Grant permission to every folder in a mailbox with a single command

This is the second of three scripts I mentioned in my previous post. Running this command as shown here from the Exchange Management Shell:

Add_Perms SharedMailbox John.Doe

will get a list of all folders in a mailbox called SharedMailbox and then add Publishing Editor permissions for John.Doe to each of those folders.

The username can be entered as account name, primary SMTP address, alias, or name. Be sure to use quotes if there are any spaces.


# Filename: Add_Perms.ps1
# Version: 2014.06.03; Jay Carper,
# Purpose: Adds permissions to all folders in a mailbox for the 
# given user name.
# Example:
# add_perms SharedMailbox UserName
# Requires Exchange Management Shell
# Return an error if no mailbox or user name was entered.

    [string]$Identity = `
        $(throw `
        "No value entered for the shared mailbox identity."),
    [String]$User = `
        $(throw "No value entered for the user identity.")

# Run if the mailbox name is valid.
if (Get-Mailbox $Identity -ea SilentlyContinue) {

    # Run if the username is valid.
    if (Get-Mailbox $User -ea SilentlyContinue) {
        Write-Host " "
        Write-Host "Errors are normal on folders where $User" `
            -ForegroundColor Yellow
        Write-Host "already has permissions." `
            -ForegroundColor Yellow

        # Add permissions on the mailbox root.
        $Root = $Identity+":\"
        Add-MailboxFolderPermission $Root -User $User `
            -AccessRights PublishingEditor

        # Add permissions to all other applicable mailbox folders. 
        # Skips folders that usually cause errors or that don't 
        # matter.
        $MBFolders = (Get-MailboxFolderStatistics $Identity | `
            ?{($_.FolderPath -ne "/Top of Information Store") `
            -and ($_.FolderPath -ne "/Recoverable Items") -and `
            ($_.FolderPath -ne "/Deletions") -and ($_.FolderPath `
            -ne "/Purges") -and ($_.FolderPath -ne "/Versions")})

        ForEach($Path in $MBFolders) {
            $Folder = $Identity + ":" + `
            Add-MailboxFolderPermission $Folder -User $User `
                -AccessRights PublishingEditor

        Write-Host `
            "Added permissions for $User on mailbox $Identity." `
            -ForegroundColor Yellow
        Write-Host " "
        Write-Host `
            "You may see errors if $User already had perms." `
            -ForegroundColor Yellow
        Write-Host "Those errors are safe to ignore." `
            -ForegroundColor Yellow

    # Display an error if the username is not valid.
    else {
        Write-Host "Username $User not found." `
            -ForegroundColor Red

# Display an error if the mailbox is not valid.
else {Write-Host "Mailbox $Identity not found." -ForegroundColor Red}


Edited to fix funky formatting caused by WordPress conversion.

3 responses to “Grant permission to every folder in a mailbox with a single command”

  1. John says:

    Thanks for the script! Works great but for some reason I keep getting the “Username not found” error when applying permissions to a security group rather than a user object. Any ideas?

    • John says:

      After looking over the script carefully I corrected the issue with the following modification:
      if (Get-Mailbox $User -ea SilentlyContinue) {
      if (Get-Group $User -ea SilentlyContinue) {

      This script is perfect for my requirement, so thanks again!

Leave a Reply

Your email address will not be published. Required fields are marked *