Tried to add an Exchange 2007 Global Security Group to a tree of public folders today. Exchange wouldn’t see the group unless it was mail enabled, but trying to switch it to a distribution group would break the NTFS ACLs that use it. Changing the group to be a universal security group however allowed me to mail enable it under recipient configuration, distribution groups, new distribution group in the exchange management console (EMC).
Then in the exchange management shell (EMS) I ran:
get-publicfolder -identity "\publicfolder" -recurse | add-publicfolderclientpermission -user "Some Kind of Managers" -accessright publishingeditor
It’s perplexing how pipes work in powershell. That ‘get-publicfolder -identity “\foo”‘ produces very little information while ‘get-publicfolder -identity “\foo” | format-list” produces extended information is confusing to say the least, coming from a DOS/UNIX background, made worse by the command being named FORMAT rather than GETMEMOREINFORMATION. Oh well. Note that in the past I’ve seen that add-publicfolderclientpermission breaks if the user has some degree of permissions already, and you have to run a get command into a pipe to a remove command to clean up first.