locked
pfdavadmin RRS feed

  • Question

  • Our auditor wants pfdavadmin to do a mailbox/folder ACL audit of 2 of our exchange servers.

    Can she run it on her machine in the same domain as the exchange servers, or does she need an account on the servers themselves?

    If she can run it remotely, whats the least priveleged account we can give her for security purposes?

     

    Tuesday, May 10, 2011 2:40 PM

Answers

All replies

  • Hi
      
    PFDAVAdmin must be run on a computer that has the following: .NET Framework 1.1 and Microsoft Windows® 2000 Server, Windows XP, Windows Server™ 2003, or Windows Vista.
       PFDAVAdmin is supported when running with Exchange 2000 Server, Exchange Server 2003 and Exchange Server 2007.
       I don’t know the permission of your auditor.
       The account must should has permission to log on GC,exchange server and has permission to access the mailbox which he wants to audit.  I always grant permission to all mailbox.
      
    Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll
       You can adjust it by yourself.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, May 11, 2011 6:52 AM
  • Hi
      
    PFDAVAdmin must be run on a computer that has the following: .NET Framework 1.1 and Microsoft Windows® 2000 Server, Windows XP, Windows Server™ 2003, or Windows Vista.
       PFDAVAdmin is supported when running with Exchange 2000 Server, Exchange Server 2003 and Exchange Server 2007.
       I don’t know the permission of your auditor.
       The account must should has permission to log on GC,exchange server and has permission to access the mailbox which he wants to audit.  I always grant permission to all mailbox.
      
    Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll
       You can adjust it by yourself.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Can you run any sort of report in pfdavadmin to show mailbox permissions for ALL mailboxes, i.e. a master report, or do you have to provide a parameter for a specific mailbox?
    Wednesday, May 11, 2011 11:29 AM
  • Hi Cf090

    This is the same quetion you have asked here. http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/b4cb645d-470d-4358-a8e2-c31b8b3f2383

    Answer is here, have you even looked at this.

    Sukh

    • Marked as answer by cf090 Wednesday, May 11, 2011 12:10 PM
    Wednesday, May 11, 2011 11:51 AM