Exchange 2010: Script for permissions on mailbox folders of a mailbox database

This small script sets permissions for all mailboxes within a database on a folder in the mailbox. For example, a user "Boss" can be given read access to all "Calendar" folders for all users in a mailbox database. The permissions that can be set are listed below:

# Written by Frank Zoechling
# www.frankysweb.de

clear-host
write-host "Please specify mailbox database:"
write-host ""
$database = read-host "Database"
write-host ""
write-host "Please specify folder in mailbox (example: calendar):"
write-host ""
$MailboxFolder = read-host "Mailbox folder"
write-host ""
write-host "Please specify the user who should be granted access to the folder:"
write-host ""
$accessuser = read-host "User"
write-host ""
write-host "Please specify authorization for the user"
write-host "(see also https://www.frankysweb.de/?p=1165)"
write-host ""
$accessright = read-host "Authorization"
write-host ""
#——————————-

$mailboxes = get-mailbox -database "$database" -resultsize Unlimited

foreach ($mailbox in $mailboxes)
{
$alias = $mailbox.Alias
$aliasandfolder = $alias + ":\" + $mailboxfolder
set-mailboxfolderpermission $aliasandfolder -user $accessuser -accessrights $accessright
}

Simply copy the script into a file with the extension .ps1 (example: set-folderrightsondatabase.ps1) and start it via the Exchange Management Shell.

These authorizations can be assigned:

• ReadItems (read items in the folder)
• CreateItems (create items)
• EditOwnedItems (Edit own items)
• DeleteOwnedItems (delete own items)
• EditAllItems (Edit all items)
• DeleteAllItems (delete all items)
• CreateSubFolders (user can create subfolders)
• FolderOwner (user may view and move the folder, but not read items)
• FolderContact (user is the contact for the folder)
• FolderVisible (folder is visible, elements may not be read)

The roles each consist of a set of authorizations and assign several rights to a user:

• Owner (CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
• PublishingEditor (CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
• Editor (CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
• PublishingAuthor (CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems)
• Author (CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems)
• NonEditingAuthor (CreateItems, ReadItems, FolderVisible)
• Reviewer (ReadItems, FolderVisible)
• Contributor (CreateItems, FolderVisible)