ok-disaster
asked on
Exchange 2007 Public Folder Rights Problem
Hi experts,
we are running an Exchange 2007 SP1 Server. Everything seems fine except for the public folder access rights. The Problem is as follows:
1. Users cannot create public folders no matter top-level or not, although being member of EXCHANGE PUBLIC FOLDER ADMINISTRATOR ROLE or/and client permissions for the folder set to OWNER in Outlook
2. No external objects like mails get into or can be copied to mail-enabled folders.
but:
Discussion items or notices CAN be created or copied!
We have already completey deleted the "old" public folder database/Storage Group and created a new one. Problem is the same.
It would be great if someone could help. Thank You!
we are running an Exchange 2007 SP1 Server. Everything seems fine except for the public folder access rights. The Problem is as follows:
1. Users cannot create public folders no matter top-level or not, although being member of EXCHANGE PUBLIC FOLDER ADMINISTRATOR ROLE or/and client permissions for the folder set to OWNER in Outlook
2. No external objects like mails get into or can be copied to mail-enabled folders.
but:
Discussion items or notices CAN be created or copied!
We have already completey deleted the "old" public folder database/Storage Group and created a new one. Problem is the same.
It would be great if someone could help. Thank You!
ASKER
Hi Nitin,
unfortunately it doesn´t work.
We gave a testuser the permission as described above, BUT as soon as we logon as the user, open Outlook we can access the PF "TOPPF" or "CHILD1" but cannot copy a mail into it or add another top pf or child pf. We get the error that we do not have the needed permissions. The permissions tab is not there.
When we logon as an administrator we can, and the permissions tab is vissible, and the testuser is shown with the given permissions...when we give the user Owner permissions in Outlook it doesn´t work either, although shown in the permissions tab.
CU
Neven
unfortunately it doesn´t work.
We gave a testuser the permission as described above, BUT as soon as we logon as the user, open Outlook we can access the PF "TOPPF" or "CHILD1" but cannot copy a mail into it or add another top pf or child pf. We get the error that we do not have the needed permissions. The permissions tab is not there.
When we logon as an administrator we can, and the permissions tab is vissible, and the testuser is shown with the given permissions...when we give the user Owner permissions in Outlook it doesn´t work either, although shown in the permissions tab.
CU
Neven
Hi Neven,
My Mistake,
Try giving these permissions for the above mentioned folders and it should work
Add-PublicFolderClientPerm ission -Identity \PFTest -User gupnit -AccessRights PublishingEditor
Add-PublicFolderClientPerm ission -Identity \TOPPF\CHILD1 -User gupnit -AccessRights PublishingEditor
For further information you can take a look at this link:::
http://technet.microsoft.com/en-us/library/bb310789(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/aa998834(EXCHG.80).aspx
Hope this is what you are looking for. let me know in case you need help
Thanks
Nitin Gupta
*Link Removed - ModernMatt 05 Jan 09
My Mistake,
Try giving these permissions for the above mentioned folders and it should work
Add-PublicFolderClientPerm
Add-PublicFolderClientPerm
For further information you can take a look at this link:::
http://technet.microsoft.com/en-us/library/bb310789(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/aa998834(EXCHG.80).aspx
Hope this is what you are looking for. let me know in case you need help
Thanks
Nitin Gupta
*Link Removed - ModernMatt 05 Jan 09
Hi,
Didn't get your feedback :-)
Thanks
Nitin
Didn't get your feedback :-)
Thanks
Nitin
ASKER
Hi Nitin,
sorry, we were very busy and couldn´t response.
It still doesn´t work.
No matter what access right we give to a user and no matter with Outlook on a client or with cmdlet on the server:
1. Users cannot create public folders no matter top-level or not, although being member of EXCHANGE PUBLIC FOLDER ADMINISTRATOR ROLE or/and client permissions for the folder set to OWNER in Outlook
2. No external objects like mails get into or can be copied to mail-enabled folders.
We found this which is exactly our Problem:
http://support.microsoft.com/?scid=kb%3Ben-us%3B313866&x=20&y=12
but in the given resolution:
the containers
CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,C N=Administ rative Groups,CN=administrative_g roup,...
are missing from here on:
...CN=Folder Hierarchies,CN=Public Folders
in our schema
There is still a Windows 2000 Server running as DC (infrastructure role), and two DCs with 2003 Server as GC, schemamaster and all other FSMO roles. Probably this 2000 server is the problem?
CUNeven
sorry, we were very busy and couldn´t response.
It still doesn´t work.
No matter what access right we give to a user and no matter with Outlook on a client or with cmdlet on the server:
1. Users cannot create public folders no matter top-level or not, although being member of EXCHANGE PUBLIC FOLDER ADMINISTRATOR ROLE or/and client permissions for the folder set to OWNER in Outlook
2. No external objects like mails get into or can be copied to mail-enabled folders.
We found this which is exactly our Problem:
http://support.microsoft.com/?scid=kb%3Ben-us%3B313866&x=20&y=12
but in the given resolution:
the containers
CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,C
are missing from here on:
...CN=Folder Hierarchies,CN=Public Folders
in our schema
There is still a Windows 2000 Server running as DC (infrastructure role), and two DCs with 2003 Server as GC, schemamaster and all other FSMO roles. Probably this 2000 server is the problem?
CUNeven
ASKER
Hi Experts,
we will close this question and open a new one concerning the missing containers in AD.
Thank You for Your help.
Neven
we will close this question and open a new one concerning the missing containers in AD.
Thank You for Your help.
Neven
Hi,
The question is still open please do close it with assignments :-)
Thanks
Nitin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please do the following and see if things work.
Scenario::
========
We will create a Top Level Public Folder named "TOPPF"
Then will give right to it to a User named "gupnit"
Create a Child Folder under "TOPPF" named "CHILD1"
Then will give right to it to a User named "gupnit"
In Action:
=======
Login as Administrator
New-PublicFolder Name "TOPPF"
Add-PublicFolderClientPerm
New-PublicFolder Name "CHILD1" -Path \TOPPF
Add-PublicFolderClientPerm
Now Run the cmdlet to check permissions
get-PublicFolderClientPerm
let me know if things work fine in this example for you. Then all you have to do is use same steps for your other folders in terms of permissions
Hope this is what you are looking for. let me know in case you need help
Thanks
Nitin Gupta
*Link Removed - ModernMatt 05 Jan 09