Managing permissions on mailbox calendar folder
Recently I encountered a situation where the System Administrator wasn’t aware which user had permission on whose mailbox and wanted to reset the permissions on calendar folder back to the default. He wasn’t aware who could or couldn’t open other user’s mailbox/calendar and obviously it’s not an easy situation to be in!
Since the version of Exchange installed was Exchange Server 2007, we didn’t have option of running cmdlet Remove-MailboxFolderPermission that’s available in Exchange Server 2010. The option left was to use PFDAVAdmin tool. And, again if you have not explored this tool thoroughly, finding that option can be quite a time consuming effort.
So to share my knowledge and save your time (if you are stuck in similar situation and are looking for way out) I have documented the steps below.
1. Double click on PFDAVAdmin, and then click on File -> Connect.
2. In the Connect window, in the Server and authentication section, enter the details for your Exchange Server and Global Catalog and ensure that the check box for Authenticate as currently logged-on user is selected. (It’s understood that you have logged on to the Server using the credentials of Exchange Admin account.)
Under the Connection section ensure that All Mailboxes is selected.
3. Once you click on OK following screen appears.
4. If you click on the + symbol in front of Mailboxes, all mailboxes hosted on that Server are listed out.
5. Highlight on Mailboxes, click on Tools, then Custom Bulk Operation. The Custom Bulk Operation window opens up.
6. In the Custom Bulk Operation window, clicking on Add will bring up the Operation Type window as shown below.
Select the Folder Permissions option from the Operation type and click on OK it will open the Folder Permissions Op window.
7. In the Folder Permissions Op window, in the Action section select Replace.
Clicking on Select under Input for Merge or Replace section will bring the following message (You will now be presented with a permissions dialog you can use to configure the permissions that will replace all existing permissions on the folders):
Click on OK, and the Permissions window opens up.
8. In the Permissions window, ensure that default permission for NT AUTHORITY\ANONYMOUS LOGON and \Everyone with Role of None are present.
10. Clicking on OK in the Folder Permissions Op window will show the Custom Bulk Operation window with the permission that we want to apply on the folders in the mailboxes.
Clicking on OK will apply the requisite permissions.
I hope you find it useful.