Memorise

Managing public folders in Exchange Server 2007 SP1

Managing public folders in Exchange Server 2007 SP1 still requires the use of PowerShell cmdlets snap-in exposed in the Exchange Management Shell. This practical example illustrates how to resolve common issues around public folder access rights.

Scenario A: Outlook shows public folder as “Access Denied”(you do not have permissions to …)

[PS] C:\Windows\System32>Get-PublicFolderClientPermission -Identity “\folder\sharedItems” | fl

Identity : \folder\sharedItems
User : Default
AccessRights : {FolderVisible}

Identity : \folder\sharedItems
User : Anonymous
AccessRights : {FolderVisible}

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/pic
AccessRights : {CreateItems, EditOwnedItems, EditAllItems, FolderContact, FolderVisible}

Identity : \folder\sharedItems
User : swissitpro.ch/group/it/grpitadmin
AccessRights : {Owner}

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/groupOfPFUsers
AccessRights : {Author}

Removing existing access rights and then assigning the Person-In-Charge (PIC) the Author role with pre-defined access rights solved the problem:

[PS] C:\Windows\System32>Remove-PublicFolderClientPermission -Identity “\folder\sharedItems” -user “pic” -accessrights CreateItems, EditOwnedItems, EditAllItems, FolderContact, FolderVisible

Confirm
Are you sure you want to perform this action?
Removing Public Folder Permission on “\folder\sharedItems” for User “pic”, Access Rights “‘CreateItems’, ‘EditOwnedItems’, ‘EditAllItems’, ‘FolderContact’, ‘FolderVisible’”.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is “Y”): y

[PS] C:\Windows\System32>Add-PublicFolderClientPermission -Identity “\folder\sharedItems” -AccessRights author -User “pic”

Identity                   User                       AccessRights
——–                   —-                       ————
\folder\sharedItems       swissitpro.ch/OU1/pic …      {Author}

Adding the access rights of FolderContact simply identifies the account as the administrative contact for the public folder:

[PS] C:\Windows\System32>Add-PublicFolderClientPermission -Identity “\folder\sharedItems” -AccessRights FolderContact -User “pic”

The state of the public folder access rights for user pic now reads:

[PS] C:\Windows\System32>Get-PublicFolderClientPermission -Identity “\folder\sharedItems” | fl

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/pic
AccessRights : {ReadItems, CreateItems, EditOwnedItems, DeleteOwnedItems, FolderContact, FolderVisible}

Scenario B: Person-In-Charge cannot modify items created by others

So far, the modifications grant the pic user access rights to peruse the public folder, create, modify and delete objects owned by him/her only. S/he is not able to carry out his/her duties as PIC to administer items created by others in the same location.

To fix this, add the missing access rights with the end result as shown:

[PS] C:\Windows\System32>Add-PublicFolderClientPermission -Identity “\folder\sharedItems” -AccessRights EditAllItems,DeleteAllItems -User “pic”

[PS] C:\Windows\System32>Get-PublicFolderClientPermission -Identity “\folder\sharedItems” | fl

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/pic
AccessRights : {ReadItems, CreateItems, EditOwnedItems, DeleteOwnedItems, EditAllItems, DeleteAllItems, FolderContact, FolderVisible}


Categorised as: Exchange, Microsoft


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.