• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1341
  • Last Modified:

Modify PF permissions in Bulk

Hello All,

I have two Exchange 2003 servers and around 700+ Public folders. Exchange servers are patched with SP2. I want to add a user with owner rights to the permissions of a public folder and all the sub folders under it

I have tired pfdavadmin but it removes the existing permissions. I don't want to do that. I want to add this user with the permissions there.

The permissions on the sub folders (400+) are not the same. Different users have different level of permissions. I don't want to remove any permission. Just add a new user to the top level folder and its sub folders.

3 Solutions
from the pfdavadmin manual...

Propagate Folder ACEs
After you select the Propagate folder ACEs option, you can use the Propagate ACEs option to propagate individual changes to the DACL without overwriting all permissions.
How to propagate the ACEs to all subfolders
1.      In the context menu, right-click Propagate folder ACEs to display the Propagate dialog box.
a.      In the Propagate ACEs dialog box, select the names that you want to add, replace, or remove.
2.      Click Add/replace to add or replace the selected entities to all subfolders with the role. If the entries are already in the DACL on that folder, the permissions for those entities are changed to the propagated permissions.
3.      Click Remove to remove the selected entities from the DACL regardless of the role. The role has no effect in this case; the selected entities are removed from the DACL regardless of the role.
4.      Click OK.

that tells me it shouldnt remove permissions, only change to whatever is set on your top level explicitly
Not sure if you have seen this? May be useful in the future if not now


rakeshmiglaniAuthor Commented:
Well northcide, I created a test Pf and then tried the steps that you mentioned before posting the question and it removed some permissions.
Exchange 2003 SP2 allows you to add a single user without touching any of the other folders.
The other thing I would consider doing is not using a single user to set as the owner, but create a special email enabled group "Email Admins" or something like that. Then add that group as the owner. Then you don't have to do this again, in the event of someone joining or leaving the company.

rakeshmiglaniAuthor Commented:
Thanks to all for the inputs..
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now