Much easier to deal with in Exchange 2010, as Nicholas says. And Glen Scale's
blog is also a great resource. Here is a script I used in a powershell &
Exchange, better together seminar I taught once. It lists all permissions, at
every level, of a mailbox.
Param(
[string]$SMTPAddress,
[string]$username = "exch.admin",
[string]$password = "password",
[string]$domain = "e14.local",
[string]$url = "https://mail.example.com/EWS/Exchange.asmx";,
[switch]$useImpersonation,
[switch]$useDefaultCredentials,
[switch]$useAutodiscover,
[switch]$useCredentials,
[switch]$traceEnabled
)
$dllpath = "C:\Program Files\Microsoft\Exchange\Web
Services\1.0\Microsoft.Exchange.WebServices.dll"
[void][Reflection.Assembly]::LoadFile($dllpath)
$service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService
if ($traceEnabled)
{
$service.TraceEnabled = $true
}
if ($useImpersonation)
{
$service.ImpersonatedUserId = New-Object
Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress,$SMTPAddress)
}
if ($useDefaultCredentials)
{
$service.UseDefaultCredentials = $true
$service.Url = New-Object System.Uri($url)
}
elseif ($useCredentials)
{
$service.Credentials = New-Object
System.Net.NetworkCredential($username, $password, $domain)
$service.Url = New-Object System.Uri($url)
}
if ($useAutodiscover)
{
$service.AutodiscoverUrl($SMTPAddress)
}
else
{
$service.Url = New-Object System.Uri($url)
}
$global:service = $null
$global:service = $service
function folder-recurse ($service, $folder, $spaces)
{
[int]$fldcount = 0
[int]$pageSize = 250 ## number of folders to return at a time
[int]$offset = 0
do {
$view = new-object
Microsoft.Exchange.WebServices.Data.FolderView($pageSize, $offset)
$view.PropertySet = new-object
Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::IdOnly)
$view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::DisplayName)
$view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::ChildFolderCount)
$view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::TotalCount)
$view.PropertySet.Add([Microsoft.Exchange.WebServices.Data.FolderSchema]::UnreadCount)
$view.Traversal =
[Microsoft.Exchange.WebServices.Data.FolderTraversal]::Shallow
$collection = $service.FindFolders($folder, $view)
if (!$collection)
{
$spaces + "FindFolders failed"
return
}
foreach ($item in $collection)
{
$fldcount++
$displayName = "<displayname>"
$childFolder = "0"
$totalcount = "0"
$unreadCount = "0"
if ($item.DisplayName) { $displayName =
$item.DisplayName }
if ($item.ChildFolderCount) { $childFolder =
$item.ChildFolderCount.ToString() }
if ($item.TotalCount) { $totalcount =
$item.TotalCount.ToString() }
if ($item.UnreadCount) { $unreadCount =
$item.UnreadCount.ToString() }
$spaces +
"Name: " + $displayname.PadRight(40) +
" Childfolders: " + $childFolder.PadLeft(6) +
" TotalCount: " + $totalCount.PadLeft(6) +
" UnreadCount: " + $unreadCount.PadLeft(6)
$subfolder =
[Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, $item.Id)
$permissions = $subfolder.Permissions
for ($i = 0; $i -lt $permissions.Count; $i++)
{
$p = $permissions[$i]
$user = $p.Userid.DisplayName
if (!$user) { $user = $p.UserId.StandardUser }
$spaces + " Permissions: "
$spaces + " User: " + $user
$spaces + " CanCreateItems: " +
$p.CanCreateItems.ToString()
$spaces + " CanCreateSubFolder: " +
$p.CanCreateSubFolders.ToString()
$spaces + " IsFolderOwner: " +
$p.IsFolderOwner.ToString()
$spaces + " IsFolderVisible: " +
$p.IsFolderVisible.ToString()
$spaces + " IsFolderContact: " +
$p.IsFolderContact.ToString()
$spaces + " EditItems: " +
$p.EditItems.ToString()
$spaces + " DeleteItems: " +
$p.DeleteItems.ToString()
$spaces + " ReadItems: " +
$p.ReadItems.ToString()
$spaces + " PermissionLevel: " +
$p.PermissionLevel.ToString()
$spaces + " DisplayPermissionLevel: " +
$p.DisplayPermissionLevel.ToString()
}
$orphans = $permissions.UnknownEntries
if ($orphans -and ($orphans.Count -gt 0))
{
$spaces + " Orphaned delegates: "
foreach ($orphan in $orphans)
{
$spaces + " " + $orphan
}
}
if ($item.ChildFolderCount -gt 0)
{
folder-recurse $service $item.Id ($spaces + " ")
}
}
$offset += $pageSize
} while ($collection.MoreAvailable)
$spaces + "Folders at this level: " + $fldCount.ToString()
}
$initialFolder =
[Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::MsgFolderRoot
folder-recurse $service $initialFolder ""
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
-----Original Message-----
From: James Bensley [mailto:jwbens...@gmail.com]
Sent: Tuesday, February 08, 2011 10:53 AM
To: MS-Exchange Admin Issues
Subject: Re: Calendar Commands
On 8 February 2011 15:44, Michael B. Smith
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
> What version of Exchange?
http://arthropoda.southernfriedscience.com/wp-content/uploads/2009/11/facepalm.jpg
2007 SP3.
On 8 February 2011 15:44, Nicholas Turner
<ntur...@caci.co.uk<mailto:ntur...@caci.co.uk>> wrote:
> Not on 2007 without third party tools as I found recently, I ended up using
> setperm to add rights. I think you can use powershell in 2010. It is
> something really lacking in 2007.
Guess it doesn't matter then :(
--
Regards,
James.
http://www.jamesbensley.co.cc/
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist
