\\\Basic Pokeball
Professor Oak (or Professor Magnolia for all of you young whipper snappers) has given us a couple of standard, out-of-the-box pokeballs to get us started on our adventure. These are the 2 cmdlets: Get-MailboxFolderPermission
and Get-MailboxFolderStatistics
. Before we get carried away with the complex game of Paper, Rock, Electric-type Pokémon, let’s take a super in-depth dive of each one.
Get-MailboxFolderPermission
returns permissions set on a specific folder in a mailbox.
Get-MailboxFolderStatistics
returns a list of folders within a mailbox.
Okay, so maybe there was a “No Diving” sign in the shallow end of the pool….but this is all of the info we could fit into our Pokédex. These cmdlets can do more and get more, but for our purposes in this post we’ll keep it simple. Since you have your sights on becoming the next great Pokémon master, your first task is taking down some punk in a gym. Just to clarify, it’s preferable if the punk isn’t from a Planet Fitness or Gold’s Gym. To beat this gym leader, for some reason you need to get a list of permissions set on all folders (including sub folders) for a mailbox. This is clearly where my analogy breaks down but per the usual I’ll continue to beat this dead horse until it dies, again.
\\\Mailboxchu’s Accuracy Sharply Rose!
So what we want to do is use these 2 cmdlets together and let them evolve into something that’s pretty much the same but with wings or a flower on its back. In general, we want to write a function to get a list of all folders and subfolders in a mailbox and then get the permissions for each. Let’s get started!
First, let’s breakdown the core parts of our function. This gets a list of folders and selects a few properties that we can use:
$AllFolders = Get-MailboxFolderStatistics EmailAddress | Select Name, FolderPath, Foldertype, Identity
$IndivPermission = Get-MailboxFolderPermission PathToFolder
$AllPermissions
, adding in some verbose logging for our benefit, and removing any permissions where the AccessRights is set to “None”. There’s also one small Snorlax that doesn’t allow us to easily pipe between these two cmdlets: the folder path.\\\Oh Squirtle
For all of their infinite wisdom, I’m not sure why MS did it this way. If anybody has any ideas about this I’m all ears! Getting the folder path from Get-MailboxFolderStatistics
is super-effective! But the folder path returned is in this format:
Email Address\Folder Name
That’s great and all, but when you have to define the folder path in the Get-MailboxFolderPermission
cmdlet, it needs to be in this format:
EmailAddress:\Folder Name
Talk about a colonoscopy! Team Rocket must have been behind this. There’s no way Microsoft would do this to us…
\\\Reggie, I choose you!
To fix this (there are multiple ways to accomplish this), I opted to use my Lvl 52 RegExasaur to split the folder path into 2 parts at the first backslash. Then I combine the 2 parts with a “:\” in between to be used with the Get-MailboxFolderPermission
cmdlet.
The RegEx we’ll use is ^(.*?)\\
Breaking that down, it’s:
^
Matches the beginning of the string
(.*?)
Get any characters grouped together before the character we specify. In our case, we want to get everything before the first backslash.
\\
The first backslash is the escaping character for RegEx, and then we’re actually looking for a backslash.
We can use this RegEx with our -Split
attack to do big damage to those annoying bug Pokémon we keep finding in the darn tall grass. Does anybody mow anymore??
\\\The PokeMAN
Putting it all together, our all-star lineup of 6 Pokemon looks like this:
function Get-MailboxFolderPermissions_All{
[cmdletbinding()]
param(
$Mailbox
)
Begin{}
Process{
$AllFolders = Get-MailboxFolderStatistics $Mailbox | select Name, FolderPath, Foldertype, Identity
Write-Verbose "Total Folder Count: $($AllFolders.count)"
$AllPermissions = @()
foreach($F in $AllFolders){
$Path = $F.Identity -split '^(.*?)\\'
$FullPath = $Path[1] + ':\' + $Path[2]
try{
$IndivPermission = Get-MailboxFolderPermission $FullPath -ErrorAction Stop
$AllPermissions += $IndivPermission
Write-Verbose "$($F.Name) permission found!"
}catch{
Write-Verbose "$($F.Name) has no permissions set."
}
}
$AllPermissions | where {$_.AccessRights -ne "None"}
}
End{}
}
Get-MailboxFolderPermissions_All -"I CHOOSE YOU!!!"
Get-MailboxFolderPermissions_All EmailAddress
-Verbose
parameter.Well, there you have it. That’s how you catch all of those mailbox folder permissions. Just call me Ash money, baby!
