Archive

Archive for the ‘Exchange 2007 / 2010’ Category

Exchange 2007: Add Public folder client permissions recursivley

April 14, 2011 3 comments

By default are Public folder client permissions managed in the Exchange Management Shell via the Add-PublicFolderClientPermissions command. But this command only add permissions on the specified folder and not on the underneath folders or items. By default has any Exchange Server 2007 installation a subfolder called Scripts where we can find a script called AddUsersToPFRecursive.ps1. This script can add permissions recursively to all folders and items in a specified folder. So if you apply this script on the head public folder for a security group or user and make him owner of all folders and subfolders, then you are able to manage the Public folder permissions easily within the Outlook client.

Retrieve the current permissions of a specific folder:

Get-PublicFolderClientPermissions “PublicFolder” -User “Username”

Add permissions to a specific folder:

Add-PublicFolderClientPermissions “PublicFolder” -User “Username” -AccessRights <Right>

The Exchange 2007 default Scripts are located in C:\Program Files\Microsoft\Exchange Server\Scripts:

Use the AddUsersToPFRecursive.ps1 to apply the permissions to all public folders beneath a specified head public folder:

AddUsersToPFRecursive.ps1 -TopPublicFolder “foldername” -User “username” -Permission <Right>

**note** When there are spaces in the folder name you must place it between double and single quotes “‘folder name‘”

Possible access rights:

  • Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
  • PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
  • Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
  • PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
  • Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
  • NonEditingAuthor CreateItems, ReadItems, FolderVisible
  • Reviewer ReadItems, FolderVisible
  • Contributor CreateItems, FolderVisible

See also video on MSExchange.org: Manage Client Permissions on Public Folders using built-in PowerShell scripts

Categories: Exchange 2007 / 2010

Exchange 2007: fix RecipientTypeDetails of Distribution Groups

January 4, 2011 2 comments

In this post I will explain how to change the RecipientType attribute via Powershell. I had a problem in Exchange 2007 that “Distribution groups” were displayed as Usermailboxes. So I figured out why this was and how I could solve this.

In AD you have two attributes: msExchRecipientDisplayType, msExchRecipientTypeDetails. When you output the Distributiongroup attributes in Exchange 2007: “Get-DistributionGroup name | fl” you can see RecipientType and RecipientTypeDetails. Following my experiences are the AD – Exchange 2007 mappings as follow:

msExchRecipientDisplayType (AD) = RecipientType (Exchange 2007)
msExchRecipientTypeDetails (AD) = RecipientTypeDetails (Exchange 2007)

When you create a new Distributionlist is the “msExchRecipientTypeDetails” value default “<not set>” in ADSI Edit:

But the attribute is still set in Exchange 2007: Get-DistributionGroup name | fl
It seems that Exchange automatically takes the RecipientType as RecipientTypeDetails.

My problem was that Distributiongroups were displayed as Usermailbox in the Exchange 2007 Console:

As you can see is the “msExchRecipientTypeDetails” configured with Value 1 which displays the Distribution group as UserMailbox:

I made a Powershell script to empty the attribute “msExchRecipientTypeDetails” from all Distribution groups that are displayed as “user mailbox” in the Exchange Console. It’s unfortunately not possible to configure the RecipientTypeDetails via Set-DistributionGroup. You must configure it via LDAP but this is harder to configure this via Powershell.

Some explanation of the script:

{$_.RecipientTypeDetails -eq “UserMailbox”} : Get all Distribution Groups that equals RecipientTypeDetails “UserMailbox”

Get-DistributionGroup $dis | foreach { $_.DistinguishedName } : Retrieve the Distinguishedname, this is necessary to get the full LDAP Path.

$LDAPPath.PutEx(1, “msExchRecipientTypeDetails”, $null): This command empties the value msExchRecipientTypeDetails

The script:

#Remove the AD attribute msExchRecipientTypeDetails from all Distribution groups that are visible as user mailboxes

#Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
$disAsUsermailbox = Get-DistributionGroup -ResultSize unlimited | where {$_.RecipientTypeDetails -eq “UserMailbox”}
#loop through all distributionLists
foreach ($dis in $disAsUsermailbox)
{

#Fix msExchRecipientTypeDetails in AD so that Distributionlist is displayed as Distributionlist and no longer as usermailbox (change from 1 to <not set>)
$DistinguishedName = Get-DistributionGroup $dis | foreach { $_.DistinguishedName }
$LDAPPath = [ADSI]"LDAP://$DistinguishedName"
$LDAPPath.PutEx(1, "msExchRecipientTypeDetails", $null)
$LDAPPath.setInfo()

}