PFDavAdmin tool (Part 2)
If you missed the first part in this article series please read PFDavAdmin tool (Part 1).
In part one of this two-part article I gave you a brief introduction to the PFDavAdmin tool, covering a little history followed by two examples of what it can do for you: fixing public folder permission issues as well as exporting public folder permission lists.
In part two of this article, I’m going to take a look at three more uses of PFDAVAdmin:
- Centrally setting Calendar folder permissions for your users.
- Propagating public folder permissions lists down the hierarchy.
- Managing public folder replicas.
A common request that I see is for the ability to grant reviewer access to everybody’s calendar without having to log into each mailbox via Outlook. Methods for achieving this have existed for a while, such as the free SetPerm utility which can be downloaded from the Slipstick site here.
However, the PFDavAdmin tool can also do this and since this is a Microsoft supported tool, it’s probably the best approach. Here are the steps required:
- Run PFDavAdmin.exe.
- At the main PFDavAdmin window, select File / Connect and in the Connect window, specify the name of the Exchange server and global catalog server to connect to. Also, make sure that the Connection option is set to All Mailboxes before clicking OK. This window is shown in Figure 1.
Figure 1: Server Connection Window
- All mailboxes will then be displayed in the left-hand pane of the main PFDavAdmin window when you expand the Mailboxes object.
- From the Tools menu option, select Set Calendar Permissions.
- You will then be presented with an advisory dialog box informing you that you will be presented with another dialog box in which you can configure the permissions you would like to set on the calendar folders. There are no options here; just click OK.
- You are then presented with the blank Permissions window as shown in Figure 2.
Figure 2: Permissions Window
- To add new permissions, click the Add button. You will now be presented with the window shown below in Figure 3.
Figure 3: Choose User Window
- The Choose user area gives you the chance to add a single user, but in our case we want to grant Reviewer access to all mailboxes. Therefore, we need to click the Browse button and in the following window, choose the domain name in the drop-down box as shown below in Figure 4.
Figure 4: Selecting The Everyone Object
- From the list of objects displayed, choose the Everyone object as highlighted in Figure 4. Once selected, click OK.
- Back at the Choose user window, the Selected user field should now be populated with the Everyone user previously selected. Click OK.
- You will now be back at the Permissions window but this time the Everyone user will be shown in the list of objects. However, note that the Role field is currently set to None.
- To change the role to Reviewer, highlight the Everyone user and then, on the right-hand side of the Permissions window, change the drop-down permissions box so that the Reviewer role can be selected. This is shown below in Figure 5.
Figure 5: Setting Reviewer Permissions
- Once the Reviewer role has been selected, click OK to set the permissions. You should be presented with a dialog box informing you that you will be presented with a new dialog box that you can use to remove entities from the calendar permissions. As with the previous advisory dialog box, just click OK.
- You’ll then be presented with another blank Permissions window as before. In this case, we don’t want to remove any entries so just click OK.
- PFDavAdmin will then process the mailboxes as shown in Figure 6. Once it has finished, just close the window and you’re done. You should now be able to open anyone’s calendar in read-only mode.
Figure 6: Processing Mailboxes
Propagating Public Folder Permissions
Although there have been several improvements with Exchange 2003 SP2 regarding public folder permissions management, you may still want or need to use PFDavAdmin for such purposes. Henrik Walther wrote an article detailing these Exchange 2003 Service Pack 2 improvements and you can find that article here.
However, let’s go through using PFDavAdmin to modify a public folder hierarchy permissions list. Let’s take an example where a user has permissions on a top-level public folder but has no permissions on the various sub-folders beneath that top-level public folder. Here’s how to propagate the permissions:
- Run PFDavAdmin.
- Select File / Connect and in the Connect window, specify the name of the Exchange server and global catalog server to connect to. Also, make sure that the Connection option is set to Public Folders before clicking OK.
- All public folders will then be displayed in the left-hand pane of the main PFDavAdmin window.
- In my example, the Administrator account has Owner rights on the top-level public folder called Top-Level. The sample structure is shown below in Figure 7.
Figure 7: Public Folder Structure
- Right-click the relevant top-level public folder and choose Propagate folder ACEs from the context menu. This will produce the Propagate ACEs window as shown in Figure 8.
Figure 8: Propagate ACEs Window
- As it says in the Propagate ACEs window, select the relevant ACE that you wish to propagate to all subfolders. In my case, I select the NGH\Administrator ACE that has Owner rights on the top-level public folder. Ensure that the Add/replace option is selected and then click OK.
- A separate window will then appear that shows the tool’s progress down the folder tree. An example of this is shown below in Figure 9.
Figure 9: Processing Public Folders
- Once this has completed, check that permissions have been changed accordingly. In my case, I use Exchange System Manager to navigate to the Sub1 public folder and bring up its properties. On the Permissions tab, click the Client Permissions button and check that the permissions are correct. In my example, I see the permissions are set as shown in Figure 10 which is correct, since the NGH\Administrator account now has Owner rights against this folder.
Figure 10: Confirming Public Folder Permissions
- Note that any existing permissions should have been unaltered.
Managing Public Folder Replicas
Managing public folder replicas within Exchange System Manager can be a lot of work, particularly if you are migrating all public folders from one Exchange server to another such as when preparing to decommission a server.
In Exchange System Manager, replicas can be managed on each public folder by bringing up the properties of the relevant public folder and navigating to the Replication tab. Here it’s possible to add and remove replicas. If you have many sub-folders under a top-level public folder, it’s also possible to propagate this replica change down the public folder tree by right-clicking the public folder and choosing the All Tasks menu option. If you have Exchange 2003 SP2, you’ll then see the Manage Settings option; if you have an earlier version, you’ll see the Propagate Settings option. Either way, with these options you can propagate the top-level public folder replica settings down the tree. I won’t detail the exact process here as I’ve covered this in part 1 of my article on removing the first Exchange 2003 server from an administrative group.
You can also use PFDavAdmin to manage public folder replicas. There are a couple of ways of doing this. For example, you can manually add replicas to each top-level folder and then propagate the replica list via the Propagate replica list context menu option, or you could use the Custom Bulk Operation menu option. Continuing with my example public folder structure shown in Figure 7, here’s what to do with both options. Note that I’ll not repeat the PFDavAdmin logon procedures here since you’ve already seen those earlier in this article.
First we’ll look at the Propagate replica list option.
- With the public folder hierarchy displayed, select the relevant top-level public folder, in my case the folder named Top Level, and then in the right-hand pane choose the Replicas tab. The server(s) holding a replica of this public folder will be displayed. In my case, there is only 1 server listed, namely DCEXCH. This is shown in Figure 11.
Figure 11: Public Folder Replicas
- Click the Add button and in the resulting Add Replica window, choose the server that you would like to add a replica to. In my case, I choose SRV2.
- Once this has been done, click the Commit Changes button.
- That takes care of adding a replica to the top level public folder. Now we need to propagate these settings down to any subfolders. To do this, right-click the top level public folder and choose Propagate replica list from the context menu. You’ll be presented with the Propagate Replica List window as shown in Figure 12. Select the server replica list entries that you want to propagate and also ensure the Add option is selected.
Figure 12: Propagating a Replica List
- A separate window opens much like the one shown in Figure 9, showing you the progress through the tree. Obviously this window will show “updating replica list” rather than “updating permissions” as shown in Figure 9. That’s essentially it, although you’ll need to perform this operation on all top level public folders.
Now let’s have a look at the Custom Bulk Operation option.
- With the public folder hierarchy displayed, select the Custom Bulk Operation option from the Tools menu which will bring up the Custom Bulk Operation screen as shown in Figure 13.
Figure 13: Custom Bulk Operation
- In the Base area of the window, click the drop-down box. This will reveal the top-level public folder that was highlighted before you chose the Custom Bulk Operation option, together with the root of all public folders shown via the ‘Public Folders’ selection you see in Figure 13. You can therefore choose to work with all public folders, or a specific top-level public folder.
- Next click the Add button which will bring up the Operation Type window. Select the Replica List operation type and click OK.
- Next, the Replica List Op window is shown. Ensure the Action option is set to Merge, then click the Select button. You’ll be presented with an advisory dialog box informing you to use ctrl-click to select your stores to add to the replica list; just click OK here.
- In the Replicas To Add window, shown below in Figure 14, select the server that you wish to replicate your public folders to and then click OK. In my case, I’m adding server SRV2 to receive a replica of all public folders.
Figure 14: Replicas To Add
- You’ll then be presented with another dialog box informing you to use ctrl-click to select stores to remove from the replica list; just click OK here.
- Next the Replicas To Remove window is presented where you can choose to remove servers from the replica list. It’s exactly the same as the Replicas To Add screen. I don’t want to remove any replicas so I just click OK.
- Now back at the Replica List Op screen we see that ADD SRV2 is now displayed as the operation to perform, since SRV2 is the name of the server I selected earlier. Just click OK to proceed.
- Finally you should now be back at the Custom Bulk Operation window with the all-important information filled in as shown in Figure 14.
Figure 14: Configured Custom Bulk Operation
- Clicking OK here now spins PFDavAdmin into action and you should see a progress window similar to that shown in Figure 6 as it makes its way through the folders. You can now use Exchange System Manager to check that your chosen server has become an additional replica on all public folders.
PFDavAdmin is an extremely useful tool and can be considered something along the lines of an Exchange administrator’s Swiss army knife. Since it is a versatile and supported tool, I’d recommend downloading a copy if you already haven’t and making it a permanent part of your toolkit. I’d also recommend looking through the associated reference Word document and making yourself aware of its other capabilities.
If you missed the first part in this article series please read PFDavAdmin tool (Part 1).