How to grant full access control to public folders

Problem:

You have insufficient access rights to migrate or back up public folders with CodeTwo software.

Solution:

The admin account used in CodeTwo software to connect to the source server needs to be manually granted the Full control permission to the root public folders tree. The solution depends on your environment:

Info

If you don’t have any public folders on your target server, you need to create an empty public folder tree first. Read this KB article to learn how to do so.

Exchange Server 2013, 2016 and Exchange Online

To grant full access permission to public folders, you need to:

  1. Log in to your Exchange admin center.
  2. Click public folders on the left pane.
  3. On the public folders tab, click the ellipsis () button and select Root permissions (Fig. 1.).

658-a
Fig. 1. Accessing public folders' root permissions.

  1. Click the plus (+) button to add a new user. The public folder permissions window will open.
  2. Click browse and select the user you want to provide with the access to public folders. Click OK to confirm.
  3. From the Permission level drop-down menu, select Owner (Fig. 2.). Click save to apply the settings.

658-b
Fig. 2.
Setting up public folder permissions.

  1. Select the Apply changes to this public folder and all its subfolders checkbox (Fig. 3.).

658-c
Fig. 3. Selecting the checkbox that allows you to apply changes to all subfolders. 

  1. Click save. A pop-up window with a progress bar will appear, as shown in Fig. 4.

658-d
Fig. 4. Applying changes to public folders.

  1. Once the operation is completed, click close.

You can now use this admin account to migrate or back up public folders with CodeTwo software.

Exchange Server 2010

To grant full access permission to public folders in Exchange 2010, you can use the ADSI Edit snap-in. Follow the steps below.

  1. Click Start > Run and type: ADSIEdit.msc

    Info

    If you have created a connection to the Configuration partition already, skip to step 4 below.

  2. Click Action on the menu bar, and then click Connect to.
  3. In the Connection Point group box, click Select a well known Naming Context, and then select Configuration from the drop-down menu (Fig. 5.). Click OK.

    658-1
    Fig. 5. Connecting to the Configuration partition.
  4. On the left pane, click Configuration and expand the following items:

    • CN=Configuration,DC=<Your_Domain_Name>,DC=<Domain>
      • CN=Services
        • CN=Microsoft Exchange
          • CN=<Organization_Name>
            • CN=Administrative Groups
              • CN=Exchange Administrative Group (FYDIBOHF23SPDLT)

    and click CN=Folder Hierarchies (Fig. 6.).

    658-2
    Fig. 6. CN=Folder Hierarchies object in ADSI Edit.

  5. On the central pane, right-click CN=Public Folders and select Properties.
  6. On the Security tab, check if the user (i.e. the admin account used in CodeTwo Exchange Migration) to whom you want to give the full control over public folders is listed under Group or user name. If not, click Add, type the name of the user and click Check Names (Fig. 7.). Once the proper name is found and displayed, click OK.

    658-3
    Fig. 7. Selecting a user from AD.

  7. Select this user and in the Allow column select the Full control checkbox (Fig. 8.). Click OK to confirm.

    658-4
    Fig. 8. Assigning full control permission to the selected user.

This user account will now have full access rights to the root Public Folders tree. Use this account to configure the connection to the target Exchange 2010 server in CodeTwo software.

Tip

Once you find the CN=Public Folders object in ADSI Edit, you can also note its GUID and use it in ems Exchange Management Shell as an alternative method to quickly assign full access permissions to public folders. To do so, follow these steps:

  1. In ADSI Edit, right-click CN=Public Folders and select Properties.
  2. On the Attribute Editor tab, find objectGUID (Fig. 9.) and note its value.

    658-5
    Fig. 9. Finding objectGUID in the Properties window.

  1. Open Exchange Management Shell and use the following cmdlet to assign full access permissions to public folders:
    Add-ADPermission -Identity <GUID> -User <User_Name> -AccessRights GenericAll
    where instead of <GUID> type the value from the CN=Public Folders Properties window, and instead of <User_Name> type the name of the admin account used to perform the migration or backup.