Get-MailboxFolder by default seems to only work on one mailbox, that of the logged in user.
I'm trying to leverage the Identity parameter of the cmdlet to connect to other mailboxes. I discovered that the management role permission is set to "self" which is a relatively safe assignment for all users.
How do I create a different permission for this that only allows Administrators (or a given user) to run GetMailboxFolder for anyone? I'm concerned about accidentally creating a security hole and enabling other users to gain access to mailboxes that aren't their own.
Best Answer
While
Get-MailboxFolder
has this built-in limitation,Get-MailboxFolderStatistics
is designed...Then there is another administrative
Get-Mailbox
cmdlet:These two can be used together to get information for whole organization at once, e.g.
This already gives more information than
Get-MailboxFolder
would ever have given. Of course you can remove theItemsInFolder
,FolderSize
andFolderAndSubfolderSize
if they aren't necessary.