Exchange 2007 Public Folder Security Groups

Tried to add an Exchange 2007 Global Security Group to a tree of public folders today. Exchange wouldn’t see the group unless it was mail enabled, but trying to switch it to a distribution group would break the NTFS ACLs that use it. Changing the group to be a universal security group however allowed me to mail enable it under recipient configuration, distribution groups, new distribution group in the exchange management console (EMC).

Then in the exchange management shell (EMS) I ran:

get-publicfolder -identity "\publicfolder" -recurse |
add-publicfolderclientpermission -user "Some Kind of Managers" -accessright publishingeditor

It’s perplexing how pipes work in powershell. That ‘get-publicfolder -identity “\foo”‘ produces very little information while ‘get-publicfolder -identity “\foo” | format-list” produces extended information is confusing to say the least, coming from a DOS/UNIX background, made worse by the command being named FORMAT rather than GETMEMOREINFORMATION. Oh well. Note that in the past I’ve seen that add-publicfolderclientpermission breaks if the user has some degree of permissions already, and you have to run a get command into a pipe to a remove command to clean up first.

2 thoughts on “Exchange 2007 Public Folder Security Groups

  1. Evan

    re: format-list to get more info. I can explain this a little bit. The default formatting for most cmdlets is defined (in Exchange.format.ps1xml file) to be a restricted set of properties in a “table” format (ie – pipe to format-table and only show a couple of properties). Piping the full object to nothing explicitly, therefore, will show the equivalent of piping it to “format-table” and will only show a couple of properties. If you pipe it to “format-table *” it will (try to) show all properties of the object in a table format, which will not work well since your screen isn’t thousands of characters wide most likely. If you pipe the object to “format-list”, in many cases there is no formatter defined for list view, so you get the full object. However, you should know that *IF* there is a list view formatter defined in the file, then you may not get the full object with just “format-list”, but instead may need to do “format-list *” to indicate you wish to override the formatting and return all properties.

    So, in short summary — you’re always getting the full object with all properties (and they’re always available if you explicitly “select” or “format-list/table” them by name or wildcard). Just in most cases, the display formatting defaults for the object are defined to only display the most important properties to the host.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.