Access refused in public folders when user is in a Group

Similar Messages

• Configure legacy public folders where user mailboxes are on Exchange 2013 servers

  Hello all,
  I have mailboxes on an exchange 2013 server than need access to public folders on a 2010 server before I migrate them over.  I followed the commands in the TechNet article with the subject "Configure legacy public folders where user mailboxes
  are on Exchange 2013 servers" (sorry, I wasn't allowed to insert a link because I wasn't verified?).  The problem is when I run the last command of "Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes ProxyMailbox1,ProxyMailbox2,ProxyMailbox3"
  on the 2013 server, using the mailbox name I had created, it says it cannot be found.  Of course I checked and the mailbox exists, is configured properly, and so is the new database.  The 2013 EAC also sees the mailbox with no issues. 
  Can someone tell me why I am getting this error?
  Thanks,
  Shaibal

  Hi Mavis,
  Thank you for your response.  I am the full domain admin, and check and was part of both groups mentioned above.  Also, I have only one 2010 server with public folder, and so the command I am running on the 2013 looks like this: Set-OrganizationConfig
  -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes PFMailbox1. I even just created a second user and mailbox using the console instead of the shell, and still no luck.
  Below is the error I get:
  [PS] C:\Windows\system32>Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes PFMailbox2
  Couldn't find object "PFMailbox2". Please make sure that it was spelled correctly or specify a different object.
      + CategoryInfo          : NotSpecified: (:) [Set-OrganizationConfig], ManagementObjectNotFoundException
      + FullyQualifiedErrorId : [Server=ZOR-EXCHANGE01,RequestId=cc567b2f-34d8-41ba-9261-143223566e06,TimeStamp=3/5/2015
      4:36:10 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 2EF24201,Microsoft.Exchange.Management.Sys
    temConfigurationTasks.SetOrganizationConfig
      + PSComputerName        : zor-exchange01.zubatkin.lan

• Ignoring "Public Folders" when listing folders on an Exchange account?

  hi-
  i downloaded javamail 1.4.2 and ran the demo example "folderlist" against an exchange account i have using the "imap" protocol.
  it listed all my folders correctly, including "Public Folders" and its subfolders.
  i'd like to not list "Public Folders" though, and so was wondering if there is a programmatic way of ignoring this folder and any
  other public folders.
  when i run "folderlist" in verbose mode, i get for the "Public Folders":
  Name: Public Folders
  Full Name: Public Folders
  URL: imap://exchange-user@exchange-host/Public Folders
  Not Subscribed
  Is Directory
  IMAP Attributes:
  \Noselect
  is it appropriate to intrepret "\Noselect" as folders i don't want to include in my folder list?

  Use the Store.get*Namespaces methods. You probably only want to list the personal namespaces.

• Excluding public folders when enumerating Outlook folders

  I have an Outlook plugin that searches all Outlook folders for certain information.
  However, some users have been complaining that the plugin searches public folders as well, which are huge in certain corporations, and that in turn makes the search very slow.
  I now use the following mechanism to search Outlook folders:
  NameSpace nameSpace = outlookApp.GetNamespace("MAPI");
  Folders accountFolders = nameSpace.Folders;
  try
  if (nameSpace == null || accountFolders == null)
  return null;
  for (int i = 1; i <= accountFolders.Count; i++)
  MAPIFolder accountFolder = accountFolders.Item(i);
  MailItem res = null;
  try
  res = ScanFolder(accountFolder, mailId, scanUI);
  finally
  if (accountFolder != null) Marshal.ReleaseComObject(accountFolder);
  if (res != null) return res;
  return null;
  finally
  if (accountFolders != null) Marshal.ReleaseComObject(accountFolders);
  if (nameSpace != null) Marshal.ReleaseComObject(nameSpace);
  I've tried to look at the MAPIFolder object, but I didn't find any flag that could help me distinguish standard folders from public folders. Is there a way to do that?
  Thanks,
  Jan

  Read the PR_MDB_PROVIDER property (DASL name http://schemas.microsoft.com/mapi/proptag/0x34140102) using MAPIFolder.PropertyAccessor.GetProperty, convert it to hex using MAPIFolder.PropertyAccessor.BinaryToString. For the PF store objects,
  PR_MDB_PROVIDER property will be pbExchangeProviderPublicGuid (78B2FA70AFF711CD9BC800AA002FC45A) - you can see that property (and others) in
  OutlookSpy: click IMAPIFolder button.
  Dmitry Streblechenko (MVP)
  http://www.dimastr.com/redemption
  Redemption - what the Outlook
  Object Model should have been
  Version 5.5 is now available!

• Any possibility to restore Public Folders when priv1.edb priv1.stm and pub1.edb pub1.stm files was moved?

  Hello, good people
  (I am sorry for my english)
  introduction:
  MS Server 2003, Exchange 2003, Eset Endpoint Protection.
  We ned some free space on hdd.
  taken steps:
  1. Dismounted public and private stores
  2. priv1.edb priv1.stm pub1.edb pub1.stm files moved to Z:\post (Z: - network drive on NAS)
  3. was created new private an public sores.
  4. mounted
  results:
  1. Some strange behavior in email flow - messages stucks in local delivey queue, does not reaches recipients,ect.
  2. Lost folder "tree" in Public folders - i mean, now there is only one folder - Internet Newsgroup
  Question:
  Is there any possbility to "restore" public folder ?
  thanks a lot.

  Hi I agree with Belinda if the issue is used size on the server perform an offline defrag on all the original DB.
  Have a look here for how to:
  https://social.technet.microsoft.com/Forums/en-US/7bc0be32-584a-4940-a3ad-b56aa01a6b1f/exchange-2003-reclaim-white-space?forum=exchangesvrgenerallegacy
  You should maybe talk to your storage guy to see if your NAS is compliant with exchange:
  http://support.microsoft.com/kb/317173
  http://support.microsoft.com/kb/839687
  (careful:
  Supportability
  If you use Exchange 2003 incorrectly with a network-attached storage product, you may experience data loss, including a total loss of the Exchange database files.

• Public folders for users to identify spam

  It looks like it should work, but ...
  I have SL server providing IMAP mailboxes for users, and that all works fine.  As it is now, for a user to notify SpamAssassin that it didn't classify a message properly, they have to actively redirect the message to the junkmail or notjunkmail account.  This is a PITA and a) they can't be bothered and b) the email address to which they're to redirect or forward the improperly classified message is subject to errors.
  What I'd like is a pair of public mailboxes that they can just drag misclassified messages to, so I set up a public namespace containing two mailboxes, JunkMail and NotJunkMail.  They're visible to all the users I want them to be and the permissions seem right.  The plan is to whip up a launchd job to digest the contents of these mailboxes in the middle of the night, much like the stock sa-learn job.
  The problem is that when I try to drag a sample email message from my inbox to the JunkMail foler, I get an error that says <bold>Blah blah blah</bold> The IMAP command "UID COPY" (to Public.JunkMail) failed for the mailbox "wherever I drag from" with server error: Character not allowed in mailbox name '.'.
  I've tried changing the 'separator' in the namespaces to bot '/' and '.', with no discernible difference in behavior or message.  I've set all of the mail logging levels to DEBUG to no avail.  I've made the public mail boxes world-writable.  Nothing seems to help, or even change the client-side behavior.
  If someone more knowledgeable about dovecot and its IMAP configuration can point me in the right direction, I'd appreciate it greatly.
  Thanks,
    - Ted

  This is a followup to let people know how I got it to work.
  My supposition is that when dovecot evaluates whether a user can write into a folder it does not do a full group membership expansion to determine the user's rights, so making the folders in question writable by the shared 'mailusers' group (that all human mail users are members of) was not adequate.
  Instead, I had to add ACLs to the target folders granting explicit rights to each individual user.  My nightly spam-training script uses the approach of stopping the mail server, moving any folders that might contain trainable messages aside, replacing those folders with empty versions of themselves, then restarting the mail server.
  I had been using a more elaborate approach that evaluated whether there was anything to process before stopping the mail server, but with the ACL approach that also meant comparing the current group membership with what users had been set on the folders' ACLs.  After I had written the script to do that, I decided the slight increase in efficiency wasn't worth the added complexity - bouncing my mail server in the middle of the night isn't even marginally problematic for my users, but YMMV.  Instead, by just replacing the folders each night with their ACLs generated from the current group membership, membership changes are incorporated within 24 hours, which is good enough for me.
  Anyway, this Bash snippet shows the crux of what I'm doing now:
  readonly    SP='[:space:]'
  readonly    UserList="$(dscl  '/LDAPv3/127.0.0.1' \
      '-read' "/Groups/$UserGroup" 'Member' | sed -En \
      "s!^[$SP]*Member[$SP]*:[$SP]*(.+)[$SP]*\$!\\1!p")"
  readonly    ServerStatus="$(serveradmin status mail \
      | sed -En 's!^[^"]*"([^"]+)".*$!\1!p' \
      | tr '[:upper:]' '[:lower:]')"
  [[ "$ServerStatus" != 'running' ]] \
      || serveradmin stop mail > /dev/null
  for d in "$PublicSpamPath" "$PublicHamPath"
  do
      [[ ! -d "$d" ]] || mv "$d" "$d.$ScanSuffix"
      mkdir -m 2755 "$d"
      chgrp "$UserGroup" "$d"
      for n in $UserList
      do
          chmod +ai "$n allow $UserAcls" "$d"
      done
      mkdir -m 2755 "$d/cur" "$d/new" "$d/tmp"
      chgrp "$UserGroup" "$d/cur" "$d/new" "$d/tmp"
  done
  [[ "$ServerStatus" != 'running' ]] \
      || serveradmin start mail > /dev/null
  If this helps, you're welcome.

• ITunes where showing two public folders when there is one

  At some point recently my Mac starting seeing my MyBookWorld NAS as "\\Volumes\Public-1" and "\\Volumes\Public-2" where it just use to see one "\\Volumes\Public".  It is all the same drive.
  Now iTunes "where" shows some music in one public-1 and others in public-2.  They play ok but when my Sonos can't find public-2.
  Is there and EASY way to bulk change where iTunes thinks the files are?  I do not want to re-"organise" the library - there are 13,000 songs in Lossless format which take forever to re-organise.  I would also be concerned that iTunes would try and copy a file from Public-2 to Public-1 (which are the same in fact) and I would end up with 2 copies of everything in the same directories.......
  Any suggestions?
  David

  Hello JonathanWolf,
  Thanks for using Apple Support Communities.
  For more information on this, take a look at:
  How to find and remove duplicate items in your iTunes library
  http://support.apple.com/kb/ht2905
  Best of luck,
  Mario

• Letting someone access my Web/Public folders via Internet

  Hi... How do I let someone remotely (from outside my household network) access files on my computer to download via browser or ftp via the internet?
  Any info is appreciated. Thanks!

  You certainly would need to give someone the IP address, that's the only way anyone could find you on the internet. However, here's the problem: your DSL modem has an IP address that is meaningful on the internet as a whole. That is, the IP address of your DSL modem is an address that gives the location of your modem on the internet to anyone, anywhere in the world. Sure, it changes from time to time (unless you pay extra for it not to).
  However, the modem acts as a gateway between your computers and the internet. The IP addresses assigned to your computers will be local IP addresses, meaning that they are only meaningful on your home network. This means that, although your DSL modem is "visible" to the outside world, all your computers are hidden behind it and, thus, invisible to the outside world. So, in order to access one of those computers, you must set up port forwarding on the device that has the "real" IP address. Port forwarding basically says "If you get network traffic on a particular port, send that traffic straight on through to a specific IP address on the local network."
  Alternatives do exist, though they are primarily designed to allow you access to your own machine. For example, if you have MobileMe and two machines running Leopard, you could use Back to My Mac... but you don't want to give people your MobileMe account information and full access to your computer. You could also try [LogMeIn Free|https://secure.logmein.com/products/free>, but again, I don't think this is designed for giving other people limited access. LogMeIn may have such a service, but I'm betting it's not free.
  What would probably be easier, if this is all too tough to wrap your head around or too intimidating, would be to publish the documents you want to share on a web site. If you have a MobileMe account, you can use that.

• Post office crashes when user sends to same group

  we have a user that send emails to two groups. the group members are all internal besides one address in one of the groups.. when they send an email to these two groups, the linux 8.0.2 poa crashes. it starts backup sometimes the first time but sometimes we have to start it twice. immediately on startup it sends an error DA03 for that user to administrator. when i goto that users mailbox and look at sent items, that mail has tried to send the same time the poa crashes. when i look at the properties of the email, it has been transferred to the external address but still pending for all the internal addresses. has anyone seen this before or have any thoughts?? we have told the user not to send to these groups anymore until we figure this out. the emails are a forwarded email and the original email seems to be from the same two external email addresses...

  Originally Posted by kchurch
  we have a user that send emails to two groups. the group members are all internal besides one address in one of the groups.. when they send an email to these two groups, the linux 8.0.2 poa crashes. it starts backup sometimes the first time but sometimes we have to start it twice. immediately on startup it sends an error DA03 for that user to administrator. when i goto that users mailbox and look at sent items, that mail has tried to send the same time the poa crashes. when i look at the properties of the email, it has been transferred to the external address but still pending for all the internal addresses. has anyone seen this before or have any thoughts?? we have told the user not to send to these groups anymore until we figure this out. the emails are a forwarded email and the original email seems to be from the same two external email addresses...
  Is this still happening to you? We're seeing this issue as well and were wondering if you got a working resolution?

• Public Folders

  Hi
  I have 2 usergroups (normal reports and Advanced Reports) and have 2 folders (1 each for each user group) under "Public Folders"
  When users log in Infoview they view their respective folder under "Public Folders" .
  is there any settings by which this "Public folders" can be suppressed or at least this can be renamed to say my app name ?
  Thanks

  Thanks Tim
  "Public Folders" is not displayed under "Folder" tab.
  for rest of folders created under "Public Folders" the settings are working fine.
  i.e.
  When Advanced User logs in the system he can view Folders as
  Public Folders
        |----
  Advanced Reports
  when Normal User logs in system his view is
  Public Folders
        |----
  Reports
  for admin this is viewd as
  Public Folders
        |----
  Advanced Reports
        |----
  Reports
  What i need is when user logs in either he views folders as
        Advanced Reports
  or
  MYAPP
        |----
  Advanced Reports
  Thanks

• Cross-forest access to public folders Exchange 2013-2007

  Dear.
  We have an Exchange 2007 org in one forest and an Exchange 2013 org in another forest.
  User accounts remain in the 2007 AD, mailbox moved to Exchange 2013 in the other forest, so a linked mailbox.
  What do I need to do in the Exchange 2007 public folders to give the migrated mailboxes (not migrated users) access to these public folders?
  Thanks for the support.
  Regards.
  Peter Van Keymeulen, IT Infrastructure Solution Architect, www.edeconsulting.be

  Hi Stephen,<o:p></o:p>
  <o:p> </o:p>
  Do you have trust between Exchange 2007 forest and Exchange 2013 forest? Please set up a trust between the two forests. Then set the public folder client  permission
  to see if we can access the
  public folders.<o:p></o:p>
  <o:p> </o:p>
  If not, since Public folder cross forest migration is not supported in from an Exchange 2007/2010 forest to an exchange 2013 forest, refer to forum:
  http://social.technet.microsoft.com/Forums/office/en-US/51da1b97-fbb1-4f81-87da-c3370960c4ab/crossforest-public-folder-migration?forum=exchangesvrdeploy
  http://social.technet.microsoft.com/Forums/office/en-US/663f0dc3-a977-408a-93c7-94584fbefc62/public-folder-issue-cross-forest-migration-exchange-2010-to-2013?forum=exchangesvrdeploy
  <o:p></o:p>
  Title: Migrate Public Folders to Exchange 2013 From Previous Versions<o:p></o:p>
  Link:
  http://technet.microsoft.com/en-us/library/jj150486(v=exchg.150).aspx<o:p></o:p>
  <o:p> </o:p>
  So for public folder migration,
  the only supported path is cross forest 2007/2010 to 2007/2010 and then inter forest 2007/010 to 2013. Or
  we can first export all the public folder to PST from the Exchange 2007 forest, then import the PST to the Exchange 2013 forest.
  <o:p></o:p>
  Regards, Eric Zou

• Users unable to create or delete folders in migrated public folders using Outlook

  We have an Exchange 2013 CU3 environment migrated from Exchange 2007.
  The public folder migration was completed over the weekend.
  The environment has several public folder mailboxes.
  Post migration users are unable to create/delete new sub folders,  or modify permissions using Outlook on any of the migrated public folders.  Users can however create new top level folders using outlook. They can also create and delete new posts
  in migrated public folders.
  Admins are able to create folders and set permissions on migrated folders using the EAC.
  Test User accounts used for testing are set to use the Primary Hierarchy mailbox as their default public folder mailbox.
  Test Users have been given Owner permissions from the root down on the folders we are testing with.
  We have tested with Outlook 2010 and 2013 getting the same "Cannot create the folder" error.

  Further testing
  We moved a top level folder from a secondary PF mailbox to the primary PF mailbox using the New-PublicFolderMoveRequest command in powershell.
  After the move completed we could create new folders under the moved top level folder.
  The top level folder that was moved had it's own sub-folders that we did not move to the primary mailbox. (We didn't move the whole branch.. Just the top level folder)
  We still cannot create or modify the existing sub-folders after moving the top level folder.
  We then moved the newly created sub-folder to a secondary PF mailbox.
  At that point we could no longer create sub-folders in the folder form outlook.
  From what I can tell you can only create new sub-folders in folders homed to the primary PF mailbox when using outlook.
  Is this a bug or as designed?
  According to this Tech ed presentation Clients connecting to a secondary PF mailbox should have folder changes proxy to the primary PF mailbox.. (See slide 10)
  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/OUC-B329#fbid=
  Update : 2-5-2014
  Not much new to report other than it appears that users need to be homed to the primary PF mailbox to delete calendar meetings.
  Opened a ticket with Premier support.
  Update 2-11-2014
  Premier support continues to look into the issue. No ideas as to the cause yet.
  2-24-13
  Still no resolution from support or even a clue what is causing this.

• Exchange 2013 User cannot view public folders

  Good morning,
  User was able to view public folders, then lost connection to public folders.  User cannot view public folders in OWA. 
  Verified proper permissions.   No changes have been made to the user account in AD, exchange. 

  Did you do a fresh install of Exchange, meaning there was no version of Exchange installed previously? If not, have you moved Public Folders over to Exchange 2013 yet?  If the answer to this question is no, then you will not be able to view Public
  Folders in OWA until they are migrated over Exchange 2013.

• Client-side GW integr.: access other folder than "inbox" and public folders

  Hello,
  in our current project the call center employees should work only with the CRM web UI. MS outlook client should run in background, however, they want to access the necessary data out of the CRM UI.
  Thus, it would be possible to access other folders than the "inbox". In CRM UI, one is able to transfer e-mails from the MS outlook inbox to CRM including the creation of an activity. However, you can only access the inbox folder, not any other folder, like a subfolder of the inbox folder. Now in the call center mails are routed automatically into subfolders due to dispatching of incoming requests.
  Second thing would be to access MS outlook public folders out of the CRM web UI since some kind of knowledge base things are stored there company-wide.
  Many thanks for your help & kind regards
  Wolfgang

  Not answerted actually, but no further inputs received.

• Cannot Open Some Public Folders on MacBook

  I have several users using my macbook. Each user has their own user account. For user accounts created before "Personal File Sharing" was switched on, other users (except for root) cannot open the "Public" or "Drop" folders. Public and Drop folders for user accounts created after "Personal File Sharing" was switched on may be opened by all users. Both the pre- and post- "Personal File Sharing"-switched-on folders have the correct permissions settings.
  The only work-around I can think of to ensure every user has Public and Drop folders that every other user can open is to delete the pre-"Personal File Sharing"-switched-on user-accounts and create new ones.
  Any other suggestions? Is there some other setting I need to change?
  Help much appreciated.
  MacBook   Mac OS X (10.4.9)  

  When you say "cannot open the "Public" or "Drop" folders, do you mean that the folders are available in the list of shares but cannot be opened, or that the folders aren't available at all? I'm not sure if this is related to your problem, or what accounts for the different behaviours, but it seems in "Tiger", new accounts are often created with an empty 'sharedDir' property. This property in the user record specifies which of the user's folders is to be shared for non-user access in AFP, and usually has a value of "Public". The "Public" folders of users without this property set will not appear in the list of available "shares" that appears after connecting to an AFP server.
  To see what the current value of 'sharedDir' is on a given account, try opening "/Applications" > "Utilities" > "Terminal.app" and entering the command below, substituting 'username' with the user's "short name":<pre>nicl . -read /users/username sharedDir</pre>
  The expected output is 'sharedDir: Public', but if it is just 'sharedDir:' or 'No such key: sharedDir', then that would explain why those users' "Public" folders aren't available for personal file sharing. To set the value to "Public", make sure you are logged in to an "admin" account and try this command:<pre>sudo /usr/bin/nicl . -create /users/username sharedDir Public</pre>
  Substitute a user's name as above, and enter your "admin" password when prompted (your password will not be visible as you enter it - just press the <Return> key after you are done).