locked
Public folder permissions are not syncing between mailboxes RRS feed

  • Question

  • We have multiple public folder mailboxes and have created public folders under the specific mailboxes to keep the content separated (hierarchy is in the master).

    We recently ran into a problem with trying to mail enable a public folder and add the anonymous permissions to it. What we have found is Get-PublicFolderClientPermission has a parameter to specify a mailbox and if you don't specify it then it defaults to the primary public folder mailbox. Well in our case we saw that Anonymous has CreateItems on the primary public folder mailbox for this specific public folder but if we used Get-PublicFolderClientPermission with the -Mailbox parameter then it says Anonymous has permissions "None".

    The root issue is we can't email to it because it says Anonymous doesn't have rights. Well the problem we ran into is the Add-PublicFolderClientPermission doesn't have a -Mailbox permission! So how would we fix this?

    Tuesday, September 26, 2017 6:21 PM

Answers

  • I found the resolution:

    https://blogs.technet.microsoft.com/rmilne/2017/03/23/exchange-2016-cu5-released/

    Issues Not Resolved

    CU5 has some issues which could not be addressed prior to release.

    • When attempting to enable Birthday Calendars in Outlook for the Web, an error occurs and Birthday Calendars are not enabled.
    • When failing over a public folder mailbox to a different server, public folder hierarchy replication may stop until the Microsoft Exchange Service Host is recycled on the new target server.

    Fixes for both issues are planned for CU6.

    • Marked as answer by Quadrantids Wednesday, September 27, 2017 3:09 PM
    Wednesday, September 27, 2017 3:09 PM

All replies

  • Hi Quadrantids,

    Where did you see that Anonymous has CreateItems on the primary public folder mailbox for this specific public folder?

    In general, anonymous only has "None" permission on all public folders by default. If you want to assign other permissions to anonymous on specific public folder, you must run the following command to assign the permission:

    Add-PublicFolderClientPermission "\Public folder name" -User Anonymous -AccessRight "The permission you want to assign"

    I also test in my lab, it works as expected, as below:

    I create a public folder "\PF2" under the secondary Public Folder mailbox called "PF2", and create a subfolder named test2 under the \PF2

     

    When i check the permissions of the public folders on PF2 mailbox, both show anonymous has "None" permission:

    Then, I can use "Add-PublicFolderClientPermission" cmdlet to assign the "CreatItems" permission to Anonymous:

    Hope this helps,

    Best Regards,


    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 27, 2017 3:08 AM
  • we have multiple public folder mailboxes. This public folder is created in a specific public folder mailbox that is not the primary. When we run the Get-PublicFolderClientPermission on that public folder it returns that Anonymous has Createitem which I added. But if you run Get-PublicFolderClientPermission with the -Mailbox parameter and specify the public folder mailbox that the public folder belongs to, then you get Anonymous still has None permissions. I'm assuming this is why it is still rejecting emails because it says Anongmous doesn't have permissions. The problem is you can't modify those permissions with Add-PublicFoldrrClientPermissiom because it doesn't accept the -Mailbox parameter. It's like the public folder has a permission for the primary public folder mailbox and also permissions for the public folder mailbox it is in.
    Wednesday, September 27, 2017 3:17 AM
  • Please take a look at this image (this is a working example):

    

    Is this example the public folder \COM\Test is in a public folder mailbox named pf@******.com. This is NOT the primary public folder hierarchy mailbox.

    Notice how I added the Anonymous permission without specifying the -Mailbox parameter (because this parameter doesn't exist). But the Get-PublicFolderClientPermission has a -Mailbox parameter. So in this WORKING example it added it to both.

    Now in the environment i'm having issues with the Anonymous has CREATEITEMS on the primary public folder mailbox but it doesn't have it when you specify Get-PublicFolderClientPermission with the -Mailbox parameter.

    Wednesday, September 27, 2017 2:00 PM
  • I found the resolution:

    https://blogs.technet.microsoft.com/rmilne/2017/03/23/exchange-2016-cu5-released/

    Issues Not Resolved

    CU5 has some issues which could not be addressed prior to release.

    • When attempting to enable Birthday Calendars in Outlook for the Web, an error occurs and Birthday Calendars are not enabled.
    • When failing over a public folder mailbox to a different server, public folder hierarchy replication may stop until the Microsoft Exchange Service Host is recycled on the new target server.

    Fixes for both issues are planned for CU6.

    • Marked as answer by Quadrantids Wednesday, September 27, 2017 3:09 PM
    Wednesday, September 27, 2017 3:09 PM