This project is read-only.
-CheckFolderACL
This option looks for ACLs that have problems such as improper canonical order or the Anonymous entry missing.

-FixFolderACL
The same as -CheckFolderACL, except this option attempts to fix ACLs that have issues. It puts the ACEs in proper order, removes duplicates, and adds Anonymous if it is missing. This option also removes any unresolvable entries. Note that for public folders, if the ACL has duplicates it cannot be modified if the folder is not in the primary hierarchy mailbox on Exchange 2013. It's necessary to move the folder to the primary in order to fix that particular problem.

-CheckFolderACL examples

To check for ACL problems on one specific public folder:

MAPIFolders -CheckFolderACL "\Folder\Path"


To check for ACL problems on one specific mailbox folder:

MAPIFolders -CheckFolderACL -Mailbox:User1@contoso.com "\Top Of Information Store\Inbox"


To check for ACL problems on every public folder:

MAPIFolders -CheckFolderACL -Scope:Subtree


To check for ACL problems on every folder of every mailbox in a particular database, use Powershell. First, generate a file of all the mailboxes you want to process from Exchange Management Shell:

get-mailbox -database mailboxdb1 | % { Add-Content -Path $home\Desktop\MailboxesToProcess.txt -Value $_.PrimarySmtpAddress }


Then copy that file to the machine where you have Outlook and MAPIFolders, and run:

$mailboxes = Get-Content $home\Desktop\MailboxesToProcess.txt
foreach ($smtpAddress in $mailboxes) { .\MAPIFolders -CheckFolderACL -Mailbox:$smtpAddress -Scope:Subtree }

-FixFolderACL examples

The syntax for -FixFolderAcl is identical to the syntax above, but when you choose this option, it will modify any folders where it detected problems. Note that MAPIFolders currently only recognizes a couple of specific ACL issues. There are certain types of non-canonical ACLs it cannot currently detect.

Last edited May 20, 2014 at 5:17 PM by bilong, version 1

Comments

No comments yet.