Summary: The PowerShell cmdlet Get-PublicFolderClientPermissions is used to retrieve the information regarding the user permissions of Public Folders. In this post, we’ve discussed how to use Get-PublicFolderClientPermissions for all Public Folders. We’ve also mentioned an EDB converter tool in case you need to export Public Folders to PST or Exchange server database.
Contents
Public Folders are used for shared access and offer an effective approach to gather and share information with several people or departments in the company. Public Folders cannot be created by the users. Administrator needs to create the original folder. Public Folders are used to share emails, documents, contacts, notes, journals, and other items in your Exchange infrastructure. If you want to know the user permissions for a specific Public Folder, you need to use the PowerShell cmdlet Get-PublicFolderClientPermissions.
In this post, we will be discussing about the PowerShell cmdlet Get-PublicFolderClientPermissions in detail and how to use this command.
How to View Permissions of a Public Folder via Exchange Admin Center (EAC)?
To see the permissions of a Public Folder, follow the below instructions:
- Open the Exchange Admin Center (EAC) and log in with your administrator account.
- Click on Public Folders > Public Folders.
- Find the Public Folder in the list and highlight it.
- Click on Manage on Folder Permissions to see the permissions on the Public Folder.
- A pop-up window will open. You will see a list of all the users who can view the Public Folder, along with their permissions level.
The only drawback of using the EAC is that you can view the permissions for only one Public Folder at a time. If you would have several Public Folders, it would be a nightmare to go through them all to get or verify the permissions. The reason why one would want to get the permissions of all Public Folders is to verify and assess the permissions once a year or in 6 months. This assessment could be pushed from the business to ensure that the right permissions are given and to confirm that the access is authorized. To go through all the Public Folders one-by-one would be a cumbersome task. So, the ideal solution is to use PowerShell command.
How to Use Get-PublicFolderClientPermission Command?
The command Get-PublicFolderClientPermission, apart from giving the basic information about a Public Folder, provides all the information you need to assess the permissions in your Exchange Server infrastructure.
You need to verify the permissions needed to run the command and its parameters. To verify this, run the PowerShell cmdlet Get-ManagementRole with the below parameters.
Get-ManagementRole -Cmdlet Get-PublicFolderClientPermission
As you can see in the above image, you will need the roles of Public Folders and View-Only Recipients. To give the permission to the user or users who will need to run the Get-PublicFolderClientPermission, you need to add the roles to the users.
To do this, open the Exchange Admin Center (EAC) and click on Permission and click on Admin roles.
Parameters of the Command
Get-PublicFolderClientPermission
[-Identity] <PublicFolderIdParameter>
[-DomainController <Fqdn>]
[-Server <ServerIdParameter>]
[-User <PublicFolderUserIdParameter>]
[-Mailbox <MailboxIdParameter>]
-Identity is used to specify the name or the GUID of the Public Folder in question.
-DomainController is used if you want to check with a specific Active Directory Server. If there is a discrepancy between the domain controllers where replication is not running, you will see the difference when specifying a specific domain controller.
-Server is used to specify a specific Exchange Server if your infrastructure has Database Availability Group (DAG) or more than one server.
-Mailbox parameter is used to specify the Public Folder mailbox that you want to see the permissions for. The parameter entry can be the name, alias, GUID, or email address.
-User parameter is used if you would like to go through the permission (if any) used by a particular user.
What to Do if Any Issue Arises?
What to do if the Exchange server is not available or there is an issue with the replication of your Active Directory? A Public Folder cannot just be exported by using the New-MailboxExportRequest command on your Exchange Management Shell (EMS). There is a whole process involved for moving the Public Folder from one database to another. In addition, the Public Folder needs to be online for this process to work. You also need to consider that to migrate a Public Folder from one database to another, you would need a bunch of scripting.
In such situations, you can use Stellar Converter for EDB to export Public Folders quickly and easily. By using the application, you can open any EDB file from any Exchange Server version, browse all the mailboxes, and granularly export from them. You can also export Public Folders to PST files or directly to a live Exchange Server database.
