Exchange Server 2007 Public Folder Permission Assignment
We are currently in the process of designing an Exchange 2007 organization that will be used to host two separate companies with two separate support organizations. Therefore as a requirement we have the need to implement a split permissions model, ensuring administrators in one company can only perform administration over their designated messaging objects.In order to configure the administrative permissions over the shared public folder hierarchy we have adopted the approach of removing all administrators from the Exchange Public folder administrators group and have instead implemented specific permissions to specific top-level folders using the Add-PublicfolderAdministrativePermissions cmdlet.Unfortunately we appear to be experiencing a problem following the use of the cmdlet; outlined in working example below.Working example:-Top level folder: \Company1-Responsible support group: Company1Admins-Executed command: add-publicfolderadministrativepermission -user Company1Admins -identity "\Company1" -accessrights allextendedrights -inheritencetype allFollowing the execution of the command, the Company1Admins group appears to have the required level of administration control over the \Company1 folder. The problem only becomes apparent when a new child folder is created beneath \Company1 e.g. \Company1\Child.It appears even though we have specified '-inheritencetype all' on the command, the new child folder does not inherit the ability for the Company1Admins group to administer the folder. Running the get-publicfolderadministrativepermission cmdlet against \Company1\Child reveals that the group has no permissions at all over this child folder.I would be grateful for any advice on how we can use this command to provide the desired result; are we mis-interpreting how the command works or is there some other command or syntax that we should use. Also do you know of any other way we could implement this Public folder split permissions requirement?
November 27th, 2009 11:51pm