0100100101010100

Add Public Folder Permission Power Shell Exchange 2007

To add permissions to a public folder you have 2 options:

1. Options 1 – Add the permissions per folder

Add-PublicFolderClientPermission -Identity „\xxx\xxx“ -AccessRights Owner -User „name“

1. Option 2 Recursively add permissions from a folder and all Child folders

AddUsersToPFRecursive.ps1 -toppublicfolder \ -User „name“ -Permissions Owner

Add-PublicFolderClientPermission

Add-PublicFolderClientPermission -Identity <PublicFolderIdParameter> -AccessRights <MultiValuedProperty> -User <PublicFolderUserIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Server <ServerIdParameter>] [-WhatIf [<SwitchParameter>]]

AccessRigthts:

ReadItems The user has the right to read items within the specified public folder.

CreateItems The user has the right to create items within the specified public folder.

EditOwnedItems The user has the right to edit the items that the user owns in the specified public folder.

DeleteOwnedItems The user has the right to delete items that the user owns in the specified public folder.

EditAllItems The user has the right to edit all items in the specified public folder.

DeleteAllItems The user has the right to delete all items in the specified public folder.

CreateSubfolders The user has the right to create subfolders in the specified public folder.

FolderOwner The user is the owner of the specified public folder. The user has the right to view and move the public folder and create subfolders. The user can’t read items, edit items, delete items, or create items.

FolderContact The user is the contact for the specified public folder.

FolderVisible The user can view the specified public folder, but can’t read or edit items within the specified public folder.

In addition to access rights, you can create rights based upon roles, which includes multiple access rights. This parameter accepts the following values for roles:

None FolderVisible

Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems

NonEditingAuthor CreateItems, ReadItems, FolderVisible

Reviewer ReadItems, FolderVisible

Contributor CreateItems, FolderVisible

AddUsersToPFRecursive

AddUsersToPFRecursive.ps1

This script adds a user and that user’s permissions to the client permissions list for a public folder and all the folders beneath it in the hierarchy. If the user is already listed in the client permissions list for a folder, the user’s permissions are updated to the new set specified in the script. This script accepts the following parameters:

Help This parameter displays the Help file for the script.

Server (Optional) This parameter specifies the server to operate against. This server must be an Exchange Mailbox server that contains a public folder database. If you don’t use the Server parameter to specify a server, the script defaults to the local server.

TopPublicFolder (Required) This parameter specifies the identity of the folder at the top of the public folder tree.

User (Required) This parameter specifies the identity of the user to whom to add client permissions.

Permissions (Required) This parameter specifies the client permissions to apply to the user.

When you need add permissions to regional admin , who will be able to create and delete mailboxes , distrubution groups… only for their Regional Storage Groups ( mailbox databases ) you can use powershell or you can do that over ADSIEDIT tool.Do that over powershell is not too easy for starter with EMS. I used ADSIEDIT tool and now I will show you what you will need to add appropriate permissions for regional admin.

Over ADSIEDIT 🙂 jup

this is path in ADSIEDIT in my Domain.

so start „run.exe“ and writte adsiedit.msc , enter :)( it is include in standard tools from install cd Server 2003, Server 2008 include system )

choose

configuration/cn=services/cn=microsoft exchange/cn=“name of your exchange org.“ /cn=Administration groups/cn=exchange administration group(FYDIBOHF23SPDLT)/cn=servers/cn=“name of your exch. server“/cn=information store/“names of your storage groups“

for example , In my organization I have Storage groups SGRegionPR, SGRegionBR , SGRegionOS ,

• I will add Full permissions( it will be depend on your choose ) for security group „exadminbr“ which will be manage Exchange in Region-BR on Storage Group „SGRegionBR“ Enough will be – „access recipient update services“ , „administer information store“,“read“, „list content“ to be able to create , delete mailbox. (not move)
• I adjusted deny all permission for „exadminbr“ group on other Storage Groups because I do not want to regional admin from BR will be able to see other Storage groups and their details.

• I adjusted permission „administer information store“ for „exadminbr“ group on cn=exchange administration group(FYDIBOHF23SPDLT) do you know what does it mean ? :)- -E f, X-y ,C-d ,H-i , A-b , N-o ,G-h , E-f ,12, R-s,O-p ,C-d , K-l , S-t = EXCHANGE12ROCKS 🙂 funny

You do not have to delegate this permissions on child objects ! In security tab do not use advance button, but only add group „exadminbr“ and mark „administer information store“ permission.

• I adjusted permission “ access recipient update services“ for „exadminbr“ group on cn=exchange administration group(FYDIBOHF23SPDLT) or you can add perm. on cn=servers , use advance button in security tab for add permission and delegate permissions on child objects

• I adjusted permission „list content “ for „exadminbr“ on cn=“name of your exchange org“ , use advance button in security tab for add permission and delegate permission on child objects

Na serveru Exchange v powershell  – pro exchange vložíme tento příkaz

Get-MailboxStatistics -Server „jmeno vašeho exchange serveru“ | where {$_.DisconnectDate -ne $null } | select Name,DisconnectDate

little bit from EMS

Get-MailboxDatabase -identity “SERVERNAME\First Storage Group\Mailbox Database” | Add-ADPermission -user administrator -AccessRights FullAccess

ADD-ExchangeAdministrator -Identity ‚ead.com/users1/exadmigroup‘ -Role ‚RecipientAdmin‘

OrgAdmin

RecipientAdmin

ViewOnlyAdmin

ServerAdmin

Pohodlný způsob jak vytvářet účtyv AD  i s Mailboxem

Můžete provádět na serveru exchange 2007 , kde máte powershell pro exchange a právo „domain admina“ + právo exchange pro vytvoření mailboxu .

Připravte si v notepadu př.

dostanete ve výstupu – jméno serveru , Storage groups , jméno , počet mailboxů v DB

Get-MailboxDatabase | Select Server, StorageGroupName, Name, @{Name=“Number Of Mailboxes“;expression={(Get-Mailbox -Database $_.Identity | Measure-Object).Count}} | Format-Table -AutoSize

převzato a odzkoušeno

http://exchangeshare.wordpress.com/2009/07/27/exchange-2007-database-statistics-in-powershell/

Velikost DB

Get-MailboxDatabase | Select Server, StorageGroupName, Name, @{Name=“Size (GB)“;Expression={$objitem = (Get-MailboxDatabase $_.Identity); $path = „`\`\“ + $objitem.server + „`\“ + $objItem.EdbFilePath.DriveName.Remove(1).ToString() + „$“+ $objItem.EdbFilePath.PathName.Remove(0,2); $size = ((Get-ChildItem $path).length)/1048576KB; [math]::round($size, 2)}}, @{Name=“Size (MB)“;Expression={$objitem = (Get-MailboxDatabase $_.Identity); $path = „`\`\“ + $objitem.server + „`\“ + $objItem.EdbFilePath.DriveName.Remove(1).ToString() + „$“+ $objItem.EdbFilePath.PathName.Remove(0,2); $size = ((Get-ChildItem $path).length)/1024KB; [math]::round($size, 2)}}, @{Name=“No. Of Mbx“;expression={(Get-Mailbox -Database $_.Identity | Measure-Object).Count}} | Format-table -AutoSize

velikost DB