How to Apply Permissions to Public Folder and All Sub Folders in Exchange 2007/2010 Using Exchange Management Shell

exchange 2007, Exchange 2010, Public Folders

 

If you have a public folder that your working on, and you need to apply permissions to it using the Exchange Management Shell, its pretty easy.  The command is:

Add-PublicFolderClientPermission –Identity “Foldername” –user UserName –AccessRights PublishingEditor

For instance, to add the user pponzeka to the folder IT with the Publishing Editor permission, the command would be the following:

13-Nov01 11.12

This works great, but what if we have several subfolders under IT, and we want to apply the same user permissions to all of the subfolders as well?  A utility called PFDAVADMIN that was available from Microsoft used to allow you to do this, and it still works with Exchange 2007.  But, since the protocol it uses, WebDAV is no longer available in Exchange 2010, we no longer have this option.  Plus, the shell is easier to use anyway!

So, we have the IT public folder, and three subfolders:

13-Nov02 11.16

So, first, in the Exchange Management Shell, if we attempt to list the public folder IT, this is the result of what we’ll see.  The command used is Get-PublicFolder –Identity “IT”

13-Nov03 11.21

That’s odd, we know there are three folders underneath, why doesn’t it list these?  We need to add the –Recurse option to our command, so that it looks in the root, and everything underneath.  So the command should be Get-PublicFolder –Identity “IT” –Recurse

13-Nov04 11.23

Notice the Parent Path?  IT has listed, which means its a Top Level Folder in Public Folders.  The other three have IT listed, which means they are sub folders of IT.

So, back to the top.  The permission to add permission on a public folder was:

Add-PublicFolderClientPermission –Identity “Foldername” –user UserName –AccessRights PublishingEditor

So in our case it was:

Add-PublicFolderClientPermission –Identity “IT” –User pponzeka –AccessRights PublishingEditor

So, now, how do we apply these permissions to the root folder, in this case IT, and all three subfolders, in this case Documents, Emails and Plans?  Well, we use the piping command to pipe the entire list of folders to the Add-PublicFolderClientPermission command.

Get-PublicFolder –Identity “IT” –Recurse | Add-PublicFolderClientPermission –User pponzeka –AccessRights PublishingEditor

13-Nov05 11.30

Note that we don’t need to specify the Identity  in the Add-PublicFolderClientPermission because we piped that to it with the | command.

And there you go.  The user account has been given these rights to the root folder, IT, and all its subfolders.  This works for any number of subfolders, and you can also use the same method to remove access rights. 

Comments;

  1. Jeff

    What if you want different permissions on the sub-folders and not the parent folder?

    Reply
  2. Jeff

    I know this is old, but what if I only want to apply permissions to the subfolders (in your example documents, emails, plans) and not the root folder?

    Reply
  3. Stef

    Hello,
    I get the following error:
    Add-PublicFolderClientPermission : There is no existing PublicFolderEntry that
    matches the following Identity: ‘inkoop’. Please make sure that you
    specified the correct PublicFolderEntry Identity and that you have the necessa
    ry permissions to view PublicFolderEntry.
    At line:1 char:33
    + Add-PublicFolderClientPermission <<<< -Identity "inkoop" -user R
    obert -AccessRights PublishingEditor
    + CategoryInfo : NotSpecified: (0:Int32) [Add-PublicFolderClientP
    ermission], MapiOperationException
    + FullyQualifiedErrorId : 43A21149,Microsoft.Exchange.Management.MapiTasks
    .AddPublicFolderClientPermission

    When I do it via with outlook is not good for subgroups.

    Reply
  4. Raheel

    Wow. Your solution was better than even Microsoft’s which was to run a special script designed to recurse folders. This is much better, shorter, less headache and best of all, I don’t have to look for that “special” script. This one is built into Exchange Online.

    Reply
  5. Evan Tuon

    Saved me hours of work!!!! You are deserve to be praised.
    Saved, bookmarked, written down.

    Reply
  6. Andrew

    This also works in Exchange 2013. I used to use pfdavadmin to propagate permissions on Public Folders, now after we switched to Exchange 2013, there is no more PFDAVADMIN, so the instructions above are very helpful. Thanks!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>