jonoble.com

Today I've been consolidating some AD groups as we've unhelpfully accumulated four different groups for the members of our IT department over the years. Seemingly two of these groups have been used to set permissions on various Exchange Public Folders, so I've been looking at which Public Folders each group had permission on. Fortunately, this is very easy to do in PowerShell...

First I'm setting a couple of variables. The first is the name of the group (or you could do the same for a user) that we're interested in. The second is the point in the Public Folder structure where we're starting searching. If you want to look at the whole structure, just use "\", but if you have a lot of Public Folders that's going to take a while, and if you know, like I did here, that the "IT Staff" group is only going to have permissions on folders underneath the IT department's top level folder, you can just look at that branch of the tree.

#requires -pssnapin Microsoft.Exchange.Management.PowerShell.Admin
$groupname = "IT Staff"
$publicfoldersearchroot = "\IT"
get-publicfolder $publicfoldersearchroot -Recurse |
    %{$folder = "$($_.parentpath)\$($_.name)";
    Get-PublicFolderClientPermission $_ |
    %{if($_.user -match $groupname){"$folder ($($_.AccessRights))"}}}

This results in output like this:

\\IT (Reviewer)
\IT\Admin\Health&Safety (Reviewer)
\IT\Admin\Forms (Reviewer)
\IT\Admin\Forms\Payroll (FolderVisible)
\IT\Customer Services (Reviewer)
\IT\Customer Services\Projects (Reviewer)
\IT\Equipment Bookings (Author)
\IT\General Information (PublishingAuthor)
\IT\Mail Lists (Reviewer)

This might be all you need, although if you're going to do something programmatically with the output (you'll want to format it differently, but...) be careful with that double \ on the first line of the output. It's there because the parentpath is "\". It's easy enough to trap and remove it.