Exchange filter out folders with permission set to {None}

This topic contains 2 replies, has 2 voices, and was last updated by  Tony Wainwright 3 years, 2 months ago.

  • Author
  • #15791

    Tony Wainwright

    Repurposing a script I found that takes a user name and displays the AccessRights to each folder in the mailbox. There are a lots of entries that have no AccessRights ({None}), usually for the Anonymous and Default user. I want to filter out these accounts. This is what I have:

    # Ask for an existing user
    $Msg = "Enter the name of the mailbox that requires permissions changing."
    $Msg += "`nThis must be in the format of firstname lastname: "
    Write-Host $Msg -ForegroundColor Green -NoNewLine
    $CurrentUser = Read-Host

    # Define Special (System) Folders
    $SpecialExchangeFolders = "Top of Information Store|Recoverable Items|Deletions|Purges|Versions"

    # Get the folder list for the user
    [string[]] $FolderPaths = Get-MailboxfolderStatistics $CurrentUser | % {$_.folderpath}

    # Add the folder list to the users and replace / with \
    $ExchangeFolderPaths = $FolderPaths | % {$CurrentUser + ":" + $_.replace('/','\')}

    # Remove the specila folders from folder list
    $UsableExchangeFolderPaths = $ExchangeFolderPaths | where { $_ -notmatch $SpecialExchangeFolders }

    # Display only the foldername, user and their accessrights
    $UsableExchangeFolderPaths | % { get-mailboxfolderPermission $_ } | Where {$_.AccessRights -ne "{None}"}| Select-Object FolderName, Identity, AccessRights

    Running this code still shows all folders and users that have no AccessRights!

  • #15793

    Dave Wyatt

    I don't have an Exchange environment to test, but based one what I can see here, this is what I would investigate:

    • AccessRights is a collection, and the comparison operators work differently when the left operand is a collection. ($array -ne "{None}") basically says "If there are any elements in this array that are NOT equal to {None}, return True", not "Return true if none of the elements in this array are equal to {None}". For the second one, you would use this instead: (-not $array -eq "{None}")
    • "{None}" is probably the string representation of whatever the AccessRights variable actually contains, but you're comparing the AccessRights object to a string. You might have to make sure the text conversion is performed first, or figure out how to make the code work with the underlying objects instead. Something like Where { $_.AccessRights.Count -eq 0 } might work.

    Like I said, I can't test this myself right this minute, but hopefully these suggestions get you on the right track.

  • #15802

    Tony Wainwright

    Thanks Dave. I've been playing around with this all afternoon and the resolution is too simple:
    $UsableExchangeFolderPaths | % { get-mailboxfolderPermission $_ } | Where {$_.AccessRights -notlike "*none*"} | Select-Object FolderName, Identity, AccessRights

You must be logged in to reply to this topic.