I need to collect and store the folder permissions for each folder in each mailbox of our Exchange system. I'm already aware of the Cmdlet Get-MailboxFolderPermission but it has a serious problem.
The objects returned by Get-MailboxFolderPermission are a tuple of (User, AccessRights, FolderName). However, the "User" identity isn't an object, it's just a simple string representing the DisplayName of a user. (Edit: This was incorrect. See answer for details.).
However, display names are not necessarily unique in an Exchange deployment. In our forest, there are over a dozen mailboxes that have identical display names. Therefore, the results from Get-MailboxFolderPermission are ambiguous, and don't uniquely identify a single user or mailbox.
How can I get permissions on mailbox folders in an unambiguous way? I would like the ability to reassign them later using Add-MailboxFolderPermission, ideally with the UPN.
Best Answer
After tinkering with this for a couple hours, it looks like I was wrong. The cmdlet to get permissions on folder mailboxes actually does provide everything in the
User.ADRecipientproperty.I discovered this by outputting the results using
Export-Clixmlwhich created a very large XML file. Now I know that can be a useful technique for seeing what you actually have available.