Powershell Script to report all Exchange Public Folder Permissions

One project I'm currently working on is to go through all of our groups and make us a one-resource/one-group shop as far as AD is concerned. This has been a BIG job. Security-enabled distribution groups have been given rights to file shares and added to local server groups, among a ton of other miscellaneous crap.

One step in organizing what each group actually has rights to is for me to go through our Public Folder infrastructure and ferret out who has access to what. We've got over a hundred public folders. I started doing this manually and after about two folders I thought, "This has to be possible with Powershell." Well, guess what?

As usual, make sure c:\temp is present, as that's where I write my files. Also, I wrote this to run from my local (Exchange 2010) management shell.

Further comments are within the script.

######### BEGIN SCRIPT #########

Write-Host -Foreground Red "This script must be run from the Exchange Management Shell!"
$Init = Read-Host "Press Enter to Continue"

#Get all of the Public Folders
$PublicFolders = get-publicfolder -recurse

#Create a new array to hold the data
$Permissions = @()

Foreach ($Folder in $PublicFolders){
#Full path and name of the public folder
[string]$Foldername = ($Folder.ParentPath) + '\' + ($Folder.Name)

#Get the permissions of the public Folder
$FolderPermissions = Get-PublicFolderClientPermission $Folder

Foreach ($Entry in $Folderpermissions){
#If the User identity in NOT Null
If (($Entry.User).ActiveDirectoryIdentity){
#Get the User Identity of the permission
$UserIdentity = (($Entry.User).ActiveDirectoryIdentity).ToString()

#Create a new object to hold the data
$PermissionItem = New-Object System.Object

#Put the Full path and name of the public folder into the object
$PermissionItem | Add-Member -type NoteProperty -name Folder -value $FolderName

#Put the User Identity of the permission into the object
$PermissionItem | Add-Member -type NoteProperty -name User -value ($Entry.User).ExchangeAddressBookDisplayName

#Had to get funky here, and the Accessrights are an array and not readily enumaratable (is that even a word?)
Foreach ($Value in ($Entry.AccessRights)){$Rights = (($Value.Permission).ToString())}

#Add the user's rights to the object
$PermissionItem | Add-Member -type NoteProperty -name Rights -value $Rights

#Add the object into the array
$Permissions += $PermissionItem
} #End If
} #End Foreach $Entry
} #End Foreach $Folder

#Export unique user values to a text document
$Permissions | select user -unique | sort user | out-file "C:\temp\UniquePublicFolderPermissions.txt"

#Export the permissions for all folders to CSV
$Permissions | Export-CSV "C:\temp\AllPublicFolderPemissions.csv" -NoTypeInformation

######### END SCRIPT #########