PF Permissions

To be honest, I’ve never been a big fan of Public Folders (PFs). Actually, now that I think of it, I’ve never met an Exchange Administrator who doesn’t have a distaste for PFs. However, they are one of those things that many older and larger organizations started to used a long time ago, when it was one of the only choices for collaboration.

One of the nuances of PFs is permissions. When a Root (\) folder is created, typically us admins will setup the permissions for clients. At that point any new child item of folder inherits the permission of it’s parent folder. This works great, until you get into organizations where there can be hundreds of thousands of folders that make a giant mess.

Additionally, when you add PF permissions, the permissions do not get propagated to child folders. Of course you can use the EWS interface, however for very large trees, you will see the command timeout.

So to address this issue I made the below script. The intention of it is to set the permission on a public folder and all child directories. It is built to allow for multiple users and PF branches. This will look at the trees provided and get a list of all of the child public folders. Then it will check if the user already has permissions on the folder, and if so remove the current permissions. Why is this? Well a user can’t have more than on permission on a folder. So any attempt to add the desired permission will produce an error. So instead I strip out the current permission and then replace it with the desired permission.

Enjoy! Download

<#
.SYNOPSIS
Set the PF permissions on all children Public Folders
.DESCRIPTION

.PARAMETER PFrOOT
The path to the ROOT file that you want to set permission. This attrubte accepts multiple paths.
.PARAMETER Users
Provide the list of user
.EXAMPLE
C:\PS> .\Set-PFClientPermissions.ps1 -PFRoot ".\Folder" -Users "User1", "user2" -Perm PublishingEditor

.NOTES
Author: Joshua Wortz
Date: octover 12th, 2016
#>
paramaters(
[array]$PFRoot,
[array]$users,
[string]$Perm
)

$pfs = $pfroot | %{Get-PublicFolder $_ -Recurse}

foreach ($pf in $pfs)
{
foreach ($user in $users)
{

if (Get-PublicFolderClientPermission -User $user -Identity $pf.Identity -ErrorAction:SilentlyContinue)
{
Get-PublicFolderClientPermission -User $user -Identity $pf.Identity | Remove-PublicFolderClientPermission -Confirm:$false

}

Add-PublicFolderClientPermission -Identity $pf.Identity -AccessRights $Perm -User $user -ErrorAction:Stop

}
}
Advertisements

2 comments

  1. Is this functionally different than the “ReplaceUserPermissionOnPFRecursive.ps1” script included with Exchange? I’m about to undergo a reorganization of 12000 or so public folders and am sure one or the other will be used!

    Thanks!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s