Identify Folders Breaking Permission Inheritance in SharePoint using PowerShell

Last week, I got contacted ​by a fellow MVP regarding a problem he had coming up with a PowerShell script to help him identify all folders in a specific library on which the permissions’ inheritance had been broken. His script had to be able to start looking at a specific parent folder inside the library and only scan its subfolders. For example, assume you have a document library with the following folder structure. folders with a * beside them indicates folders for which the permission inheritance has been broken.

Folder A

       – Folder A.1

       -Folder A.2 *

               — Folder A.2.1

Folder B *

Folder C

     – Folder C.1

             — Folder C.1.1*

What my colleague wanted to be able to do was to run a scan on a specific parent folder (e.g. Folder C.1) and find all subfolders contained within it for which the permissions’ inheritance was broken. He had a script that was doing the job, but performance wise, his script was still looping through every single folder in the library, and not only just the parent folder he identified and down. The solution I proposed was fairly simple: use an SPQuery to query all items having a content type of folder, loop through all subfolders starting at the specified parent and identified folders that have their permissions’ inheritance broken. The resulting script was the following:

Add-PSSnapin Microsoft.SharePoint.PowerShell

# Get a reference to the specified SharePoint Web. Replace http://localhost by your own url

$webUrl = “http://localhost/”

$web = Get-SPWeb $WebUrl

# Get a reference to the specified SharePoint List. Replace Documents by your library’s name;

$listName = “Documents”

$list = $web.Lists[$ListName]

# Declare the relative URL to the parent folder you wish to scan; Replace Folder C.1 by the name of the parent folder;

$folderUrl = “/Shared Documents/Folder C.1”

# Get an SPFolder object reference to the parent folder;

$folderRef = $web.GetFolder($folderUrl)

# Create a new SPQuery object and have it scan only for folders (skip over other list items);

$query = “<Where><Eq><FieldRef Name=’ContentType’ /><Value Type=’Text’>Folder</Value></Eq></Where>”

$spQuery = New-Object Microsoft.SharePoint.SPQuery

$spQuery.Query = $query;

# Specifies that we wish to include all subfolders in our query;

$spQuery.ViewAttributes = “Scope=’RecursiveAll'”;

# Specify the root folder for the SPQuery object to look into;

$spQuery.Folder = $folderRef

# Get all folders matching the query;

$subFolders = $list.GetItems($spQuery);

# Loop through all retrieved folders and check to see if their permissions’ inheritance are broken. If they are, print a message on screen;

foreach($item in $subFolders)




Write-Host “L’héritage des permissions est brisée sur:” $item.Name ” URL :” $item.Url




2 thoughts on “Identify Folders Breaking Permission Inheritance in SharePoint using PowerShell

Leave a Reply

Your email address will not be published. Required fields are marked *