Clean Deleted Users from Shared Mailbox Folder Permissions

I don’t know about you, but it really bugs me to see dead accounts in the ACLs of mailbox folders. I wrote this PowerShell script to clean them up whenever I see them. It gets a list of all of the folders in a mailbox, checks each one for any permissions entries where the username = “NT User:S-1*”, and removes those entries, leaving all others […]

Read Me Leave comment

Use PowerShell to manage FullAccess permissions on mailboxes

Every now and then you’ll have a user who has FullAccess to umpteen mailboxes for whatever reason. Cross-forest mailbox migrations, for example. Over time you might lose track of what mailboxes they have access to or why and Outlook starts misbehaving. Shared mailboxes no longer automap in Outlook or they don’t update properly, etc. When you use PowerShell to add FullAccess to another mailbox, you […]

Read Me Leave comment

Remove permission from every folder in a mailbox with one command

  Here’s the third promised script for managing shared mailbox folder permissions. This one gets a list of all folders in a mailbox (SharedMailbox) and then removes all permissions for the specified user (John.Doe). Remove_Perms SharedMailbox John.Doe If a deleted account has permissions to a mailbox folder, it will still be listed in the ACL. If you run Get_Perms against that mailbox, you’ll see something […]

Read Me 1 Comment

Grant permission to every folder in a mailbox with a single command

This is the second of three scripts I mentioned in my previous post. Running this command as shown here from the Exchange Management Shell: Add_Perms SharedMailbox John.Doe will get a list of all folders in a mailbox called SharedMailbox and then add Publishing Editor permissions for John.Doe to each of those folders. The username can be entered as account name, primary SMTP address, alias, or […]

Read Me 3 Comments

Quickly show the most important folder permissions in any mailbox

With several hundred shared mailboxes in a single Exchange organization, several times each day I am asked who has access to one of them or can I give Sally access or can I take Frank’s access away. The vast majority of the time, management doesn’t want to give Full Access permissions. Publishing Editor is the most common level of access requested. There are three common […]

Read Me Leave comment