官术网_书友最值得收藏!

Managing folder/calendar permission

In this topic, we will review the usage of folder permissions within a mailbox using PowerShell in Exchange 2013 and 2016 On-Premise and the Exchange Online environment. The three cmdlets that will help us to modify and view the permission on inpidual folders are Add-MailboxFolderPermission, Set-MailboxFolderPermission, Get-MailboxFolderPermission, and Remove-MailboxFolderPermission.

You can specify the following access rights using the Access Rights parameter, which are self-explanatory. If you want to understand about a particular access rights, type Get-Help Set-Mailbox folder permission. The access rights available are: Read Items, Create Items, Edit Owned Items, Delete Owned Items, Edit All Items, Delete All Items, Create Subfolders, Folder Owner, Folder Contact, and Folder Visible

There is a provision to specify a combination of the previously mentioned access rights by using: None, Owner, Publishing Editor, Editor, Publishing Author, Author, Non Editing Author, Reviewer, and Contributor.

For Calendars, we have two levels of access:

  • Availability Only: This right will only show availability data.
  • Limited Details: This will allow users to view the availability data along with its subject and location

The following command will add Amy Alberts as the Owner of the marketing folder in John Doe's mailbox:

Add-MailboxFolderPermission -Identity johnd@contoso.com:\Marketing -User amya@contoso.com -AccessRights Owner

Now, the administrator who gave the permission earlier figured out that he wanted to only allow Amy as a Publishing Editor and not an owner. He will fix this using this command:

Set-MailboxFolderPermission -Identity johnd@contoso.com:\Marketing -User amya@contoso.com -AccessRights PublishingEditor

Now, let's add Holly as the Publishing Editor for John Doe's calendar:

Add-MailboxFolderPermission Johnd:\calendar -AccessRight PublishingEditor -User hollyh

Similarly, add Holly to John's contact folder as a Publishing Editor:

Add-MailboxFolderPermission Johnd:\contacts -AccessRight PublishingEditor -User hollyh

Now, let's view the results using the Get-Mailbox Folder permission. You can use the pipeline and select the desired results and even export it to a CSV file to review later:

Get-MailboxFolderPermission John:\calendar | Select FolderName, user, AccessRights
Get-MailboxFolderPermission John:\contacts
Get-MailboxFolderPermission John:\contacts | Select FolderName, user, AccessRights
Get-Mailbox | Get-MailboxFolderPermission | Export-CSV c:\temp\users.csv

Removing the permissions that are no longer required can be done by typing the following command:

Remove-MailboxFolderPermission Johnd:\calendar -User hollyh -Confirm:$false
Remove-MailboxFolderPermission Johnd:\contacts -User hollyh

As an Exchange administrator, there are times when you want to remove a particular user's access from all the mailboxes for a particular folder, such as the calendar in this case. The unfortunate user is John Doe in this case. The first cmdlet called Get-Mailbox will return all the mailboxes in the Exchange organization, and you can filter this output using multiple attributes in the Active directory especially if you are managing a large organization with thousands of users. The output of Get-Mailbox will be fed into a ForEach-Object loop, and it will remove the permission from the calendar folder of each mailbox for the user John:

Get-Mailbox | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User Johnd} -Confirm:$False
主站蜘蛛池模板: 嘉黎县| 丰原市| 渭南市| 太白县| 桐庐县| 峨边| 杂多县| 从江县| 九寨沟县| 庆阳市| 资兴市| 松江区| 阿拉善盟| 楚雄市| 淮北市| 元氏县| 平度市| 伊金霍洛旗| 南昌县| 河北区| 马公市| 安吉县| 保靖县| 汶川县| 治多县| 巴南区| 垦利县| 盱眙县| 枣强县| 白城市| 澳门| 赞皇县| 佳木斯市| 喜德县| 得荣县| 遂溪县| 韩城市| 兰西县| 大理市| 扎兰屯市| 靖远县|