Exchange filter out folders with permission set to {None}

Repurposing a script I found that takes a user name and displays the AccessRights to each folder in the mailbox. There are a lots of entries that have no AccessRights ({None}), usually for the Anonymous and Default user. I want to filter out these accounts. This is what I have:


Ask for an existing user

$Msg = “Enter the name of the mailbox that requires permissions changing.”
$Msg += "`nThis must be in the format of firstname lastname: "
Write-Host $Msg -ForegroundColor Green -NoNewLine
$CurrentUser = Read-Host

Define Special (System) Folders

$SpecialExchangeFolders = “Top of Information Store|Recoverable Items|Deletions|Purges|Versions”

Get the folder list for the user

[string[]] $FolderPaths = Get-MailboxfolderStatistics $CurrentUser | % {$_.folderpath}

Add the folder list to the users and replace / with \

$ExchangeFolderPaths = $FolderPaths | % {$CurrentUser + “:” + $_.replace(’/’,’’)}

Remove the specila folders from folder list

$UsableExchangeFolderPaths = $ExchangeFolderPaths | where { $_ -notmatch $SpecialExchangeFolders }

Display only the foldername, user and their accessrights

$UsableExchangeFolderPaths | % { get-mailboxfolderPermission $_ } | Where {$_.AccessRights -ne “{None}”}| Select-Object FolderName, Identity, AccessRights

Running this code still shows all folders and users that have no AccessRights!

I don’t have an Exchange environment to test, but based one what I can see here, this is what I would investigate:

  • AccessRights is a collection, and the comparison operators work differently when the left operand is a collection. ($array -ne "{None}") basically says "If there are any elements in this array that are NOT equal to {None}, return True", not "Return true if none of the elements in this array are equal to {None}". For the second one, you would use this instead: (-not $array -eq "{None}")
  • "{None}" is probably the string representation of whatever the AccessRights variable actually contains, but you're comparing the AccessRights object to a string. You might have to make sure the text conversion is performed first, or figure out how to make the code work with the underlying objects instead. Something like Where { $_.AccessRights.Count -eq 0 } might work.

Like I said, I can’t test this myself right this minute, but hopefully these suggestions get you on the right track.

Thanks Dave. I’ve been playing around with this all afternoon and the resolution is too simple:
$UsableExchangeFolderPaths | % { get-mailboxfolderPermission $_ } | Where {$_.AccessRights -notlike “none”} | Select-Object FolderName, Identity, AccessRights