Manage Folder Permission by using PowerShell | Office 3657 min read
In the current article, we review the use of the folder permissions PowerShell command in Office 365 and Exchange Online environment.
Technically, the ability to share a specific folder can be implemented for each of the user folders but, most of the time, the need to share a folder is related to the calendar and contact folder.
By using the Folder Sharing, we can enable other users to get access to specific Outlook folders such as Calendar, Contacts, and Tasks.
The “Sharing folder” process, is based on two elements: the user (or group) that we want to share with them the folder, and the level of permission that we want to enable.
For example – by default, users can see only the free/busy time of other recipients.
In case that we want to allow other users to get more information about the meeting, we can change the default permissions and enable other users to see additional information about the meeting such as meeting Subject and location.
Folder permissions can be assigned by the user himself (by using the Outlook or OWA interface) or by using PowerShell.
The considerable advantage of using PowerShell for managing folder permissions is that – the administrator can remotely create the required setting for the user (assist users and prevent miss configurations) and using the power of the PowerShell, to execute commands in Bulk Mode (execute configuration settings for more than one Mailbox).
Article Table of content | Click to Expand
PowerShell | Help & additional information
In case that you are a novice in the PowerShell environment, you can use the following link to get more information about the “first steps” such as: downloading the required PowerShell
software components, how to use the PowerShell console, running a PowerShell script, etc.
| Link Table |
| PowerShell Naming Conventions & general information
If you want to get more information about the Naming Conventions that we use for this article and get some general tips about: how to work with the PowerShell, read the article: Help and additional information – o365info.com PowerShell articles |
| Create remote PowerShell session
Before we can use the required PowerShell commands, we need to download and install the Office 365 cmdlets + create remote PowerShell session to Office 365 or Exchange Online. If you need more information about how to create a remote PowerShell session read the following articles: Part 2: Connect to Office 365 by using Remote PowerShell and Part 3: Connect to Exchange Online by using Remote PowerShell |
| How to use a PowerShell script
Most of the PowerShell articles include a PowerShell script that simplifies the use of the PowerShell commands. If you want to get more information about: How to use a PowerShell script, read the article: Connect to Office 365 and Exchange Online using a script |
| PowerShell command and Script languish in more details
If you are new to the PowerShell world, you can read more information about PowerShell in Office 365 environment in the article: The Power of PowerShell |
The AccessRights parameter also specifies the permissions for the user with the following roles, which are a combination of the rights listed previously:
- None – FolderVisible
- Owner – CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingEditor – CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- Editor – CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
- PublishingAuthor – CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
- Author – CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
- NonEditingAuthor – CreateItems, ReadItems, FolderVisible
- Reviewer – ReadItems, FolderVisible
- Contributor – CreateItems, FolderVisible
Folder permissions PowerShell commands basic structure
The basic structure of the PowerShell Folder permissions command, is written by using the following syntax:
In our example, we want to enable Alice to have Publishing Editor permission, to hear manager calendar (John).
The -Identity parameter, relates to the user who wants to “share” his calendar (provide other users the option to access the content of his calendar) and the –User parameter, represent the user who will get the access to the calendar.
1. Assign Folder Permission to Calendar folder (Calendar sharing)
1.1 – Assign Publishing Editor Permission to Calendar Folder
PowerShell command Syntax
|
1 |
Add-MailboxFolderPermission <Identity>:\calendar –User <Identity> -AccessRight <Access Right> |
PowerShell command Example
|
1 |
Add-MailboxFolderPermission John:\calendar -AccessRight PublishingEditor -User Suzan -AccessRight PublishingEditor |
1.2 – Assign Publishing Editor permissions to specific user to all existing Calendars (Bulk Mode)
PowerShell command Syntax
|
1 |
Get-Mailbox | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User <Identity> -AccessRights <Access Right>} |
PowerShell command Example
|
1 2 |
Get-Mailbox | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User John -AccessRights PublishingEditor -AccessRight PublishingEditor} |
1.3 – Set the default Folder permission of calendar to: Publishing Editor
PowerShell command Syntax
|
1 |
Set-MailboxFolderPermission <Identity>:\calendar –User default –AccessRights PublishingEditor |
PowerShell command Example
|
1 |
Set-MailboxFolderPermission John:\calendar –User default -AccessRights PublishingEditor |
1.4 – Set the default sharing permission for everyone in your organization to: Reviewer (Bulk Mode)
PowerShell command Syntax
|
1 2 3 4 5 |
$AllMailboxs = Get-Mailbox -Resultsize Unlimited Foreach ($user in $AllMailboxs) {Set-mailboxfolderpermission –identity ($user.alias+':\calendar’) –user Default –Accessrights Reviewer} |
1.5 – Assign Publishing Editor Permission to Calendar folder – Different languish
PowerShell command Syntax
|
1 |
$id = <Identity>; $id += ":\" + (Get-MailboxFolderStatistics -Identity $id | Where-Object {$_.FolderType -eq "Calendar"}).Name; Add-MailboxFolderPermission $id -User <Identity> -AccessRights PublishingEditor |
PowerShell command Example
|
1 |
$id = "John"; $id += ":\" + (Get-MailboxFolderStatistics -Identity $id | Where-Object {$_.FolderType -eq "Calendar"}).Name; Add-MailboxFolderPermission $id -User Suzan -AccessRights PublishingEditor |
2. Assign Folder permission to Contacts folder
2.1 – Assign Publishing Editor Permission to Contacts Folder
PowerShell command Syntax
|
1 |
Add-MailboxFolderPermission <Identity>:\contacts -AccessRight PublishingEditor -User <Identity> |
PowerShell command Example
|
1 |
Add-MailboxFolderPermission John:\contacts -AccessRight PublishingEditor -User Suzan |
2.2 – Set the default permission for Contacts folder to Publishing Editor
PowerShell command Syntax
|
1 |
Set-MailboxFolderPermission <Identity>:\contacts -User default -AccessRights Editor |
PowerShell command Example
|
1 |
Set-MailboxFolderPermission John:\contacts -User default -AccessRights Editor |
3. Display Folder permission (Calendar and Contacts)
3.1 – Display calendar Folder permission
PowerShell command Syntax
|
1 |
Get-MailboxFolderPermission <Identity>:\calendar |
PowerShell command Example
|
1 |
Get-MailboxFolderPermission John:\calendar |
Adjustments & Customizations: Filter the display output details
PowerShell command Example
|
1 |
Get-MailboxFolderPermission John:\calendar | Select FolderName, user, AccessRights |
3.2 – Display contacts Folder permission
PowerShell command Syntax
|
1 |
Get-MailboxFolderPermission <Identity>:\contacts |
PowerShell command Example
|
1 |
Get-MailboxFolderPermission John:\contacts |
Adjustments & Customizations: Filter the display output details
PowerShell command Example
|
1 |
Get-MailboxFolderPermission John:\contacts | Select FolderName, user, AccessRights |
3.3 – Export folder permission for all of the recipients ( Bulk mode) | CSV Format
PowerShell command Syntax
|
1 |
Get-Mailbox | Get-MailboxFolderPermission | Export-CSV <Path> |
PowerShell command Example
|
1 |
Get-Mailbox | Get-MailboxFolderPermission | Export-CSV c:\temp\users.csv |
4. Remove folder permissions
4.1 – Remove Permission from a Calendar folder for a specific user
PowerShell command Syntax
|
1 |
Remove-MailboxFolderPermission <Identity>:\calendar -User <Identity> |
PowerShell command Example
|
1 |
Remove-MailboxFolderPermission John:\calendar -User Suzan |
Adjustments & Customizations: Remove the prompt for conformation.
PowerShell command Example
|
1 |
Remove-MailboxFolderPermission John:\calendar -User Suzan -Confirm:$false |
4.2 – Remove Permission from a contacts folder for a specific user
PowerShell command Syntax
|
1 |
Remove-MailboxFolderPermission <Identity>:\contacts -User <Identity> |
PowerShell command Example
|
1 |
Remove-MailboxFolderPermission John:\contacts -User Suzan |
Adjustments & Customizations: Remove the prompt for conformation.
PowerShell command Example
|
1 |
Remove-MailboxFolderPermission John:\contacts -User Suzan -Confirm:$False |
4.3 – Remove permission for a specific user from all Calendars (Bulk Mode)
PowerShell command Syntax
|
1 |
Get-Mailbox | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User <Identity>} -Confirm:$False |
PowerShell command Example
|
1 |
Get-Mailbox | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User John} -Confirm:$False |
5. Assign Folder permissions | Advanced
5.1 – Assign Folder Permissions to specific mailbox folder
PowerShell command Syntax
|
1 |
Add-MailboxFolderPermission -Identity <Identity>:\inbox\<folder> -user <Identity> -AccessRights |
PowerShell command Example
|
1 |
Add-MailboxFolderPermission -Identity John :\inbox\Folder-A -user Suzan -AccessRights Reviewer |
5.2 – Assign Recursive Shared Folder Permissions
PowerShell command Syntax
|
1 2 3 4 5 6 |
ForEach($f in (Get-MailboxFolderStatistics <source mailbox> | Where { $_.FolderPath.Contains("/") -eq $True } ) ) { $fname = "<source mailbox>:" + $f.FolderPath.Replace("/","\"); Add-MailboxFolderPermission $fname -User <user> -AccessRights Reviewer Write-Host $fname Start-Sleep -Milliseconds 1000 } |
PowerShell command Example
|
1 2 3 4 5 6 |
ForEach($f in (Get-MailboxFolderStatistics Suzan | Where { $_.FolderPath.Contains("/") -eq $True } ) ) { $fname = "Suzan:" + $f.FolderPath.Replace("/","\"); Add-MailboxFolderPermission $fname -User John -AccessRights Reviewer Write-Host $fname Start-Sleep -Milliseconds 1000 } |
Additional reading
PowerShell command syntax – Office 365 | Article series index
It is important for us to know your opinion on this article
leon.situ
07/31/2012 at 12:24 pmIs there similar commanlet available in Exchange 2007?
leon.situ
07/31/2012 at 12:25 pmAre these commands available in exchange 2007 management shell?
o365info
09/29/2012 at 1:06 pmHello Leon
The answer is: “Yes” and “No”.
Technically the PowerShell concepts and logic are the same for all of the Microsoft product such as: Active Directory PowerShell, Exchange 2007, 2010 PowerShell etc. but…
Office 365 and Exchange online environment include additional or different cmdlets that are relevant only for this environments. You can try to use the PowerShell sample in your Exchange 2007 server, but you probably need to “customize” the syntax for your exchange 2007 environment.
Anonymous
05/15/2013 at 6:53 amHi,
is there a way to removeclear all Permission from for example:
inboxblabla Folder
Except the default autor Permission ?
thanx,
Nissana
Anonymous
09/04/2013 at 8:19 amHow to view delegated contacts folder through OWA 2010
Thanks Mahesh
Anonymous
10/08/2013 at 8:21 amThanks, this is cleverly done. I’d only found how to do it with get-mailboxfolder -recurse which you can only do if you are the folder’s owner already. I’m using it because I’m not, and I want to be 🙂
Anonymous
11/13/2013 at 12:35 pmTrying to run this, but keep getting unexpected token error (365 2013): foreach($user in Get-Mailbox Get-Mailbox -RecipientTypeDetails UserMailbox) { $cal = $user.alias+”:Calendar” add-MailboxFolderPermission -Identity $cal -User Default -AccessRights Readitems }
crashdude
12/04/2013 at 9:43 pmHi, I tried the above it is all working. The only problem is, the user do not see the given rights in the outlook. Example, after running,
Add-MailboxFolderPermission John:contacts -AccessRight PublishingEditor -User Suzan
I do not see John’s contacts in Suzan’s outlook. Is there a way to display this in outlook? I tried using outlook client, it works fine. But using powershell it does not come out.
Rob Yoder
12/16/2013 at 4:50 pmAs Susan, you will have to go to File / Open another user’s folder / Contacts and open John’s contacts.
His contacts will not just automatically show up in Susan’s Outlook
Rob Yoder
12/16/2013 at 4:52 pmSusan will not just automatically see John’s contacts in her contact manager. She has the right to see his folder though, so she can go to File / Open & Export / Other User’s Folder and open his contact folder that way.
Guy Saar
07/14/2014 at 9:36 amThanks a lot!
The explanation of the commands was great!
Shambhu
03/09/2016 at 9:32 amHow can we provide folder permission from On-premises server to exchange online user.
Ex: User A (SharedMailbox at Onpremise), User B (Office 365), Need to provide folder access permission to User B for User A mailbox folder.
Kevin
07/22/2016 at 3:37 pmThere is a misspelling in these:
$AllMailboxs = Get-Mailbox -Resultsize Unlimited
Foreach ($user in $AllMailboxs)
“Mailboxes”, not “Mailboxs”
David
01/10/2017 at 5:01 pmKevin: $AllMailboxs is just a variable name. It works fine as long as you misspell it in both places!
New question: Is there a command that will affect mailboxes that haven’t been created yet? For example, we want the Office Manager to have edit rights to every user’s contacts. These commands let me do that for all existing mailboxes, but if we hire someone tomorrow I’d have to remember to run the script for the new user.
David
01/25/2018 at 12:16 amI want a user to be able to open another users inbox, but not see everything in their mailbox. So I did a command like: Add-MailboxFolderPermission -Identity [email protected]:\inbox –user [email protected] -AccessRights owner. When the user needaccess opens outlook I add an additional mailbox usersharing. The mailbox name is displayed, but when I click the triangle to expand it to see the inbox folder an error appears: Cannot expand the folder. What am I missing?
Thanks
Brandon
02/01/2018 at 9:11 pmDude! You Rock! Keep IT Up!!
Krish
04/18/2018 at 8:21 pmIs Set-mailboxfolderPermission correct command, I think it should be Add-mailboxfolderpermission?