Modify PF permissions in Bulk

Posted on 2006-05-18
Last Modified: 2008-06-29
Hello All,

I have two Exchange 2003 servers and around 700+ Public folders. Exchange servers are patched with SP2. I want to add a user with owner rights to the permissions of a public folder and all the sub folders under it

I have tired pfdavadmin but it removes the existing permissions. I don't want to do that. I want to add this user with the permissions there.

The permissions on the sub folders (400+) are not the same. Different users have different level of permissions. I don't want to remove any permission. Just add a new user to the top level folder and its sub folders.

Question by:rakeshmiglani
    LVL 7

    Accepted Solution

    from the pfdavadmin manual...

    Propagate Folder ACEs
    After you select the Propagate folder ACEs option, you can use the Propagate ACEs option to propagate individual changes to the DACL without overwriting all permissions.
    How to propagate the ACEs to all subfolders
    1.      In the context menu, right-click Propagate folder ACEs to display the Propagate dialog box.
    a.      In the Propagate ACEs dialog box, select the names that you want to add, replace, or remove.
    2.      Click Add/replace to add or replace the selected entities to all subfolders with the role. If the entries are already in the DACL on that folder, the permissions for those entities are changed to the propagated permissions.
    3.      Click Remove to remove the selected entities from the DACL regardless of the role. The role has no effect in this case; the selected entities are removed from the DACL regardless of the role.
    4.      Click OK.

    that tells me it shouldnt remove permissions, only change to whatever is set on your top level explicitly
    LVL 17

    Assisted Solution

    Not sure if you have seen this? May be useful in the future if not now

    LVL 35

    Author Comment

    Well northcide, I created a test Pf and then tried the steps that you mentioned before posting the question and it removed some permissions.
    LVL 104

    Assisted Solution

    Exchange 2003 SP2 allows you to add a single user without touching any of the other folders.
    The other thing I would consider doing is not using a single user to set as the owner, but create a special email enabled group "Email Admins" or something like that. Then add that group as the owner. Then you don't have to do this again, in the event of someone joining or leaving the company.

    LVL 35

    Author Comment

    Thanks to all for the inputs..

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
    Set OWA language and time zone in Exchange for individuals, all users or per database.
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now