Today I ran across a great utility called PFDavAdmin, it will let you view, set and recapture permissions on Public Folders and Exchange Mail Boxes. Before I show it to you a warning, THIS TOOL AND IT'S USE IS NOT SUPPORTED BY MICROSOFT or ME which means if you break something using it you are on your own. You can get the tool here 1st choice. Some folks are having trouble with the link. If you have trouble getting it from the Microsoft Site try here 2nd choice, which is on my site. If the tool gets updated at the Microsoft Site this secondary link may not get updated so try the first choice if possible.
Ok so here is the story, about a couple of years ago before I was maintaining this clients system, a user was allowed to create a public folder and remove the administrator's rights from the folder, NEVER DO THIS. Since I have been maintaining the system it has been haunting me. I have to exclude the folder from any maintenance I do as I can't get rights to the folder. Because of course, the user is gone and the account has been deleted. In order to get control of the contents I had to create a new folder and then copy contents from the old folder to the new one. I told everyone to only use the new one. But of course this still leaves me with the ghost folder showing up at in-opportune moments. For instance, I recently upgraded them to SBS2003 and brought over the public store, installed the new BE 9.1 and started getting error messages because once again I had no rights to the folder. So after remembering the issue with the folder I excluded it from the backup set which once again made BE happy, but not me. As I was researching another problem I was sent to a link at www.slipstick.com a Great Outlook Resource and I found PFDavAdmin there. (This may also help you resolve issues covered in KB313333) There is wealth of information on Exchange permission issues on Slipstick.com Here, if you would like deeper information on the subject.
Here is what you get when you unzip the package, in order to use the tool you must already have the net framework 1.1 installed
When you double-click on the tool it look pretty bleak, click on File, Connect
Enter the name of the Exchange Server, and give the tool some credentials to manage the server
Before you do anything I recommend exporting the existing permissions in case you have to undo what you are about to do. You need to turn on logging in the options menu before you can do the export.
This is a powerful tool, so use it sparingly, in my case I
set it to just the folder giving me problems.
I sent the export to the folder I had the tool in so I could find it easily, but you can put it wherever you like.
It took me a minute or two to realize it was done, so watch this window, it does not change much. In my case it was real fast as I was only doing the one folder, but the documentation says it can take quite a while if you are doing a large tree.
Now right click on the folder you need to fix and click on permissions
You can view, add, remove or modify permissions here. By the way the top listing is the SID of the non-existent user, so as you can see any user can look at the folder, but no one can touch it.
I was interested in just gaining owner rights so I could delete it. So I added the Domain Admin and made it the Owner. The owner of the folder is the only one who can delete it. Note I also checked "Wipe existing DACL before committing" to make sure no other permissions were left on the folder.
After clicking Commit changes it was a simple matter to log onto OWA and delete the Public Folder, note if you are doing this on an SBS 2000 system you will have to use Outlook instead of OWA, the new OWA is much more powerful.
Hope you find this useful.
*All trademarks and copyrights are property of their respective owners.