List/Audit all folder delegate permissions on an Exchange mailbox

We recently needed a way to see what delegate permissions a client had given across the vastness that is their mailbox and it’s folder structure.

Digging around online I found this script from John Hopkins which got me 90% of the way there.

Their script was missing three things for my use case:

  • Delegate permissions on the root folder of the mailbox
  • Exclude the actual user from the report
  • Little tidier formatting of the output

This script has been tested against Exchange 2016 only.

# Use displayname
$mailbox = "<DISPLAY NAME>"

$permissions = @()
$folders = Get-Mailboxfolderstatistics $mailbox | % {$_.folderpath} | % {$_.replace(“/”,”\”)}

# Get the root folder of the mailbox
$folderKey = $mailbox + ":" + "\"
$permissions += Get-MailboxFolderPermission -identity $folderKey -ErrorAction SilentlyContinue | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None” -and $_.User -notlike $mailbox}

# Get the rest of the folders
$list = ForEach ($folder in $folders)
   {
    $folderKey = $mailbox + ":" + $folder
    $permissions += Get-MailboxFolderPermission -identity $folderKey -ErrorAction SilentlyContinue | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None” -and $_.User -notlike $mailbox}
   }

$permissions | Format-Table -AutoSize