Exchange 2003 Permissions and PFDAVAdmin
Help!I have two questions.How can I apply group permissions to folders in Exchange, or change the filter used by PFDAVAdmin?I want to be able to set permissions to groups rather then individual users. At the moment I have set \Everyone to Reviewer using PFDAVAdmin, but I want to set Author permission to the Secretary user group. I can do this individually in Outlook (it shows up as DOMAIN\Secretary) and all staff in that group have the Author permission, I would like to set this on all Calendar's across the company.I have tried setting the permission on one mailbox, exporting that permission using PFDAVAdmin and then re-importing the settings but PFDAVAdmin reports that it cant set permissions for objects of that type - 'that type' persumabbly being groups.In the 'Filter' box on the Choose User bit (Set Permission > Add) the LDAP query is (&(mailnickname=)(!(msExchHideFromAddressLists=TRUE))(|(&(objectClass=user)(objectCategory=person))(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=-2147483648)(groupType:1.2.840.113556.1.4.803:=8))))Can this be changed to not filter out groups?What are the default permission settings on all Mailbox folders for each user?As I was trying to set the permissions above, i inadvertantly set the Custom Bulk Operation to overwrite all permissions on all folders with filter (&) to NT AUTHORITY\ANONYMOUS LOGON = None - What permissions should each folder have? - if someone could run a report in PFDAVAdmin on all folders in a mailbox showing the default permissions and post it please?Thanks in advance
March 19th, 2009 10:47pm

1. You can add only Mail enabled Security groups and which shouldn't be hidden in GAL.You can follow the similar procedure to give Author permission to Secretary (mail enabled security group which is not hidden in GAL) which is explained in below article.FAQ: Give Calendar Read Permission on all Mailboxes - PFDavAdminhttp://exchangeshare.wordpress.com/2008/05/27/faq-give-calendar-read-permission-on-all-mailboxes-pfdavadmin/2. Yes, by default all folders haveAUTHORITY\ANONYMOUS LOGON = None permission. You can see the same in same article.Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2009 5:49am

Thanks for the reply.i still can't see how to set the permissions for a mail-enabled security group.The group i want to add has the following:displayName = tp.mail.admindistinguishedName = CN=tp.secretary,OU=usergroups,DC=tp,DC=netgroupType = -2147483646mail = tp.mail.admin@tp.netbut I can't find it in PFDAVAdmin, either by using the BROWSE button or by searching for its mailNickname. I think the filter used excludes groups except CN=Anonymous Logon,CN=WellKnown Security Principals,CN=Configuration,DC=tp,DC=net and CN=Everyone,CN=WellKnown Security Principals,CN=Configuration,DC=tp,DC=netAm I missing something obvious or is there another way of acheiving this?
March 20th, 2009 5:18pm

Hummm...It seems that group type2147483646 is Mail enabled security group but type is Global. You need to convert it to Universal because PFDavAdmin requires Universal Security Group which should have type -2147483640... Once you convert it, it should be picked up by the PFDavAdmin...Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2009 4:34pm

Ah - that was the missing link... got it working now. thanksWhy is it that I can add a global group to Outlook permissions but not in PFDAVAdmin - not that Global and Universal groups make any difference to us.
March 23rd, 2009 4:28pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics