Using Remove-MailboxFolderPermission in Powershell

Using Remove-MailboxFolderPermission in Powershell

Administrators seeking precise control over folder-level permissions can find a powerful ally in PowerShell commands.

If you are looking to change, manage, or delegate access permissions, you may need to remove the existing permissions first.

In today's guide, we are going to teach you how to use Remove-MailboxFolderPermission in PowerShell quickly.

What is Remove-MailboxFolderPermission Cmdlet?

The Remove-MailboxFolderPermission cmdlet is a command available on Microsoft Exchange Server (PowerShell) that is used to remove permissions assigned to a specific user or group on a folder within a mailbox.

This cmdlet is part of the Exchange Management Shell and is commonly employed by administrators to manage folder-level permissions for users in an Exchange environment.

This is the syntax of the Remove-MailboxFolderPermission command:

Remove-MailboxFolderPermission

[-Identity] <MailboxFolderIdParameter>

-User <MailboxFolderUserIdParameter>

[-Confirm]

[-DomainController <Fqdn>]

[-WhatIf]

[<CommonParameters>]

Let's take a quick look at the meaning of these parameters to understand how the cmdlet works:

  • Identity <MailboxFolderIdParameter>: Identifies the specific mailbox folder from which permissions will be removed.
  • User <MailboxFolderUserIdParameter>: Specifies the user or group for whom permissions on the folder will be revoked.
  • Confirm: Optional parameter; prompts for confirmation before actually removing permissions.
  • DomainController <Fqdn>: Specifies the domain controller to be used for the operation.
  • WhatIf: Optional parameter; shows a preview of changes that would be made without actually removing permissions.
  • CommonParameters: Standard PowerShell parameters for controlling cmdlet behavior, such as -Verbose, -Debug, -ErrorAction, etc.

What Can You Use the Remove-MailboxFolderPermission Command For?

The purpose of the Remove-MailboxFolderPermission command is to perform efficient management and delegation permissions by removing them as required. By using this command, administrators have access to the following advantages:

  • Revoking Folder Permissions for User Transition: When an employee leaves the organization or changes roles, you may need to remove folder permissions on their mailbox to ensure sensitive information remains secure.
  • Adjusting Access Levels for Collaboration: If you want to modify the level of access a user or group has on a shared mailbox folder, you can use this cmdlet to remove existing permissions and set new ones.
  • Cleaning Up Unused Permissions: Over time, as users come and go, you may accumulate unnecessary folder permissions. Use the cmdlet to clean up and remove permissions that are no longer required.

How to Use Remove MailboxFolderPermission in PowerShell

To use the Remove-MailboxFolderPermission command, we'll follow three quick steps.

Step 1: Connect to Exchange Online PowerShell

Connect to Exchange Online PowerShell by running the following command:

Connect-ExchangeOnline -UserPrincipalName youremail@meetingroom365.com

Use your Microsoft account email address and password to log in. Make sure you have sufficient admin permissions before attempting to run the cmdlet.

Step 2: Run the Get-MailboxFolderStatistics Cmdlet

Despite not being a completely necessary step, the best way to prevent mistakes when running commands is to use the right information (and have the required permissions).

According to Microsoft, the Get-MailboxFolderStatistics command retrieves the mailbox folder information you need to assign, delegate, and, in this case, remove permissions.

Run this command to prevent data mistakes and other common issues in the future.

Step 3: Run the Remove-MailboxFolderPermission Command

Now, it's time to run the Remove-MailboxFolderPermission cmdlet. Take a look at the following example:

Remove-MailboxFolderPermission -Identity james@meetingroom365.com:\Training -User simon@meetingroom365.com

The output of this command results in the removal of James's permissions to the Training folder in Simon's mailbox.

Here is another example:

Remove-MailboxFolderPermission -Identity james@meetingroom365.com:\Calendar -ResetDelegateUserCollection

This command clears any corrupted delegate information from James's mailbox.

Wrapping Up: Using the Remove-Mailbox Folder Permissions Cmdlet in PowerShell

The Remove-MailboxFolderPermissions cmdlet grants us more control over mailbox user permissions, improving and facilitating our daily tasks. Before using this command, consider the following three key points:

  • Streamlined Mailbox Security: Achieve enhanced control over mailbox security by effectively managing folder-level permissions.
  • Precision in Access Management: Fine-tune collaboration by using the Remove-MailboxFolderPermission cmdlet to precisely adjust access levels.
  • Consider Potential Errors: Watch out for potential errors, such as connectivity issues or misidentifying target folders, to ensure smooth and error-free execution.