the mailboxes in the Exchange organization, and you can filter this output using multiple attributes in the Active directory especially if you are managing a large organization with thousands of users. The output of Get-Mailbox will be fed into a ForEach-Object loop, and it will remove the permission from the calendar folder of each mailbox for the user John:

Get-Mailbox | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User Johnd} -Confirm:$False
主站蜘蛛池模板: 和林格尔县| 明溪县| 五指山市| 洛宁县| 十堰市| 分宜县| 光泽县| 二连浩特市| 朝阳市| 玛曲县| 兴宁市| 济南市| 密云县| 贵州省| 会理县| 临清市| 上虞市| 大渡口区| 浦东新区| 永寿县| 调兵山市| 汕尾市| 广安市| 池州市| 安康市| 新民市| 宁化县| 永新县| 安顺市| 富源县| 鄂尔多斯市| 禹州市| 论坛| 咸宁市| 吉隆县| 特克斯县| 朝阳市| 麦盖提县| 台南市| 临朐县| 寿阳县|