Using FolderID for permission related tasks on mailbox folders

It’s probably obvious – wasn’t for me and the help page doesn’t make it clear – but the (Add|Remove|Get)-MailboxFolderPermission cmdlets don’t need a human readable path to the folder to do their deeds.

If you look at the help page for the Get-MailboxFolderPermission cmdlet it says the Identity parameter takes input of the format <SMTP Address or Alias of the mailbox>:<Folder path> and gives as an example “john@contoso.com:Calendar”. This gave me the impression that I must pass the Folder path as a path to the folder and that there’s no other way of doing this. But that’s not the case. The Folder path can be a FolderID too.

I haven’t managed to find much info on what a FolderID is, but if you want to find it for your own folders the easiest way is a cmdlet such as this:

As far as I can tell slashes apart from the first one don’t seem to mean much (they don’t denote sub-folders at least). And there’s no easy way of identifying whether a folder is a sub-folder of another just by looking at the FolderID.

I find it much better using FolderID to assign mailbox folder permissions recursively rather than using Folder path.

With Folder paths I do something like this usually:

The bit to note is line 4 where I do a bit of regexpery to convert the output from Get-MailboxFolderStatistics to the format required by Get-MailboxFolderPermission. The former returns Folder paths of the format /path/to/folder while the latter requires them to be <User>:<Folder path>.

If I don’t use Folder paths, I can replace the above code with this:

Much simpler looking code. And it also has a not so obvious advantage in that the previous code has a bug if the folder names contain the “/” character. Have a look at the following:

Notice the folders with a question mark in them? These appear because the folder name contains the “/” character and since that’s used to separate folder paths the cmdlet replaces them with a “?” character. To get the code to work you’ll also have to replace the “?” character with a “/”. (The character is actually not a question mark, it is only displayed thus because the console cannot display what it properly. The character is actually ASCII/UTF-8 code 63743 (hex code 0xF8FF) and you can match it with a regexp such as "uF8FF").

If you use FolderID instead, you don’t have to worry about such fringe cases.