Powershell – How to enable Get-MailboxFolder to work against other mailboxes

exchange-2010permissionspowershell

Get-MailboxFolder by default seems to only work on one mailbox, that of the logged in user.

I'm trying to leverage the Identity parameter of the cmdlet to connect to other mailboxes. I discovered that the management role permission is set to "self" which is a relatively safe assignment for all users.

How do I create a different permission for this that only allows Administrators (or a given user) to run GetMailboxFolder for anyone? I'm concerned about accidentally creating a security hole and enabling other users to gain access to mailboxes that aren't their own.

Best Answer

While Get-MailboxFolder has this built-in limitation, Get-MailboxFolderStatistics is designed...

to retrieve information about the folders in a specified mailbox, including the number and size of items in the folder, the folder name and ID, and other information.

Then there is another administrative Get-Mailbox cmdlet:

Use the Get-Mailbox cmdlet to view mailbox objects and attributes, populate property pages, or supply mailbox information to other tasks.

These two can be used together to get information for whole organization at once, e.g.

Get-Mailbox | Select-Object alias                                            `
| foreach-object {                                                           `
    Get-MailboxFolderStatistics -Identity $_.alias                           `
    | select-object Identity, ItemsInFolder, FolderSize, FolderAndSubfolderSize }

This already gives more information than Get-MailboxFolder would ever have given. Of course you can remove the ItemsInFolder, FolderSize and FolderAndSubfolderSize if they aren't necessary.

Best Answer

Related Solutions

Linux – How to Set Up Permissions for the WWW Folder

Shared Mailboxes in Exchange 2010

Related Topic