Link to home
Start Free TrialLog in
Avatar of ok-disaster
ok-disaster

asked on

Exchange 2007 Public Folder Rights Problem

Hi experts,

we are running an Exchange 2007 SP1 Server. Everything seems fine except for the public folder access rights. The Problem is as follows:

1. Users cannot create public folders no matter top-level or not, although being member of EXCHANGE PUBLIC FOLDER ADMINISTRATOR ROLE or/and client permissions for the folder set to OWNER in Outlook
2. No external objects like mails get into or can be copied to mail-enabled folders.

but:
Discussion items or notices CAN be created or copied!

We have already completey deleted the "old" public folder database/Storage Group and created a new one. Problem is the same.

It would be great if someone could help. Thank You!
Avatar of Nitin Gupta
Nitin Gupta
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi,

Please do the following and see if things work.

Scenario::
========
We will create a Top Level Public Folder named "TOPPF"
Then will give right to it to a User named "gupnit"
Create a Child Folder under "TOPPF" named "CHILD1"
Then will give right to it to a User named "gupnit"

In Action:
=======
Login as Administrator
New-PublicFolder Name "TOPPF"
Add-PublicFolderClientPermission -Identity \PFTest -User gupnit -AccessRights Author
New-PublicFolder Name "CHILD1"  -Path \TOPPF
Add-PublicFolderClientPermission -Identity \TOPPF\CHILD1 -User gupnit -AccessRights Author

Now Run the cmdlet to check permissions
get-PublicFolderClientPermission Identity \TOPPF    

let me know if things work fine in this example for you. Then all you have to do is use same steps for your other folders in terms of permissions

Hope this is what you are looking for. let me know in case you need help

Thanks
Nitin Gupta

*Link Removed - ModernMatt 05 Jan 09

Avatar of ok-disaster
ok-disaster

ASKER

Hi Nitin,

unfortunately it doesn´t work.
We gave a testuser the permission as described above, BUT as soon as we logon as the user, open Outlook we can access the PF "TOPPF" or "CHILD1" but cannot copy a mail into it or add another top pf or child pf. We get the error that we do not have the needed permissions. The permissions tab is not there.
When we logon as an administrator we can, and the permissions tab is vissible, and the testuser is shown with the given permissions...when we give the user Owner permissions in Outlook it doesn´t work either, although shown in the permissions tab.

CU
Neven
Hi Neven,

My Mistake,

Try giving these permissions for the above mentioned folders and it should work

Add-PublicFolderClientPermission -Identity \PFTest -User gupnit -AccessRights PublishingEditor
Add-PublicFolderClientPermission -Identity \TOPPF\CHILD1 -User gupnit -AccessRights PublishingEditor

For further information you can take a look at this link:::
http://technet.microsoft.com/en-us/library/bb310789(EXCHG.80).aspx
http://technet.microsoft.com/en-us/library/aa998834(EXCHG.80).aspx

Hope this is what you are looking for. let me know in case you need help

Thanks
Nitin Gupta
*Link Removed - ModernMatt 05 Jan 09
Hi,

Didn't get your feedback :-)

Thanks
Nitin
Hi Nitin,

sorry, we were very busy and couldn´t response.
It still doesn´t work.
No matter what access right we give to a user and no matter with Outlook on a client or with cmdlet on the server:
1. Users cannot create public folders no matter top-level or not, although being member of EXCHANGE PUBLIC FOLDER ADMINISTRATOR ROLE or/and client permissions for the folder set to OWNER in Outlook
2. No external objects like mails get into or can be copied to mail-enabled folders.

We found this which is exactly our Problem:

http://support.microsoft.com/?scid=kb%3Ben-us%3B313866&x=20&y=12

but in the given resolution:
the containers
CN=Services,CN=Microsoft Exchange,CN=ORGANIZATION,CN=Administrative Groups,CN=administrative_group,...

are missing from here on:
...CN=Folder Hierarchies,CN=Public Folders
in our schema

There is still a Windows 2000 Server running as DC (infrastructure role), and two DCs with 2003 Server as GC, schemamaster and all other FSMO roles. Probably this 2000 server is the problem?

CUNeven
Hi Experts,

we will close this question and open a new one concerning the missing containers in AD.
Thank You for Your help.
Neven

Hi,
The question is still open please do close it  with assignments :-)
Thanks
Nitin
ASKER CERTIFIED SOLUTION
Avatar of ok-disaster
ok-disaster

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial