Modify PF permissions in Bulk

Posted on 2006-05-18
Medium Priority
Last Modified: 2008-06-29
Hello All,

I have two Exchange 2003 servers and around 700+ Public folders. Exchange servers are patched with SP2. I want to add a user with owner rights to the permissions of a public folder and all the sub folders under it

I have tired pfdavadmin but it removes the existing permissions. I don't want to do that. I want to add this user with the permissions there.

The permissions on the sub folders (400+) are not the same. Different users have different level of permissions. I don't want to remove any permission. Just add a new user to the top level folder and its sub folders.

Question by:rakeshmiglani

Accepted Solution

northcide earned 400 total points
ID: 16709889
from the pfdavadmin manual...

Propagate Folder ACEs
After you select the Propagate folder ACEs option, you can use the Propagate ACEs option to propagate individual changes to the DACL without overwriting all permissions.
How to propagate the ACEs to all subfolders
1.      In the context menu, right-click Propagate folder ACEs to display the Propagate dialog box.
a.      In the Propagate ACEs dialog box, select the names that you want to add, replace, or remove.
2.      Click Add/replace to add or replace the selected entities to all subfolders with the role. If the entries are already in the DACL on that folder, the permissions for those entities are changed to the propagated permissions.
3.      Click Remove to remove the selected entities from the DACL regardless of the role. The role has no effect in this case; the selected entities are removed from the DACL regardless of the role.
4.      Click OK.

that tells me it shouldnt remove permissions, only change to whatever is set on your top level explicitly
LVL 17

Assisted Solution

Microtech earned 300 total points
ID: 16709903
Not sure if you have seen this? May be useful in the future if not now


LVL 35

Author Comment

ID: 16709932
Well northcide, I created a test Pf and then tried the steps that you mentioned before posting the question and it removed some permissions.
LVL 104

Assisted Solution

Sembee earned 300 total points
ID: 16710239
Exchange 2003 SP2 allows you to add a single user without touching any of the other folders.
The other thing I would consider doing is not using a single user to set as the owner, but create a special email enabled group "Email Admins" or something like that. Then add that group as the owner. Then you don't have to do this again, in the event of someone joining or leaving the company.

LVL 35

Author Comment

ID: 16719019
Thanks to all for the inputs..

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
How to effectively resolve the number one email related issue received by helpdesks.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month13 days, 20 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question