How to Apply Permissions to Public Folder and All Sub Folders in Exchange 2007/2010 Using Exchange Management Shell

If you have a public folder that your working on, and you need to apply permissions to it using the Exchange Management Shell, its pretty easy.  The command is:

Add-PublicFolderClientPermission –Identity “Foldername” –user UserName –AccessRights PublishingEditor

For instance, to add the user pponzeka to the folder IT with the Publishing Editor permission, the command would be the following:

This works great, but what if we have several subfolders under IT, and we want to apply the same user permissions to all of the subfolders as well?  A utility called PFDAVADMIN that was available from Microsoft used to allow you to do this, and it still works with Exchange 2007.  But, since the protocol it uses, WebDAV is no longer available in Exchange 2010, we no longer have this option.  Plus, the shell is easier to use anyway!

So, we have the IT public folder, and three subfolders:

So, first, in the Exchange Management Shell, if we attempt to list the public folder IT, this is the result of what we’ll see.  The command used is Get-PublicFolder –Identity “IT”

That’s odd, we know there are three folders underneath, why doesn’t it list these?  We need to add the –Recurse option to our command, so that it looks in the root, and everything underneath.  So the command should be Get-PublicFolder –Identity “IT” –Recurse

Notice the Parent Path?  IT has listed, which means its a Top Level Folder in Public Folders.  The other three have IT listed, which means they are sub folders of IT.

So, back to the top.  The permission to add permission on a public folder was:

Add-PublicFolderClientPermission –Identity “Foldername” –user UserName –AccessRights PublishingEditor

So in our case it was:

Add-PublicFolderClientPermission –Identity “IT” –User pponzeka –AccessRights PublishingEditor

So, now, how do we apply these permissions to the root folder, in this case IT, and all three subfolders, in this case Documents, Emails and Plans?  Well, we use the piping command to pipe the entire list of folders to the Add-PublicFolderClientPermission command.

Get-PublicFolder –Identity “IT” –Recurse | Add-PublicFolderClientPermission –User pponzeka –AccessRights PublishingEditor

Note that we don’t need to specify the Identity  in the Add-PublicFolderClientPermission because we piped that to it with the | command.

And there you go.  The user account has been given these rights to the root folder, IT, and all its subfolders.  This works for any number of subfolders, and you can also use the same method to remove access rights.