Get-EXOMailboxFolderPermission

This cmdlet is available only in the Exchange Online PowerShell module. For more information, see About the Exchange Online PowerShell module.

Use the Get-ExOMailboxFolderPermission cmdlet to view folder-level permissions in mailboxes.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Get-EXOMailboxFolderPermission
   [[-Identity] <String>]
   [-ExternalDirectoryObjectId <Guid>]
   [-GroupMailbox]
   [-PrimarySmtpAddress <String>]
   [-User <String>]
   [-UserPrincipalName <String>]
   [<CommonParameters>]

Description

Use this cmdlet to retrieve folder level permission in the mailbox.

Examples

Example 1

Get-EXOMailboxFolderPermission -Identity john@contoso.com:\Marketing\Reports

This example returns the current list of user permissions for the Reports subfolder in the Marketing folder in John's mailbox.

Example 2

Get-EXOMailboxFolderPermission -Identity john@contoso.com:\Marketing\Reports -User Kim@contoso.com

This example returns the permissions for the same folder in John's mailbox, but only for the user Kim.

Parameters

-ExternalDirectoryObjectId

The ExternalDirectoryObjectId parameter identifies the mailbox that you want to view by the ObjectId in Microsoft Entra ID.

You can't use this parameter with the Identity, PrimarySmtpAddress, or UserPrincipalName parameters.

Type:Guid
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online

-GroupMailbox

The GroupMailbox switch is required to return Microsoft 365 Groups in the results. You don't need to specify a value with this switch.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online

-Identity

The Identity parameter specifies the mailbox folder that you want to view. This parameter uses the syntax: <Mailbox>:\<Folder>. For the best performance, we recommend using the user ID or user principal name (UPN) to identify the mailbox.

Otherwise, you can use any value that uniquely identifies the mailbox. For example:

  • Name
  • Alias
  • Distinguished name (DN)
  • Email address
  • LegacyExchangeDN
  • SamAccountName

You can't use this parameter with the ExternalDirectoryObjectId, PrimarySmtpAddress, or UserPrincipalName parameters.

Type:String
Position:0
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online

-PrimarySmtpAddress

The PrimarySmtpAddress identifies the mailbox that you want to view by primary SMTP email address (for example, navin@contoso.com).

You can't use this parameter with the ExternalDirectoryObjectId, Identity, or UserPrincipalName parameters.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online

-User

The User parameter filters the results by the specified mailbox, mail user, or mail-enabled security group (security principal) that's granted permission to the mailbox folder. You can use any value that uniquely identifies the user or group. For example:

  • Name
  • Alias
  • Distinguished name (DN)
  • Canonical DN
  • Email address
  • GUID

Note: If you specify a user that doesn't have permission to access the mailbox folder, the command will throw an exception.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online

-UserPrincipalName

The UserPrincipalName parameter identifies the mailbox that you want to view by UPN (for example, navin@contoso.onmicrosoft.com).

You can't use this parameter with the ExternalDirectoryObjectId, Identity, or PrimarySmtpAddress parameters.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online