Adding Public Folder Permissions

The powershell command to add client permissions is –

Add-PublicFolderClientPermissions -Identity <PublicFolder> -User “Username” -AccessRights <Right>

You need to include a leading ‘\’ character in front of the public folder name. The following is a list of client user access rights:

  • ReadItems   The user has the right to read items within the specified public folder.
  • CreateItems   The user has the right to create items within the specified public folder and send e-mail messages to the public folder if it is mail-enabled.
  • EditOwnedItems   The user has the right to edit the items that the user owns in the specified public folder.
  • DeleteOwnedItems   The user has the right to delete items that the user owns in the specified public folder.
  • EditAllItems   The user has the right to edit all items in the specified public folder.
  • DeleteAllItems   The user has the right to delete all items in the specified public folder.
  • CreateSubfolders   The user has the right to create subfolders in the specified public folder.
  • FolderOwner   The user is the owner of the specified public folder. The user has the right to view and move the public folder, create subfolders, and set permissions for the folder. The user cannot read items, edit items, delete items, or create items.
  • FolderContact   The user is the contact for the specified public folder.
  • FolderVisible   The user can view the specified public folder, but cannot read or edit items within the specified public folder.

The only problem with this is that the command is not recursive i.e. if you set the permission for a top level folder for a user they will not be able to access any of the sub-folders. You have to resort to a script to set permissions recursively. The script is located in C:\Program Files\Microsoft\Exchange\Scripts and it is called AddUsersToPFRecursive.ps1. You can use it as in the following example –

.\AddUsersToPFRecursive.ps1 -TopPublicFolder “\MyFolder” -User “7654321” -Permission “PublishingEditor”

Strictly speaking you only need to include the double quotes if there is a space in any of the names.

Render Disconnected Mailboxes Visible in EMC

When you initially disable an Exchange 2007 mailbox it normally does not become visible in the EMC until after the administrative tasks have run overnight. You can speed this process up using the Clean-MailboxDatabase commandlet e.g.

C:>Clean-MailboxDatabase -Identity ex2k7-virt-1\v1sg1\v1sg1db

It may take a minute or two to appear in the disconnected mailbox list.