Much easier to deal with in Exchange 2010, as Nicholas says. And Glen Scale's blog is also a great resource. Here is a script I used in a powershell & Exchange, better together seminar I taught once. It lists all permissions, at every level, of a mailbox.
Param( [string]$SMTPAddress, [string]$username = "exch.admin", [string]$password = "password", [string]$domain = "e14.local", [string]$url = "https://mail.example.com/EWS/Exchange.asmx", [switch]$useImpersonation, [switch]$useDefaultCredentials, [switch]$useAutodiscover, [switch]$useCredentials, [switch]$traceEnabled ) $dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll" [void][Reflection.Assembly]::LoadFile($dllpath) $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService if ($traceEnabled) { $service.TraceEnabled = $true } if ($useImpersonation) { $service.ImpersonatedUserId = New-Object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress,$SMTPAddress) } if ($useDefaultCredentials) { $service.UseDefaultCredentials = $true $service.Url = New-Object System.Uri($url) } elseif ($useCredentials) { $service.Credentials = New-Object System.Net.NetworkCredential($username, $password, $domain) $service.Url = New-Object System.Uri($url) } if ($useAutodiscover) { $service.AutodiscoverUrl($SMTPAddress) } else { $service.Url = New-Object System.Uri($url) } $global:service = $null $global:service = $service function folder-recurse ($service, $folder, $spaces) { [int]$fldcount = 0 [int]$pageSize = 250 ## number of folders to return at a time [int]$offset = 0 do { $view = new-object Microsoft.Exchange.WebServices.Data.FolderView($pageSize, $offset) $view.PropertySet = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly) $view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::DisplayName) $view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::ChildFolderCount) $view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::TotalCount) $view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::UnreadCount) $view.Traversal = [Microsoft.Exchange.WebServices.Data.FolderTraversal]::Shallow $collection = $service.FindFolders($folder, $view) if (!$collection) { $spaces + "FindFolders failed" return } foreach ($item in $collection) { $fldcount++ $displayName = "<displayname>" $childFolder = "0" $totalcount = "0" $unreadCount = "0" if ($item.DisplayName) { $displayName = $item.DisplayName } if ($item.ChildFolderCount) { $childFolder = $item.ChildFolderCount.ToString() } if ($item.TotalCount) { $totalcount = $item.TotalCount.ToString() } if ($item.UnreadCount) { $unreadCount = $item.UnreadCount.ToString() } $spaces + "Name: " + $displayname.PadRight(40) + " Childfolders: " + $childFolder.PadLeft(6) + " TotalCount: " + $totalCount.PadLeft(6) + " UnreadCount: " + $unreadCount.PadLeft(6) $subfolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, $item.Id) $permissions = $subfolder.Permissions for ($i = 0; $i -lt $permissions.Count; $i++) { $p = $permissions[$i] $user = $p.Userid.DisplayName if (!$user) { $user = $p.UserId.StandardUser } $spaces + " Permissions: " $spaces + " User: " + $user $spaces + " CanCreateItems: " + $p.CanCreateItems.ToString() $spaces + " CanCreateSubFolder: " + $p.CanCreateSubFolders.ToString() $spaces + " IsFolderOwner: " + $p.IsFolderOwner.ToString() $spaces + " IsFolderVisible: " + $p.IsFolderVisible.ToString() $spaces + " IsFolderContact: " + $p.IsFolderContact.ToString() $spaces + " EditItems: " + $p.EditItems.ToString() $spaces + " DeleteItems: " + $p.DeleteItems.ToString() $spaces + " ReadItems: " + $p.ReadItems.ToString() $spaces + " PermissionLevel: " + $p.PermissionLevel.ToString() $spaces + " DisplayPermissionLevel: " + $p.DisplayPermissionLevel.ToString() } $orphans = $permissions.UnknownEntries if ($orphans -and ($orphans.Count -gt 0)) { $spaces + " Orphaned delegates: " foreach ($orphan in $orphans) { $spaces + " " + $orphan } } if ($item.ChildFolderCount -gt 0) { folder-recurse $service $item.Id ($spaces + " ") } } $offset += $pageSize } while ($collection.MoreAvailable) $spaces + "Folders at this level: " + $fldCount.ToString() } $initialFolder = [Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::MsgFolderRoot folder-recurse $service $initialFolder "" Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: James Bensley [mailto:jwbens...@gmail.com] Sent: Tuesday, February 08, 2011 10:53 AM To: MS-Exchange Admin Issues Subject: Re: Calendar Commands On 8 February 2011 15:44, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: > What version of Exchange? http://arthropoda.southernfriedscience.com/wp-content/uploads/2009/11/facepalm.jpg 2007 SP3. On 8 February 2011 15:44, Nicholas Turner <ntur...@caci.co.uk<mailto:ntur...@caci.co.uk>> wrote: > Not on 2007 without third party tools as I found recently, I ended up using > setperm to add rights. I think you can use powershell in 2010. It is > something really lacking in 2007. Guess it doesn't matter then :( -- Regards, James. http://www.jamesbensley.co.cc/ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist