Solved

Setting up Exchange Server 2007 Public Folder Permissions

Posted on 2013-12-04
8
361 Views
Last Modified: 2014-03-08
I created a word attachment that will be much easier to read. Below is a "paste and copy" of the attachment
------------------------------------------Setting-up-Exchange-Server-2007-.docx


Setting up Exchange Server 2007 Public Folder Permissions

Near 1 year ago, we migrated from SBS2003 to SBS2008.
-      Doing so, we did not use the recommended migration path and have learned that we now have Public Folder Permission issues
-      On the new SBS2008, I manually created all the user domain accounts
-      Imported all data and setup the appropriate Share and File Permission. Had no issues.
-      Exported the Email as a PST file from the SBS2003 server and imported it into the new SBS2008 server’s Public Folder as a PST file. We were able to access all of the PST files.

Importing the Public Folders
I recall some time ago when Microsoft was involved
-      That I had to do create a user profile on a Windows 7 workstation that had full access to the server. So I created an Outlook profile using the server’s administrators account. This was how I successfully imported all of the Public Folders
Once imported, we ran into issues were some of the folders within the Public Folders were not viewable by users. Some folders were viewable but users could not delete or add emails to the Public folders
-      I ended up getting Microsoft involved. The tech I worked with was able get two of the users full access and those two users were able to fully manipulate the Public Folders. However, he used all command lines from the command prompt – not the CMD but “PowerShell” believe. I took him several hours across several days to make it work. I did not record the process.

These were the tools Microsoft was able to use to successfully apply permissions to the Public Folders because the command line tool was very time consuming and difficult
PFDAVAdmin.EXE
Dotnetfx.exe (I assume .NET Framework 1.1 if the PC you’re running this from did not have it)

- required running from a Windows 7 PC - as the administrator
- required installing net framework 1.1
- Global catalog is the same as the server name (in our case,  it is)

So I followed these instructions
Please use the following tool to give permission in bulk on public folder:

http://www.microsoft.com/en-us/download/details.aspx?id=22427

please go through the following link for the steps to fix the permissions problem:

http://technet.microsoft.com/en-us/library/bb508858(v=exchg.65).aspx

I installed the tool on one of the workstations running XP Pro (there was no restriction that I saw needing to use a Windows 7 workstation)
-      It has the needed .NET Framework 1.1 (this was also the workstation that I originally used to perform the exporting and importing or the Public Folders )
The tools direction says this
-      After you export the existing permissions, right-click Public Folders, and then select Fix Folder DACLs. I didn’t export the existing permission because a pop up indicated that I need to enable logging – so I’m skipping part
 Note:
Fix Folder DACLs removes permissions for any unresolved security identifiers (SIDs). It is recommended that you run Check DACL State and look for any folders that contain unresolved SIDs before you run Fix Folder DACLs. The directions are not clear. Do I right click the “Public Folder” of first folder under Public Folder and then run “Check DACL State” I tried it both ways and it created a log of folders that were OK and other that had “unresolved SIDS”  If these unresolved SIDs are the result of a broken trust or other Microsoft Active Directory® directory service problems, correct these problems before using Fix Folder DACLs. Also, consider how this can affect folders that are generating 9551 event messages. Should I worry about the “unresolved SIDS”  I can’t think of any Active Directory fix I could perform


. However by using this PFDAVAdmin.EXE tool and running it as the Administrator, should be the only tool I need going forward
-      I concerned about the SIDS
-      I’m not sure if I’m running the tool correctly. It is an older tool so I don’t think its Windows 7 specific
0
Comment
Question by:agieryic
  • 6
  • 2
8 Comments
 
LVL 6

Expert Comment

by:donnk
ID: 39696663
They will help you with the same issue for free just email them.
0
 
LVL 1

Author Comment

by:agieryic
ID: 39697109
Are you referring to Microsoft?
0
 
LVL 6

Expert Comment

by:donnk
ID: 39697516
yep
0
 
LVL 1

Author Comment

by:agieryic
ID: 39700804
I was not aware that they help for free. Is there a chat of email submission option you're referring to
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 1

Author Comment

by:agieryic
ID: 39700806
I assume you're referring to replying to the same email that were included in the original paid call I opened originally.
0
 
LVL 1

Author Comment

by:agieryic
ID: 39712428
Microsoft wanted me to open another paid call.
I would like to re-post this if possible
0
 
LVL 1

Accepted Solution

by:
agieryic earned 0 total points
ID: 39777950
I still have this as an open issue with Microsoft. It has not been resolved. I would like to close this case since I have no resolution

Thanks for help donnk
0
 
LVL 1

Author Closing Comment

by:agieryic
ID: 39914410
I hired a tech to was able to use the PowerShell tool to resolve the issue
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now