Sharing Non-Default Outlook Folders in Exchange (Online and On-Premise)

A client came to me one day and asked how he can share his Outlook folder to his executive assistant so that he can have read only access to one folder and its subfolders. Didn’t think it was really that difficult of a task until he showed me his Outlook folder structure. This user literally had over 1,500 folders in Outlook and the hierarchy was intense!

SNAG-0050

The user did not want to share the full mailbox so assigning full mailbox access was out of the question. He only wanted to share the “2011-2015” folder and all the subfolders under it, which itself was a series of at least 50 folders.

One way to do this is to go to each folder, right click and open properties. On the permissions tab, assign the executive assistant Reviewer rights – NOT GOING TO HAPPEN! Too many chances of error and takes too long.

Assigning Permissions to Outlook Folders

After researching online, I came across a blog (https://blogs.technet.microsoft.com/tips_from_the_inside/2011/11/03/set-outlook-folder-permissions-using-powershell/) that had a script doing this same thing. I have attached a copy of this and customized it for this example.

  • The user who wants to share the folder is called BWayne@thebatcave.com
  • His executive assistant is called Alfred@thebatcave.com
  • The folder we want to share is only the 2011-2015 with its subfolders

 

ForEach($f in (Get-MailboxFolderStatistics BWayne@thebatcave.com | where {$_.Folderpath.contains(“/Investments/2011-2015”) -eq $true} ) )
{
 $fname = “BWayne@thebatcave.com:” + $f.FolderPath.Replace(“/”,”\”);
 Add-MailboxFolderPermission $fname -User Alfred@thebatcave.com -AccessRights Reviewer
 Write-Host $fname
 Start-Sleep -Milliseconds 1000
}

Accessing Non-Default Outlook Shared Folders

Now that the permissions have been assigned how can Alfred access these shared folders. In order to do this, Alfred needs to be able to see the folder structure. These next steps must be performed from Outlook – you can either use Bruce Wayne’s machine or being the administrator, give yourself full access to his mailbox and open it in your Outlook

  1. In Outlook, right click the mailbox name and select Data File Properties.
  2. Click the Permissions tab.
  3. Click the Add button to select Alfred from the address list
  4. Select Folder Visible and click OK

    SNAG-0051
    Note: Permission for Alfred is still set to “None”
  5. Go down to the next folder in the hierarchy and open its Properties
  6. Repeat steps 2 to 4. This needs to be done for every folder Alfred needs to traverse through to get to the shared folder. In this example this would be:
    • BWayne@thebatcave.com mailbox \Real Estate\Investments
    • It must be noted that the Folder Visible permission only allows Alfred to view the folder but not its content.

Now that Alfred has been assigned the permission to view the folders (but not their content) he needs to get into the shared folder, he can open them using Outlook.

  1. On Alfred’s Outlook, open the properties of his account settings. Click on the File menu (in Outlook 2013 and 2016), Account Settings\Account Settings    
  2. On the Account Settings window, click Change SNAG-0053
  3. On the Server Settings page, click More Settings   SNAG-0054
  4. Go to the Advanced tab and click the Add button to add BWayne’s mailbox to Alfred’s Outlook. Note that Alfred will not be able to see the entire mailbox – only the folders that have been set to Folder Visible and the ones he has reviewer permissions to.
  5. After adding the mailbox as an additional mailbox, make sure to uncheck the Download Shared Folders  checkbox.              SNAG-0056
  6. Click OK and Next to close the windows.

 

 

Office 365 – Script to Activate New Mailbox

Script can be downloaded by clicking this Link. Rename the file to PS1 before it can be used.

Please note that once the mailbox has been created, it needs to be activated.

Details of creating new mailboxes in O365 can be found at this link

This script is used to perform the following tasks to a mailbox that has newly been created in Office 365:

  • Set usage location on O365 mailbox to Canada
  • Assigns licenses for Exchange Online, Lync Online, Office365 ProPlus and SharePoint Online
  • Enables retention policy on mailboxes
  • Please note that this script will require an input file.
  • The content of the file should be the SAMAccountName or the UPN of the newly created users in Active Directory.
  • As an example, all new users being created have a logon name of firstname.lastname – this is referred to as the SAMAccountName. The file should contain entries like – each name on its own like:

Clark.Kent
Bruce.Wayne
Bruce.Banner

    • The file can also contain the UPNs of the users in the format:

Bruce.Wayne@domain.ca
Bruce.Banner@domain.ca
Clark.Kent@domain.ca

 

############################################################################################################
# This script will activate the user by:
#    •    setting usage location on O365 mailbox to Canada
#    •    Assigns licenses for Exchange Online, Lync Online, Office365 ProPlus and SharePoint Online
#    •    Enables retention policy on mailboxes
############################################################################################################

######
# AUTHOR: IBRAHIM U. BENNA
######

#This function is used to create a “pause” in the script. Continuation of the script requires an input from the keyboard

Function Pause ($Message=”Press Any Key to Continue…”)
{
Write-host $Message
$Null = $host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
Write-host ” ”
}

Write-host -foregroundcolor Red “Please make sure you are running this script from the Windows Azure Active Directory PowerShell”

Echo ” ”

Pause

#Import Users to be activated from text file. If no text file input is provided, the script immediately terminates. The file must contain the logon names or the UPNs of the users being activated

If ($Args.count -eq 0) {
Write-host -foregroundcolor Red “You need to specify a file name in the command. The file should contain a list of users to be activate.”
echo ” ”
Write-host -foregroundcolor Red “Please re-run the script providing the file name using the syntax ‘New-O365UserSettings.PS1 InputFileName.txt’ ”
echo ” ”
Exit
}

# Obtain credentials for global administrator in O365
$O365Credentials = Get-Credential

#Create a remote session and connect to Office 365 using Windows PowerShell
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri https://ps.outlook.com/powershell/ -Credential $O365Credentials -Authentication Basic –AllowRedirection
Import-PSSession $Session
connect-msolservice -credential $O365credentials

Echo ” ”

Write-Host -foregroundcolor Green “Importing file with user accounts to be activated”

Echo ” ”
#This section will read the content of the text file
$Users = get-content $Args[0]
#This section assigns the license type
$ServicePlans = Get-MsolAccountSku | fl | Where {$_.SkuPartNumber -eq “ENTERPRISEPACK”}
$ServicePlans.ServiceStatus
$MyO365Sku = New-MsolLicenseOptions -AccountSkuId syndication-account:ENTERPRISEPACK -DisabledPlans RMS_S_ENTERPRISE,SHAREPOINTWAC

#Assign Location attribute, necessary licenses, activate user and also apply the retention policy to the user’s mailbox
Foreach ($U in $Users) {
#Sets Usage Location attribute for mailbox to Canada
echo “enabling Usage Location ”
Set-MsolUser -UserPrincipalName $U -UsageLocation CA

#Sets license to necessary options defined
echo “enabling license options ”
Set-MsolUserLicense -UserPrincipalName $U -addlicenses “syndication-account:ENTERPRISEPACK”
Set-MsolUserLicense -UserPrincipalName $U -licenseoptions $MyO365Sku
echo “$U has now been licensed in O365”

#Applies retention policy to mailbox
Start-ManagedFolderAssistant $U
echo “Archive/Retention Policy successfully applied to $U”

echo ” ”
echo ” ”
}

#Disconnects remote powershell session from O365
get-pssession | remove-pssession

Office 365 – Script to Create New Primary and Archive Mailbox

Script can be downloaded by clicking this Link. Rename the file to PS1 before it can be used.

Please note that once the mailbox has been created, it needs to be activated.

In order to create primary and archive mailboxes in Office 365, the following script can be used.

  • Please note that this script will require an input file.
  • The content of the file should be the SAMAccountName of the newly created users in Active Directory.
  • As an example, all new users being created have a logon name of firstname.lastname – this is referred to as the SAMAccountName (without the domain portion). The file should contain entries like – each name on its own like:

Clark.Kent
Bruce.Wayne
Bruce.Banner

 

##########################################################################
# This function is used to create a “pause” in the script.
# Continuation of the script requires an input from the keyboard.
# Pauses have been added at different steps of the script but can be safely removed.
##########################################################################

 ######
# AUTHOR: IBRAHIM U. BENNA
######

 FunctionPause ($Message=”Press Any Key to Continue…”)
{
Write-host $Message
$Null=$host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
Write-host ” ”
}
Write-host -foregroundcolor Red “Please make sure you are running this script from the Microsoft Exchange Management Shell on a machine used to manage the Exchange organization”

Echo ” ”

Pause

#Import Users to be mailbox-enabled from text file. If no text file input is provided, the script immediately terminates. The file must contain the logon names of the users being activated

If ($Args.count -eq 0) {
Write-host -foregroundcolor Red “You need to specify a file name in the command. The file should contain a list of users to be activate.”

echo ” ”

Write-host -foregroundcolor Red “Please re-run the script providing the file name using the syntax ‘New-O365Mailbox.PS1 InputFileName.txt’ ”

echo ” ”

Exit
}

#Enabling mailbox in the cloud – This section will read the content of the text file

$Users=get-content $Args[0]

Foreach ($U in $Users) {
echo ” ”

#Configuring the TargetAddress attribute on the user account in Active Directory and then enabling the mailbox in Exchange Online.
Write-host -foregroundcolor DarkYellow “Enabling remote mailbox for $u”

echo ” ”

Write-host –foregroundcolor Red “MAKE SURE YOU HAVE CHANGED THE TENANT DOMAIN IN THE SCRIPT!”

Pause

#Configuring the TargetAddress attribute on the user account in Active Directory and enabling primary mailbox for user
$routing=$u+“@TENANTNAME.mail.onmicrosoft.com
enable-remotemailbox $u -remoteroutingaddress $routing
Write-Host -foregroundcolor Yellow “$U has O365 primary mailbox enabled”

echo ” ”

#Configuring and enabling an archive mailbox for the user
Write-host -foregroundcolor DarkYellow “Enabling archive mailbox for $u”
enable-remotemailbox $u -archive
Write-Host -foregroundcolor Yellow “$U has archive mailbox enabled”
echo ” ”
}