Subscribe via Email

Subscribe via RSS/JSON


Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan


Using FolderID for permission related tasks on mailbox folders

It’s probably obvious – wasn’t for me and the help page doesn’t make it clear – but the (Add|Remove|Get)-MailboxFolderPermission cmdlets don’t need a human readable path to the folder to do their deeds.

If you look at the help page for the Get-MailboxFolderPermission cmdlet it says the Identity parameter takes input of the format <SMTP Address or Alias of the mailbox>:<Folder path> and gives as an example “”. This gave me the impression that I must pass the Folder path as a path to the folder and that there’s no other way of doing this. But that’s not the case. The Folder path can be a FolderID too.

I haven’t managed to find much info on what a FolderID is, but if you want to find it for your own folders the easiest way is a cmdlet such as this:

As far as I can tell slashes apart from the first one don’t seem to mean much (they don’t denote sub-folders at least). And there’s no easy way of identifying whether a folder is a sub-folder of another just by looking at the FolderID.

I find it much better using FolderID to assign mailbox folder permissions recursively rather than using Folder path.

With Folder paths I do something like this usually:

The bit to note is line 4 where I do a bit of regexpery to convert the output from Get-MailboxFolderStatistics to the format required by Get-MailboxFolderPermission. The former returns Folder paths of the format /path/to/folder while the latter requires them to be <User>:<Folder path>.

If I don’t use Folder paths, I can replace the above code with this:

Much simpler looking code. And it also has a not so obvious advantage in that the previous code has a bug if the folder names contain the “/” character. Have a look at the following:

Notice the folders with a question mark in them? These appear because the folder name contains the “/” character and since that’s used to separate folder paths the cmdlet replaces them with a “?” character. To get the code to work you’ll also have to replace the “?” character with a “/”. (The character is actually not a question mark, it is only displayed thus because the console cannot display what it properly. The character is actually ASCII/UTF-8 code 63743 (hex code 0xF8FF) and you can match it with a regexp such as "uF8FF").

If you use FolderID instead, you don’t have to worry about such fringe cases.

Using FolderID for permission related tasks on mailbox folders by rakhesh is licensed under a Creative Commons Attribution 4.0 International License.