de-DEen-GB
 
MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Clean legacy public folder ACL

Exchange Server 2007Exchange Server 2010Description

This scripts removes or updates users in legacy public folder ACLs. This reduces the likelihood of legacy public folder migration errors due to corrupted ACLs.

When you perform a migration from legacy public folders to modern public folders, you might see the following error as part of the migration reports.

A corrupted item was encountered: Folder ACL

Corrupted items count towards the bad item limit and will not be migrated.

When you take a closer look at the public folder ACLs, you'll see that there will be orphaned users and even users that have not been properly converted during past legacy replications.

In preparation for a modern public folder migration you should cleanup the public folder ACLs from so called zombie users.

Tasks performed by the script:

  • Remove orphaned users listed with SIDs, e.g. NT User:S-1-*
  • Identify ACL user/group with notation NT User:DOMAIN\samAccountName
    • Remove user/group, if object cannot be found in Active Directory
    • Replace user/group, if object can be found in Active Directory

Examples

# EXAMPLE 1
# Validate ACLs on public folder \MYPF and all of it's child public folders on Exchange server EX200701
.\Clean-PublicFolderACL.ps1 -RootPublicFolder "\MYPF" -PublicFolderServer EX200701 -ValidateOnly

# EXAMPLE 2
# Clean ACLs on public folder \MYPF and all of it's child public folders on Exchange server EX200701
.\Clean-PublicFolderACL.ps1 -RootPublicFolder "\MYPF" -PublicFolderServer EX200701

Version History

  • 1.0, Initial community release
  • 1.1, Fixed group replacement logic
  • 1.2, Script optimzation

Links

Last updated: 2016-12-01

Follow

 



Comments are closed.

Showing 0 Comment