In October of last year, I updated ExFolders with a new Clear Permissions option in order to fix folders with non-canonical ACLs. I described that update in an old blog post you can find here: http://blogs.technet.com/b/bill_long/archive/2012/05/03/3460823.aspx.
Since then, one of the most requested features has been a way to run this on a whole subtree of folders. Unfortunately, it appears that customers are seeing ACL problems more often than I expected. So today, I’ve released a new build of ExFolders that includes a way to do this. In the latest version, when you go to Tools->Custom Bulk Operation and you hit Add, you’ll find an option to Clear Folder Permissions.
One of the reasons I didn’t add this feature initially is that it is such a destructive operation. Clearing the permissions on a whole tree of folders is not something to do casually without considering the consequences. In a mailbox, you are taking away permissions on folders that users have purposely shared out. In public folders, you are literally removing all access rights for everyone, making it impossible for your clients to access the public folders.
However, when you add the Clear Folder Permissions bulk operation, you’ll notice it has a checkbox, which is selected by default, called Restore previous permissions after clearing. When this is selected, ExFolders will clear the permissions and save those changes, and then it will attempt to set the permissions that were present before and save the changes again. This should allow it to fix non-canonical ACLs without requiring the administrator to set all the permissions back the way they were before.
Of course, as with any bulk permissions change, it’s a good idea to take a permissions export first just in case something goes wrong. However, I expect this option will make importing after a mass Clear Permissions unnecessary in most cases. And because this option is selected by default, I’m hoping that if someone accidentally runs this against a set of folders, the impact will be minimal.
Great article on ExFolders. I just installed and configured the tool on my Exchange and am learning to get it to work the same way I used PFDAVAdmin to export mailbox folder permissions.
With PFDAVAdmin I will run the following command and get an export with no problem.
PFDAVAdmin -export -permissions ntaccount -s MYEXCH01 -f c:\temp\JohnD.txt -scope Mailboxes\JohnD
On my Exchange 2010, I managed to do the same using PowerShell as follows
[PS] C:\Program Files\Microsoft\Exchange Server\V14\Bin>exfolders -connectto myexchserv002 -export -permission ntaccount -scope mailboxes\email@example.com -f D:\Exfolders_logs\johnd.txt and it works great.
Here is a difficulity that I have come accross and need some help understanding how to accomplish a task discribed below.
I have been trying to figure out how to get a report of mailbox folder permissions on multiple mailboxes accross several Exchange mailbox servers by using a csv file (with a list of users) as an input and get report of each mailbox on the list outputed on a text file for each mailbox individually. I could not achive this as the ExFolders tool does not have a future which allows to use an input file. I am not good at scripting and was not able to figure if this can be accomplished with Powershell. Any help or guidance is appreciated.
That's correct, ExFolders won't take an input file for something like that. You could write a simple script to repeatedly call ExFolders to export one mailbox, and have the script take your CSV file as input.
This is totally off the top of my head, but it would look something like this:
$csvContent = Get-Content C:\mycsvfile.csv
foreach ($line in $csvContent)
$columns = $line.Split(",")
$server = $columns
$emailAddress = $columns
ExFolders -connectto $server -export -permission ntaccount -scope "mailboxes\$emailAddress" -f "C:\output\$emailAddress.txt"
Oh, that assumes that server name is in the first column of the CSV (column 0) and the email address is in the second column (column 1).
I just want to delete calendars from my Public Folders. How the heck do I do this?
To do that in an automated fashion, you'd have to write a script that looks for any public folders where the PR_CONTAINER_CLASS is IPF.Appointment, and then delete those. I don't have an existing script that does that.