Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Get-MailboxFolderPermissionResolved
- {
- [CmdletBinding()]
- param(
- [Parameter(ValueFromPipeline=$True)] [string] $Identity
- )
- process
- {
- # First, get the permissions like normal
- # But filter out "Default" entries since they cannot be resolved
- [array] $rawACL = $identity | Get-MailboxFolderPermission -EA SilentlyContinue
- # If we wan't find an ACL for that folder? Just return nothing
- # This happens a lot when feeding folder names from GetMailboxFolderStatistics
- if ($rawACL -eq $null) { return }
- [array] $ACL = $rawACL |
- Where { $_.User.DisplayName -ne "Default" } |
- Where { $_.User.DisplayName -ne "Anonymous" } |
- Where { -not ($_.User.DisplayName.StartsWith("NT User:")) }
- if ($ACL -eq $null -or $ACL.count -eq 0)
- {
- return
- }
- # We need to resolve the DisplayName into UserPrincipalName for each entry
- # So iterate over each of the entries
- foreach ($ace in $ACL)
- {
- $UserObject = $null
- [string] $upn = ""
- # Find all users that match this displayname
- [array] $MatchUsers = get-user $ace.user.displayname
- if ($MatchUsers.count -eq 1)
- {
- # Okay no worries!
- $UserObject = $MatchUsers[0]
- $upn = $UserObject.UserPrincipalName
- } else {
- foreach ($userobj in $MatchUsers) {
- # Do a lookup for each to check
- $lookup = $identity |
- get-mailboxfolderpermission -user $userobj.userPrincipalName -EA SilentlyContinue
- if ($lookup -ne $null -and $lookup.AccessRights[0] -eq $ace.AccessRights[0]) {
- $UserObject = $userobj
- $upn = $UserObject.UserPrincipalName
- }
- }
- }
- if ($upn -eq "" -or $userObject -eq $null) {
- Write-Warning ("Could not find a match for: " + $ace.user.displayname)
- continue
- }
- New-Object -TypeName PSObject -Property @{
- Identity=$upn;
- User=$ace.User;
- FolderName=$ace.FolderName;
- AccessRights=($ace.AccessRights -join ";");
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement