PFDAVAdmin tool version 2.6 released – great new features!


Last week, we released an updated version of Microsoft Exchange Server Public Folder DAV-based Administration Tool (aka PFDAVAdmin) Version 2.6 (Build 7830) to the web. You can download it from:


 


http://www.microsoft.com/downloads/details.aspx?FamilyID=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en


 


Here are the major differences and improvements since Version 2.5:


 


- New "Custom Bulk Operation" feature. You can create LDAP-like filters based on folder properties to control what folders an operation will be performed against down the tree and also what operations will be performed against those folders.


- New "Set calendar permissions" feature. If you want to change the permissions of the Calendar folder of all the users on a server in a single operation, this option will help you. This option also automatically updates the permissions of the Freebusy Data folder, so you do not have to do it manually to ensure that Free/Busy will honor the same permissions.


- SSL preferred. For better security, v2.6 first tries port 443 (SSL) and if the connection is not successful, uses port 80 (there are a few exceptions).


- Interop.ActiveDs.dll is no longer required. You need just PFDAVAdmin.exe and E2kfdacl.dll to run the tool


 


We plan on blogging more about specific features of this build. Stay tuned!


 


- Haruya Shida

Comments (21)
  1. adam says:

    PFDAVAdmin is a great tool.

    How did Microsoft come up with the idea for the PFDAVAdmin?

    Who created PFDAVAdmin? Is there a team of people who created the tool or a person?

    What kind of tools does that team or person have coming over the horizon?

  2. Gphorx says:

    Hi Haruya Shida!

    I have created a small guide how to make the group "Everyone" able to view (reviewer) all calendars in an organization with this great tool of yours, PFDAVAdmin.

    Is this the correct way to do that?

    http://www.tekla.m.se/jesper/texter/pfdavadmin_tutorial/pfdavadmin.html

    Best Regards

    Jesper Bernle, MCSE: Messaging, Microsoft Windows Server 2003

  3. Bill Long says:

    Adam,

    PFDAVAdmin started out as a way for me to teach myself C#. Originally all it did was fix non-canonical ACLs, but once I had that part done I thought it made sense to incorporate the ability to export/import permissions in the old pfadmin format. At that point, of course, it also made sense to have it do replica export/import just like pfadmin did too. I kept gradually adding features, and the tool gained such wide usage that it became an official release late last year. Now that it’s an official tool, we do have a team of 3 or 4 people that maintain it.

    Gphorx,

    In the new version, you should use the Tools -> Set Calendar Permissions option to do this. The advantage of doing it this way is that it also automatically updates the permissions on the FreeBusy Data folder in the user’s mailbox, as required by KB237924, instead of having to run a separate propagate operation for that purpose.

    The only disadvantage is that it assumes that the name of the folder will be Calendar. For other languages, you’ll need to use a custom bulk operation or the old propagate functionality.

  4. Bill Long says:

    Gphorx,

    I just had a look at the steps at the link you provided and they look good to me. One thing you may want to include is a screenshot of you choosing Tools -> Set Calendar Permissions, since the rest of the screens look very similar to what you see when you do a normal Propagate op.

  5. Gphorx says:

    Hi Bill Long!

    Super thank you for your time, (and pointing out the missing screenshot *smile*). I think it´s amazing that an Exchange Freak in Sweden can get input from an Exchange Tool Developer in i whole different continent. Long live the Internet and community passion! ;-)

    By the way, I´ve updated my tutorial.

    If I understand you correctly, since I mostly have cutomers with Swedish Calendars (Kalender) I´ve got to use Custom Bulk Operation. It´s not all that clear to my how to point out the (Kalender) folder to edit the permissions. Can you give me a push in the right direction?

    Best Regards

    Gphorx

  6. Bill Long says:

    To create your own Custom Bulk Operation that will set permissions on Calendar folders in different languages, the steps go something like this:

    1. Go to Tools -> Custom Bulk Operation.

    2. Leave the Base set to Mailboxes.

    3. Set the Overall Filter to include the desired folder names. When you use the built-in Set Calendar Permissions operation, PFDAVAdmin sets the Overall Filter to "(|(0x3001001E=Calendar)(0x3001001E=FreeBusy Data))". You’ll notice these filters are very similar in syntax to LDAP filters. 0x3001001E is the MAPI proptag for PR_DISPLAY_NAME, and the ‘|’ means that these conditions are OR’d. You can just add in any other names you want this operation to hit. For instance, to include both Swedish and English versions, you could use a filter of "(|(0x3001001E=Calendar)(0x3001001E=Kalender)(0x3001001E=FreeBusy Data))".

    4. Hit Add to add your first operation.

    5. Choose "Folder Permissions" as the Operation Type and click OK.

    6. Leave the Action set to "Merge", and click Select to configure the permissions you want to set. These will be the permissions that will be set on the calendar folders.

    7. Set the Filter at the bottom to include the desired names. This first folder permissions op will be the one that runs against the calendar folders themselves – the permissions on FreeBusy Data will be different. So on this filter, we want to include ONLY the calendar folders. Using the example above, the filter would be "(|(0x3001001E=Calendar)(0x3001001E=Kalender))".

    8. Click OK. Now you’re back on the main Custom Bulk Operation form and you should see the operation you just configured in the bottom part of the window.

    9. Click Add again. Now we’re going to add the operation that runs against the FreeBusy Data folders.

    10. Choose "Folder Permissions" as the Operation Type and click OK.

    11. Leave the action set to "Merge" and hit Select to configure the permissions. Per KB237924, for anyone who you granted Reviewer to the Calendar folder, you should grant them Reviewer rights here as well. If you granted them something greater than Reviewer to Calendar, then you should grant them Editor rights here.

    12. Set the filter. We want this operation to only run against FreeBusy Data, so our filter will be "(&(0x3001001E=FreeBusy Data))".

    13. Click OK. Now you’re back on the Custom Bulk Operation form again and you should now see two operations listed at the bottom. One of them will set the desired permissions on the calendar folders. The other one will set either Reviewer or Editor rights on FreeBusy Data for each user who you granted access to the calendar.

    14. Click OK to begin running the Custom Bulk Operation you just configured.

    It would be nice to be able to save the custom operation settings to a file, so you don’t have to go through this series of steps every time you want to do the same thing on a different server. Maybe in a future release… :-)

    You may actually find it easier to just use the old Propagate ACEs functionality. Just right-click on the Mailboxes root, choose Propagate Folder ACEs, configure the permissions, and set it to only apply to folders named Kalendar. The disadvantage of this is that you have to then go back and run a separate propagate operation to hit FreeBusy Data, and if you want to hit calendars in other languages you would have to do each one of those separately as well. With the Custom Bulk Operation you can hit them all in one go.

    Hopefully that was fairly clear. Maybe we can do a blog post on some Custom Bulk Operation examples in the near future.

  7. Gphorx says:

    Once again – Super Thank You!!

    I´ll try this out as soon as possible, and hopefully I´ll understand it, so I can make a tutorial for creating a Swedish Bulk Change on permissions on the Calendar (or "Kalender", in Swedish) for all my Swedish Exchange gurus to use.

    I admire the passion shown. :-)

    Best Regards

    Gphorx

  8. mipbar says:

    I’m trying to remove an account or group from a folder tree using propegate folder ace’s but it’s leaving the account with ‘none’ permissions instead of removing the account entirely.  is there a way to do this?

  9. Bill Long says:

    Mipbar,

    I just tried it and you’re right, this is not working as expected in the latest build. I’ll open a bug.

    There are two other ways to remove the permissions in PFDAVAdmin, and they both appear to work properly.

    One way is to use an import file. You can run an import where every line looks like this:

    SETACL<tab>Public FoldersFolderA<tab>SomeUser<tab>Remove

    During import, when a role of "Remove" is encountered, that causes the removal of any permissions for that user on that folder.

    The other way is to use a Custom Bulk Operation. In this case, ti’s pretty simple to configure it to do what you want. Here are the steps:

    1. Go to Tools -> Custom Bulk Operation

    2. For the Base, choose the Public Folders root or the selected folder, depending on what you want.

    3. Hit Add, and choose Folder Permissions as the operation type.

    4. Hit Select, leave the first permissions dialog blank and click OK (since you don’t want to add any permissions), but in the second one add the user who you want to remove and click OK.

    5. Now you should see that back in the Folder Permissions Op window, it shows the user you’ve selected followed by "Remove".

    6. Click OK and it will start the operation.

    You can use either of those methods as a workaround until this bug is fixed.

  10. mipbar says:

    Excellent, thank you.  Worked perfectly.  Any logging available to see exactly what changed?

  11. mipbar says:

    Oops, had logging headed to a different directory than I was running the application.  This utility is the best.  I’ve despised public folders for the life of Exchange simply because these managerial features weren’t present.  Plus, public folder calendar’s don’t publish to Free/Busy :)

  12. Sue Mosher says:

    Bill, what’s the outlook for functionality comparable to PFDavAdmin for Exchange 2007? So far, PowerShell doesn’t seem to have anything to do mailbox folder-level bulk permission operations. Thanks!

  13. Bill Long says:

    Hi Sue,

    There’s an effort underway to make sure you can do most of the stuff from PFDAVAdmin through PowerShell, but it’s unclear at this time exactly what functionality will make it in. I’m sorry I don’t have a better answer for you right now.

  14. Sue Mosher says:

    Thanks, Bill. A confirmation that this is somewhere on the to-do is good news.

    Two more questions:

    1) What would a filter for a date property look like? I tried to filter on the folder’s last modification date with variations on (0x30080040<1/1/2006) but got a runtime error. (I’ve dabbled little in LDAP but a lot in MAPI properties.)

    2) Is there a way to get a consolidated view of both folder- and mailbox-level permissions. A scenario I encounter often, especially with less experienced administrators, is that somehow they’ve set permissions too loose in ADU&C so that all users can see (or worse, delete!) the items in each others’ Calendar folders. They might have given the Everyone group Full Access on the mailbox container, for example. Using PFDAVAdmin is going to show them only the folder-level permissions, right? It would be great if it could also show the mailbox rights, too, all in one report. But I guess that might be too much to ask of WebDAV?

    The other item on my wish list would be to add to the content report a new column to indicate whether the folder has custom forms to it. That would be a good marker, along with the Events tab, to help admins focus on which folders are just repositories for simple appointments, contacts, etc. and which may have more complex applications associated with them.

    Thanks for a great tool. I hope you get time to continue to build on its success.

  15. Bill Long says:

    1) Date filtering isn’t supported yet, but probably will be in the next release. This one supports the following comparisons:

    string: equals, contains, starts with, ends with

    binary: equals, contains, starts with, ends with

    boolean: equals

    ID (such as a FID): equals

    That was all I had time for in this release.

    2) Yep, PFDAVAdmin will only show the folder-level permissions. The mailbox-level security can’t be read through DAV. There are no plans to add that kind of reporting to PFDAVAdmin, so for now the solution would be to use some other tool to generate the mailbox security output, and maybe a script to combine the two sets of information.

    That’s an interesting idea about the custom forms reporting. I’ll put it on the wish list. Thanks for the feedback, and I’m glad you’ve found the tool useful!

  16. Jon Wendel says:

    I was looking into running the Set Calendar Permissions tool to set all users Calendars to allow Everyone to have Reviewer permissions but wanted to be sure that no other custom permissions that users have set will be removed.  Can you confirm that currently configured Calendar permissions will remain intact?

    Also, is there any way to make the changes permanent so that a user cannot reconfigure the Everyone permissions on their own Calendar?

  17. Kevin Phillips says:

    PFDavAdmin seems like a great tool, and I am excitied to use the content reporting feature, but I run into an issue with a large number of mailboxes. When I click on them I receive a message that "Could not expand http://(mailserver)/exadmin/admin/(domain)/mbx/mailbox/non_ipm_subtree&quot;

    Any help would be appreciated!

  18. exchangeadviser says:

    I would like to export permissions of my entire public folder tree and all sub-directories….Can this tool be used in a scripted/batch fashion to automate this process?

  19. Exchange says:

    exchangeadviser,

    Definitely – PFDAVADMIN is your tool if you need to export permissions from PFs; please check the documentation that comes with the tool, I beleive it might even have screenshots for this.

  20. OXODesign says:

    Hello

    I have a problem on my company. I have changed the permission on all mailboxes in 2 different servers. But some mailboxes where I try to check the status where I call on meeting the status do not show. The security is OK. What can this be?

    I hope some one can help me!

  21. Billy Ph says:

    This is very good docs. I just have a quick question. Is there a way to export owner permission only on PF using PPFDAVAdmin tool ? Thank you

Comments are closed.

Skip to main content