[System.Console]::ForegroundColor = [System.ConsoleColor]::White clear-host $SystemFolderTypes = @( "RecoverableItemsVersions", "RecoverableItemsPurges", "RecoverableItemsDeletions", "RecoverableItemsRoot", "Audits" ) Foreach( $cmd in @('Get-MailboxFolderStatistics', 'Add-MailboxFolderPermission', 'Remove-MailboxFolderPermission') ) { if( -not ( Get-Command $cmd -ErrorAction SilentlyContinue ) ) { Write-Host ('You must be able to run {0} for this script to work' -f $cmd ) -ForegroundColor Red exit } } if( ( Get-Command Get-AdServerSettings -ErrorAction SilentlyContinue ) ) { if( ( Get-AdServerSettings ).ViewEntireForest -ne $true ) { Set-AdServerSettings -ViewEntireForest $true } } $MailboxUser = $null while( $mailboxUser -eq $null ) { Write-Host "The User Mailbox that is giving the permissions" $Mailbox = (Read-Host | Get-Mailbox -ErrorAction SilentlyContinue) if( $Mailbox ) { $MailboxUser = $Mailbox.Alias } else { write-host "Error: mailbox not found" -ForegroundColor Red $MailboxUser = $null } } $RootFolder = $null While( $RootFolder -eq $null ) { Write-Host "The top level folder to start the permissions from (use \ for the top level folder)" $RootFolder = Read-Host if( $RootFolder[0] -ne "\" ) { $RootFolder = "\" + $RootFolder } if( ( Get-MailboxFolderPermission ( "{0}:{1}" -f $MailboxUser, $RootFolder ) -ErrorAction SilentlyContinue ) -eq $null ) { write-host "Error: mailbox not found" -ForegroundColor Red $RootFolder = $null } } $GivingPerto = $null While( $GivingPerto -eq $null ) { Write-Host "Who are you giving permission to?" $Grantee = ( Read-Host | Get-Recipient -ErrorAction SilentlyContinue ) if( $Grantee -eq $null ) { Write-host "Error: recipient not found" -ForegroundColor Red } else { $GivingPerto = $Grantee.PrimarySmtpAddress if( $GivingPerto -and $GivingPerto.local -and $GivingPerto.domain ) { $GivingPerto = $GivingPerto.local + "@" + $GivingPerto.domain } else { Write-host "Error: recipient not found" -ForegroundColor Red $GivingPerto = $null } } } $ApplyToSOB = $null $ApplyToSOB = 'N' While( @('Y', 'N') -notcontains $ApplyToSOB ) { Write-Host "Do you want this user also to be added to or removed from Send On Behalf Rights to the mailbox (Y\N)" $RootFolder = Read-Host } write-host Please choose an option below: write-host write-host '1) Owner - CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems' write-host '2) PublishingEditor - Create, read, modify, and delete all items and files, and create subfolders' write-host '3) Editor - CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems' write-host '4) PublishingAuthor - Create and read items and files, create subfolders, and modify and delete items and files you create' write-host '5) Author - Create and read items and files, and modify and delete items and files you create.' write-host '6) Contributor - Create items and files only. The contents of the folder do not appear.' write-host '7) Reviewer - ReadItems, FolderVisible' write-host '8) None - FolderVisible' write-host '9) REMOVE - Remove Delegated Folder Sharing Permissions'-ForegroundColor Red write-host '10) Exit' -ForegroundColor Yellow write-host $opt = Read-Host "Select an option [1-10]" switch ($opt) { 1{ $AccessRights = "Owner" } 2{ $AccessRights = "PublishingEditor" } 3{ $AccessRights = "Editor" } 4{ $AccessRights = "PublishingAuthor" } 5{ $AccessRights = "Author" } 6{ $AccessRights = "Contributor" } 7{ $AccessRights = "Reviewer" } 8{ $AccessRights = "None" } 9{ ForEach($f in (Get-MailboxFolderStatistics $MailboxUser | Where { $_.FolderPath.Contains("/") -eq $True -and $SystemFolderTypes -notcontains $_.FolderType } ) ) { if( $f.FolderType -eq 'Root' ) { $fname = $MailboxUser + ":\" } else { $fname = $MailboxUser + ":" + ($f.FolderPath.Replace("/","\")).Replace([char]63743,"/") } if( $fname -like ( "{0}:{1}*" -f $MailboxUser, $RootFolder ) ) { Write-Host ( "Processing Folder '{0}'" -f $fname ) Remove-MailboxFolderPermission $fname -User $GivingPerto -Confirm:$false -ErrorAction SilentlyContinue } } if( $ApplyToSOB -eq 'Y' ) { Set-Mailbox $MailboxUser -GrantSendOnBehalfTo @{ Remove=("{0}" -f $Grantee.Distinguishedname)} -DomainController } } 10{ exit } } if( $opt -ge 1 -and $opt -le 8 ) { ForEach($f in (Get-MailboxFolderStatistics $MailboxUser | Where { $_.FolderPath.Contains("/") -eq $True -and $SystemFolderTypes -notcontains $_.FolderType } ) ) { if( $f.FolderType -eq 'Root' ) { $fname = $MailboxUser + ":\" } else { $fname = $MailboxUser + ":" + $f.FolderPath.Replace("/","\") } if( $fname -like ( "{0}:{1}*" -f $MailboxUser, $RootFolder ) ) { Write-Host ( "Processing Folder '{0}'" -f $fname ) Remove-MailboxFolderPermission $fname -User $GivingPerto -Confirm:$false -ErrorAction SilentlyContinue try{ Add-MailboxFolderPermission $fname -User $GivingPerto -AccessRights $AccessRights } catch { Write-Host 'Error granting rights, please check you have permission to perform this action' -foregroundColor red } } } }