Manage mailbox folder permission with PowerShell (2024)

When you share a mailbox folder with another user, you can decide which access rights they will get. The admin can get, add, set, and remove folder permissions in PowerShell for single and bulk users. In this article, you will learn how to manage mailbox folder permission with Exchange Online PowerShell.

Mailbox folder permission

Sharing a mailbox folder enables other users to access specific Outlook folders such as Calendar, Contacts, and Tasks.

To share a mailbox folder with another user, you need to decide:

• The user (or group) you want to share the mailbox folder with
• The level of permission you want to enable

By default, users have permission to view other users’ free or busy time in the calendar folder. If you want to allow other users to get more information about the meeting, you can change the default permissions and let other users see additional information about the meeting, such as the meeting subject and location.

Each user can share their mailbox folder and the level of permissions in Outlook or OWA with single or multiple users. You need to send an invitation to each user and wait for the user to accept it. To avoid any misconfigurations it’s faster and easier to use PowerShell.

Roles and permissions list

The -AccessRights parameter also specifies the permissions for the user with the following roles. See the below list of roles with the permissions that come along when you assign access rights to the mailbox folder.

These two additional roles only apply to the calendar folder.

Connect to Exchange Online

To be able to run PowerShell commands, you must Connect to Exchange Online PowerShell. Open Windows PowerShell as administrator, run the below cmdlet, and sign in with your admin credentials.

Connect-ExchangeOnline

Only licensed mailboxes can share their folders with other users or groups. In our example, we want to give the user Publishing Editor permission to access another user’s folder.

We will use the Add-MailboxFolderPermission PowerShell cmdlet to add folder-level permissions for users in mailboxes.

The basic structure of the mailbox folder permissions command uses the following PowerShell syntax.

Add-MailboxFolderPermission -Identity "Amanda.Hansen@m365info.com:\Calendar" -User "Stephen.Hunter@m365info.com" -AccessRights "PublishingEditor"

• The -Identity parameter is the user who wants to share their folder (provide other users the option to access the content of their calendar).
• The -User parameter represents the user who will get access to the calendar.

Note: Users from other countries with languages other than English have different names for Calendar, Contacts, and other folders. Therefore, we will always add the Get-MailboxFolderStatistics PowerShell cmdlet in our commands and scripts to retrieve the correct name.

Add Publishing Editor permission to Calendar folder

You can assign a user with Publishing Editor permission to a calendar folder in a different language or country. In our example, the user (Brenda.Smith@m365info.com) is from The Netherlands and has a different language (Dutch), so the folder’s name will not be Calendar but Agenda.

We want to assign the user Stephen.Hunter@m365info.com with Publishing Editor permission to Brenda.Smith@m365info.com calendar folder. The PowerShell script will automatically convert the different language folder name and add folder permission.

1. Specify the mailbox that wants to share the folder in line 1
2. Specify the user you want to add permission in line 2
3. Run the PowerShell script

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Calendar" }).NameAdd-MailboxFolderPermission "$($mailbox):\$($folder)" -User "$($user)" -AccessRights "PublishingEditor" | Select-Object FolderName, User, AccessRights

The PowerShell output result shows that the user Stephen Hunter has access rights to the folder name Agenda, which means Calendar in The Netherlands.

FolderName User AccessRights---------- ---- ------------Agenda Stephen Hunter {PublishingEditor}

The user Stephen Hunter can open Brenda Smith’s shared calendar. It means the user Stephen Hunter has permission to create, edit, and delete an entry in this calendar folder.

Note: The calendar folder will not show up automatically in the user mailbox. The user needs to add it in OWA and Outlook manually.

Add Publishing Editor permission to bulk all Calendar folders

You can assign a single user with specific permission to all the users’ calendar folders.

In our example, we want to assign a user (Brenda.Smith@m365info.com) with Publishing Editor permission to all users’ calendar folders. Remember that you can always remove these permissions, which we will show you in the next steps.

1. Specify the user mailbox on line 1
2. Run the below PowerShell script

$user = "Brenda.Smith@m365info.com"$mailboxes = Get-Mailbox -Resultsize Unlimited# Loop through each mailboxforeach ($mailbox in $mailboxes) { # Get calendar folder name for the current mailbox and store it in the variable $folder $folder = (Get-MailboxFolderStatistics -Identity $mailbox.PrimarySmtpAddress | Where-Object { $_.FolderType -eq "Calendar" }).Name # Add mailbox folder permissions for all calendar folders Add-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\$($folder)" -User $($user) -AccessRights "PublishingEditor" | Select-Object Identity, FolderName, User, AccessRights}

It will allow the user Brenda.Smith@m365info.com to have Publishing Editor permission to access all user’s calendar folders.

Identity FolderName User AccessRights-------- ---------- ---- ------------0de964ae-f09a-4e65-bc8c-cbeac2745e4c:\Calendar Calendar Brenda Smith {PublishingEditor}41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5:\Calendar Calendar Brenda Smith {PublishingEditor}f8261d51-3df9-4f21-a6b1-533412669c11:\Calendar Calendar Brenda Smith {PublishingEditor}7bfec79d-7806-484a-ac83-133cd4cf5af5:\Calendar Calendar Brenda Smith {PublishingEditor}82cd0d62-e974-4892-aca6-e0387abc62be:\Calendar Calendar Brenda Smith {PublishingEditor}5f4d37cd-383c-413f-87a2-aab0dc6a531a:\Calendar Calendar Brenda Smith {PublishingEditor}0f38d53f-cbe0-4844-86e9-1032a45ba31b:\Agenda Agenda Brenda Smith {PublishingEditor}411a8f10-0dfa-4034-a1e3-a8b6e4cad2f6:\Calendar Calendar Brenda Smith {PublishingEditor}52a6c1c7-77d2-4109-99b9-a4076167b6e2:\Calendar Calendar Brenda Smith {PublishingEditor}2dead2c4-7baf-4899-a7d1-dfa73f4d445d:\Calendar Calendar Brenda Smith {PublishingEditor}

Add Publishing Editor permission to Contacts folder

We will assign a single user with permission to the contacts folder of a specific user. First, we showed you how to add permission to the calendar folder, but now we will do the same for the contacts folder.

To add permission to a specific mailbox folder, you need to use the Add-MailboxFolderPermission PowerShell cmdlet.

In our example, we will assign the user Stephen.Hunter@m365info.com with Publishing Editor permission to access the contacts folder of Brenda.Smith@m365info.com.

1. Specify the mailbox that wants to share the folder in line 1
2. Specify the user you want to add permission in line 2
3. Run the PowerShell script

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Contacts" }).NameAdd-MailboxFolderPermission "$($mailbox):\$($folder)" -User "$($user)" -AccessRights "PublishingEditor" | Select-Object FolderName, User, AccessRights

The PowerShell output results.

FolderName User AccessRights---------- ---- ------------Contactpersonen Stephen Hunter {PublishingEditor}

The user Stephen Hunter can open Brenda Smith’s shared contacts. It also means the user Stephen Hunter has permission to create, edit, and delete an entry in the contacts folder.

Note: The contacts folder will not show up automatically in the user mailbox. The user needs to add it in OWA and Outlook manually.

Add Publishing Editor permission to bulk all Contacts folders

You can assign a single user with specific permission to all the users’ contacts folders.

In our example, we want to assign a user (Brenda.Smith@m365info.com) with Publishing Editor permission to all users’ contacts folders. Remember that you can always remove these permissions, which we will show you in the next steps.

1. Specify the user mailbox on line 1
2. Run the below PowerShell script

$user = "Brenda.Smith@m365info.com"$mailboxes = Get-Mailbox -Resultsize Unlimited# Loop through each mailboxforeach ($mailbox in $mailboxes) { # Get folder name for the current mailbox and store it in the variable $folder $folder = (Get-MailboxFolderStatistics -Identity $mailbox.PrimarySmtpAddress | Where-Object { $_.FolderType -eq "Contacts" }).Name # Add mailbox folder permissions for all contacts folders Add-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\$($folder)" -User $($user) -AccessRights "PublishingEditor" | Select-Object Identity, FolderName, User, AccessRights}

It will allow the user Brenda.Smith@m365info.com to have Publishing Editor permission to all users’ contacts folders.

Identity FolderName User AccessRights-------- ---------- ---- ------------0de964ae-f09a-4e65-bc8c-cbeac2745e4c:\Contacts Contacts Brenda Smith {PublishingEditor}41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5:\Contacts Contacts Brenda Smith {PublishingEditor}f8261d51-3df9-4f21-a6b1-533412669c11:\Contacts Contacts Brenda Smith {PublishingEditor}7bfec79d-7806-484a-ac83-133cd4cf5af5:\Contacts Contacts Brenda Smith {PublishingEditor}82cd0d62-e974-4892-aca6-e0387abc62be:\Contacts Contacts Brenda Smith {PublishingEditor}5f4d37cd-383c-413f-87a2-aab0dc6a531a:\Contacts Contacts Brenda Smith {PublishingEditor}0f38d53f-cbe0-4844-86e9-1032a45ba31b:\Contact… Contactpe… Brenda Smith {PublishingEditor}411a8f10-0dfa-4034-a1e3-a8b6e4cad2f6:\Contacts Contacts Brenda Smith {PublishingEditor}52a6c1c7-77d2-4109-99b9-a4076167b6e2:\Contacts Contacts Brenda Smith {PublishingEditor}2dead2c4-7baf-4899-a7d1-dfa73f4d445d:\Contacts Contacts Brenda Smith {PublishingEditor}

2. Add Folder permission to specific folder

We will show you how to share a specific mailbox folder or all mailbox folders with another user and add them permissions.

Add permission to specific folder name

If a user mailbox creates a folder they want to share with another user, you need to specify the folder name and assign which access rights you want to enable.

In our example, the user mailbox (Brenda.Smith@m365info.com) wants to share a specific folder name (Map A) in their inbox with another user (Stephen.Hunter@m365info.com) and add access rights.

1. Specify the mailbox that wants to share the folder in line 1
2. Specify the user you want to add permission in line 2
3. Specify the folder name in line 3
4. Run the below PowerShell command script

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$foldername = "Map A"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Inbox" }).NameAdd-MailboxFolderPermission "$($mailbox):\$($folder)\$($foldername)" -User "$($user)" -AccessRights "Reviewer" | Select-Object FolderName, User, AccessRights

The PowerShell output shows the below.

FolderName User AccessRights---------- ---- ------------Map A Stephen Hunter {Reviewer}

Note: The specific folder will not show up automatically in the user mailbox. The user needs to add it in OWA and Outlook manually.

Add permissions to all mailbox folders

You can share all the folders in your mailbox with another user and assign them with permissions.

In our example, we want to assign a user (Stephen.Hunter@m365info.com) with Reviewer permission to all the user mailbox folders (Brenda.Smith@m365info.com). It will automatically go through each folder and assign the user with the access rights you provided.

1. Specify the mailbox that wants to share all folders in line 1
2. Specify the user you want to add permission in line 2
3. Specify the access rights in line 3
4. Run the PowerShell command script

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$accessRights = "Reviewer"$folders = Get-MailboxFolderStatistics $mailbox | Where-Object { $_.FolderPath.Contains("/") }foreach ($folder in $folders) { $folderPath = "$($mailbox):" + $folder.FolderPath.Replace("/", "\") $existingPermission = Get-MailboxFolderPermission -Identity $folderPath -User $user -ErrorAction SilentlyContinue if ($existingPermission) { Write-Host "$($user) already has $($accessRights) permission to $($folder.FolderPath)" -ForegroundColor Yellow } else { $null = Add-MailboxFolderPermission -Identity $folderPath -User "$($user)" -AccessRights $accessRights Write-Host "Added $($accessRights) permission to $($user) for $($folder.FolderPath)" -ForegroundColor Green }}

The PowerShell output will display a list of all the folders in the user mailbox (Brenda.Smith@m365info.com) in their language. In our example, the folder names are in Dutch because the user is from The Netherlands. It will assign the user Stephen Hunter with Reviewer permissions to all the folders.

The PowerShell output shows when:

• It adds permission to the user mailbox folder name
• The user already has permission assigned to the mailbox folder name
• The mailbox folder name couldn’t be found

Added Reviewer permission to Stephen.Hunter@m365info.com for /Bovenste map van gegevensarchiefStephen.Hunter@m365info.com already has Reviewer permission to /AgendaStephen.Hunter@m365info.com already has Reviewer permission to /ContactpersonenAdded Reviewer permission to Stephen.Hunter@m365info.com for /Postvak INAdded Reviewer permission to Stephen.Hunter@m365info.com for /Postvak IN/Map AAdded Reviewer permission to Stephen.Hunter@m365info.com for /Postvak UITAdded Reviewer permission to Stephen.Hunter@m365info.com for /Yammer-hoofdmapAdd-MailboxFolderPermission: Ex43C0AC|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The operation couldn't be performed because 'Brenda.Smith@m365info.com:\Versions' couldn't be found.Added Reviewer permission to Stephen.Hunter@m365info.com for /Versions

We will use the Set-MailboxFolderPermission PowerShell cmdlet to change folder-level permissions that are assigned to the user on a mailbox.

Set the Calendar folder default permission of a single user to Publishing Editor

By default, the users have access rights to Availability Only to the calendar folder. You can change the default access rights to a specific folder of a single user.

In our example, we will only change the default access rights of the user Brenda.Smith@m365info.com from Availability Only to Publishing Editor in the calendar folder. It means that from now on, all the users will have Publishing Editor access rights by default to the calendar folder of the user Brenda.

1. Specify the mailbox that wants to change folder permission in line 1
2. Run the PowerShell command script to change the user default permissions

$mailbox = "Brenda.Smith@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Calendar" }).NameSet-MailboxFolderPermission "$($mailbox):\$($folder)" -User "Default" -AccessRights "PublishingEditor"

It will change the default access rights to Publishing Editor for the calendar folder of the user Brenda.Smith@m365info.com.

Set the Calendar folder default permission for bulk users to Reviewer

You can also change the default access rights to a specific folder for bulk all users. By default, all the users have the Availability Only access rights for the calendar folder. We want to change the default permission for all users.

In our example, we will set the default sharing permission to the calendar folder for bulk users to Reviewer.

Run the below PowerShell script.

$mailboxes = Get-Mailbox -Resultsize Unlimited# Loop through each mailboxforeach ($mailbox in $mailboxes) { # Get calendar folder name for the current mailbox and store it in the variable $folder $folder = (Get-MailboxFolderStatistics -Identity $mailbox.PrimarySmtpAddress | Where-Object { $_.FolderType -eq "Calendar" }).Name # Add mailbox folder permissions for all calendar folders Set-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\$($folder)" -User "Default" -Accessrights "Reviewer"}

It changes the access rights to Reviewer in the calendar folder to bulk all mailboxes. You can always change it back to the default Availability Only access rights.

Set the Contacts folder default permission of a single user to Editor

To change the default permission of a specific folder for a user, we will use the Set-MailboxFolderPermission PowerShell cmdlet.

By default, the users have access rights None to the contacts folder. You can always change the default access rights to a specific folder of a single user.

In our example, we will only change the default access rights of the user Brenda.Smith@m365info.com from None to Editor in the contacts folder. It means that from now on, all the users will have Editor access right by default to Brenda’s contacts folder.

1. Specify the mailbox that wants to change folder permission in line 1
2. Run the PowerShell command script

$mailbox = "Brenda.Smith@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Contacts" }).NameSet-MailboxFolderPermission "$($mailbox):\$($folder)" -User "Default" -AccessRights "Editor"

It will change the default access rights to Editor for the contacts folder of the user Brenda.Smith@m365info.com.

4. Get mailbox folder permission

View and export all mailbox folder permissions of a single user with the Get-MailboxFolderPermission PowerShell cmdlet.

Get Calendar folder permission for single user

Get the mailbox folder permission of a single user. In our example, we want to view the calendar folder name of a specific user (Brenda.Smith@m365info.com).

1. Specify the mailbox in line 1
2. Run the PowerShell command script to view a single user’s calendar folder permission

$mailbox = "Brenda.Smith@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Calendar" }).NameGet-MailboxFolderPermission "$($mailbox):\$($folder)" | Select-Object FolderName, User, AccessRights

The PowerShell output shows the calendar folder in the user’s language.

FolderName User AccessRights---------- ---- ------------Agenda Default {Reviewer}Agenda Anonymous {None}Agenda Brenda Smith {PublishingEditor}Agenda Stephen Hunter {PublishingEditor}Agenda Amanda Hansen {PublishingEditor}

Get Calendar folder permissions for all users

Get all the calendar folder permissions for bulk all users in your organization.

Run the below PowerShell script.

$mailboxes = Get-Mailbox -ResultSize Unlimited# Loop through each mailboxforeach ($mailbox in $mailboxes) { # Get calendar folder name for the current mailbox and store it in the variable $calendarFolder $folder = (Get-MailboxFolderStatistics -Identity $mailbox.PrimarySmtpAddress | Where-Object { $_.FolderType -eq "Calendar" }).Name # Get mailbox folder permissions for the calendar folder Get-MailboxFolderPermission "$($mailbox.PrimarySmtpAddress):\$($folder)" -User Default | Select-Object Identity, FolderName, User, AccessRights}

The PowerShell output shows the calendar folder names for all the licensed mailboxes in their language.

Identity FolderName User AccessRights-------- ---------- ---- ------------0de964ae-f09a-4e65-bc8c-cbeac2745e4c:\Calendar Calendar Default {AvailabilityOnly}41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5:\Calendar Calendar Default {Editor}f8261d51-3df9-4f21-a6b1-533412669c11:\Calendar Calendar Default {AvailabilityOnly}7bfec79d-7806-484a-ac83-133cd4cf5af5:\Calendar Calendar Default {AvailabilityOnly}82cd0d62-e974-4892-aca6-e0387abc62be:\Calendar Calendar Default {AvailabilityOnly}5f4d37cd-383c-413f-87a2-aab0dc6a531a:\Calendar Calendar Default {AvailabilityOnly}0f38d53f-cbe0-4844-86e9-1032a45ba31b:\Agenda Agenda Default {AvailabilityOnly}411a8f10-0dfa-4034-a1e3-a8b6e4cad2f6:\Calendar Calendar Default {AvailabilityOnly}52a6c1c7-77d2-4109-99b9-a4076167b6e2:\Calendar Calendar Default {AvailabilityOnly}2dead2c4-7baf-4899-a7d1-dfa73f4d445d:\Calendar Calendar Default {Reviewer}

Get Contacts folder permission

Get the mailbox folder permission of a single user. In our example, we want to export the contacts folder permission of a specific user (Brenda.Smith@m365info.com).

1. Specify the mailbox in line 1
2. Run the PowerShell command script to view a single user’s contacts folder permission

$mailbox = "Brenda.Smith@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Contacts" }).NameGet-MailboxFolderPermission "$($mailbox):\$($folder)" | Select-Object FolderName, User, AccessRights

The PowerShell output shows the contacts folder in the user’s language.

FolderName User AccessRights---------- ---- ------------Contactpersonen Default {Editor}Contactpersonen Anonymous {None}Contactpersonen Stephen Hunter {PublishingEditor}

5. Export mailbox folder permission with PowerShell script to CSV file

You can export the mailbox folder permissions for all the users to a CSV file with a PowerShell script. We will also show you how to export the mailbox folder permission for a single user to a CSV file.

Download Get-FolderPermission.ps1 PowerShell script

To export the mailbox folder permissions of all bulk users to a CSV file, follow these steps:

1. Download the Get-FolderPermissions.ps1 PowerShell script
2. Copy the below PowerShell script into Notepad and save it as Get-FolderPermissions.ps1 file

param ( [string]$Identity = "*", # Default value is "*" (all users) [string]$OutputFile = "C:\temp\MailboxPermissions.csv")# Fetch mailboxes of type UserMailbox only$Mailboxes = Get-Mailbox -RecipientTypeDetails 'UserMailbox' $Identity -ResultSize Unlimited | Sort-Object$result = @()# Counter for progress bar$MailboxCount = ($Mailboxes | Measure-Object).Count$count = 1foreach ($Mailbox in $Mailboxes) { # Use Alias property instead of name to ensure 'uniqueness' passed on to Get-MailboxFolderStatistics $Alias = '' + $Mailbox.Alias $DisplayName = ('{0} ({1})' -f $Mailbox.DisplayName, $Mailbox.Name) $activity = ('Working... [{0}/{1}]' -f $count, $MailboxCount) $status = ('Getting folders for mailbox: {0}' -f $DisplayName) Write-Progress -Status $status -Activity $activity -PercentComplete (($count / $MailboxCount) * 100) # Fetch folders $Folders = @('\') $FolderStats = Get-MailboxFolderStatistics $Alias | Select-Object -Skip 1 foreach ($FolderStat in $FolderStats) { $FolderPath = $FolderStat.FolderPath.Replace('/', '\') $Folders += $FolderPath } foreach ($Folder in $Folders) { # Build folder key to fetch mailbox folder permissions $FolderKey = $Alias + ':' + $Folder # Fetch mailbox folder permissions $Permissions = Get-MailboxFolderPermission -Identity $FolderKey -ErrorAction SilentlyContinue # Store results in variable foreach ($Permission in $Permissions) { $User = $Permission.User -replace "ExchangePublishedUser\.", "" if ($User -notlike 'Default' -and $User -notlike 'Anonymous' -and $Permission.AccessRights -notlike 'None' -and $Permission.AccessRights -notlike 'Owner') { $result += [PSCustomObject]@{ Mailbox = $DisplayName FolderName = $Permission.FolderName Identity = $Folder User = $User -join ',' AccessRights = $Permission.AccessRights -join ',' } } } } # Increment counter $count++}# Export to CSV$result | Export-Csv -Path $OutputFile -NoTypeInformation -Encoding UTF8 #-Delimiter ';'

3. Create the folders scripts and temp in your (C:) drive if you don’t have them already
4. Save the Get-FolderPermissions.ps1 PowerShell script in the C:\scripts folder
5. Open the file to check if it is unblocked to prevent errors when running the script

Export mailbox folder permission for bulk all users to CSV

To export all users mailbox folder permissions to a CSV file, follow these steps:

1. Run PowerShell as administrator
2. Specify the output file
3. Run the Get-FolderPermissions.ps1 PowerShell script

C:\scripts\.\Get-FolderPermissions.ps1 -OutputFile "C:\temp\BulkUsers.csv"

4. You will find the BulkUsers.csv file in the C:\temp folder
5. Open the CSV file with Microsoft Excel to see the results

Export mailbox folder permissions for single user to CSV

To export mailbox folder permissions for a specific user, follow these steps:

1. Specify the user identity
2. Specify the output file
3. Run the Get-FolderPermissions.ps1 PowerShell script for a single user

C:\scripts\.\Get-FolderPermissions.ps1 -Identity "Brenda.Smith@m365info.com" -OutputFile "C:\temp\SingleUser.csv"

4. You will find the SingleUser.csv file in the C:\temp folder

5. Open the CSV file with Microsoft Excel to see the results

The CSV file will show a list of all the folder permissions the mailbox (Brenda.Smith@m365info.com) has.

6. Remove mailbox folder permission

To remove the mailbox folder permissions you assigned to a user, we will use the Remove-MailboxFolderPermission PowerShell cmdlet. You can remove all the mailbox folder permissions you assigned to a single or bulk all users. All you need to specify is the folder name and the user with whom you shared the folder.

Remove Calendar folder permission of specific user

In our example, the user Stephen.Hunter@m365info.com has Publisher Editor permission to access the calendar folder of Brenda.Smith@m365info.com, and we want to remove these permissions.

We will also add -Confirm:$false to suppress the confirmation prompt.

1. Specify the mailbox in line 1
2. Specify the user you want to remove permission in line 2
3. Run the PowerShell command script to remove the permission of a single user on the calendar folder

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Calendar" }).NameRemove-MailboxFolderPermission "$($mailbox):\$($folder)" -User "$($user)" -Confirm:$false

It will remove the Publishing Editor permission for the shared calendar folder.

Remove Contacts folder permission of specific user

In our example, the user Stephen.Hunter@m365info.com has Publisher Editor permission to access the contacts folder of Brenda.Smith@m365info.com, and we want to remove these permissions.

We will also add -Confirm:$false to remove the confirmation prompt.

1. Specify the mailbox in line 1
2. Specify the user you want to remove permission in line 2
3. Run the PowerShell command script to remove the permission of a single user on the contacts folder

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$folder = (Get-MailboxFolderStatistics -Identity "$($mailbox)" | Where-Object { $_.FolderType -eq "Contacts" }).NameRemove-MailboxFolderPermission "$($mailbox):\$($folder)" -User "$($user)" -Confirm:$false

It will remove the Publishing Editor permission for the contacts folder.

Remove Calendar folder permission from bulk all users

If you have assigned a specific user mailbox folder permission to multiple users, you can remove them all.

In our example, we assigned the user Brenda.Smith@m365info.com with Publishing Editor permission to the calendar folder of all users. We want to remove these permissions from all the user mailboxes with a PowerShell script.

1. Specify the user mailbox on line 1
2. Run the below PowerShell script

$user = "Brenda.Smith@m365info.com"$mailboxes = Get-Mailbox -Resultsize Unlimited# Loop through each mailboxforeach ($mailbox in $mailboxes) { # Get calendar folder name for the current mailbox and store it in the variable $folder $folder = (Get-MailboxFolderStatistics -Identity $mailbox.PrimarySmtpAddress | Where-Object { $_.FolderType -eq "Calendar" }).Name # Add mailbox folder permissions for all calendar folders Remove-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\$($folder)" -User $user -Confirm:$false}

It will remove the Publishing Editor permission for the calendar folder.

Remove Contacts folder permission from bulk all users

If you have assigned a specific user mailbox folder permission to multiple users, you can remove them all.

In our example, we assigned the user Brenda.Smith@m365info.com with Publishing Editor permission to the contacts folder of all users. We want to remove these permissions from all the user mailboxes with a PowerShell script.

1. Specify the user mailbox in line 1
2. Run the below PowerShell script

$user = "Brenda.Smith@m365info.com"$mailboxes = Get-Mailbox -Resultsize Unlimited# Loop through each mailboxforeach ($mailbox in $mailboxes) { # Get folder name for the current mailbox and store it in the variable $folder $folder = (Get-MailboxFolderStatistics -Identity $mailbox.PrimarySmtpAddress | Where-Object { $_.FolderType -eq "Contacts" }).Name # Add mailbox folder permissions for all contacts folders Remove-MailboxFolderPermission -Identity "$($mailbox.PrimarySmtpAddress):\$($folder)" -User $user -Confirm:$false}

It will remove the Publishing Editor permission for the contacts folder.

Remove all mailbox folder permissions of single user

Let’s say you can’t remember the folder name you shared with other users but want to remove these permissions for a user. With the below PowerShell script, you can remove all the mailbox folder permissions.

In our example, we assigned the user (Stephen.Hunter@m365info.com) with a different mailbox folder permission to the user (Amanda.Hansen@m365info.com). Now we want to remove all the folder-level permissions of (Stephen.Hunter@m365info.com) on the folders of (Amanda.Hansen@m365info.com).

1. Specify the mailbox that shared folder in line 1
2. Specify the user with folder permission in line 2
3. Run the below PowerShell script

$mailbox = "Brenda.Smith@m365info.com"$user = "Stephen.Hunter@m365info.com"$folders = Get-MailboxFolderStatistics $mailbox | Where-Object { $_.FolderPath.Contains("/") }foreach ($folder in $folders) { $folderPath = "$($mailbox):" + $folder.FolderPath.Replace("/", "\") $existingPermission = Get-MailboxFolderPermission -Identity $folderPath -User $user -ErrorAction SilentlyContinue if ($existingPermission) { Remove-MailboxFolderPermission -Identity $folderPath -User $user -Confirm:$false Write-Host "Permission removed for $($user) from $($folder.FolderPath)" -ForegroundColor Green } else { Write-Host "No permission found for $($user) on $($folder.FolderPath)" -ForegroundColor Yellow }}

The output result shows when:

• The permission for the user mailbox folder name is removed
• There is no existing permission found for the user

No permission found for Stephen.Hunter@m365info.com on /ArchiefNo permission found for Stephen.Hunter@m365info.com on /ContactpersonenNo permission found for Stephen.Hunter@m365info.com on /FilesPermission removed for Stephen.Hunter@m365info.com from /Postvak INPermission removed for Stephen.Hunter@m365info.com from /Postvak IN/Map APermission removed for Stephen.Hunter@m365info.com from /Postvak UITNo permission found for Stephen.Hunter@m365info.com on /AuditsNo permission found for Stephen.Hunter@m365info.com on /Versions

Did this help you to manage folder permission with PowerShell?

Read more: How to assign Full Access mailbox permission »

Conclusion

You learned how to manage mailbox folder permission with Exchange Online PowerShell. The PowerShell cmdlets add, set, get, and remove mailbox folder permission are excellent to use for single or bulk all users. Remember to use the PowerShell script to export all the mailbox folder permissions assigned to a single or all users for an audit report.

Did you enjoy this article? You may also like Managing Mailbox Time Zone and Language settings with PowerShell. Don’t forget to follow us and share this article.