Administering someone else's Out Of Office reply

Finally, I have the answer to something that's bugged me for a very long time - how to adjust a user's Exchange-based out of office reply.

Normally, the only way to do this is to log in as the user either to their Outlook, or to OWA, then adjust their OOF settings via Tools, Out of Office Assistant. Since this requires that you know the user's password, it is not always a convenient method.

I thought that there might be some way to change things via the server, perhaps via PFDAVAdmin. None that I could find, sadly, existed.

So here's a kludge that gets you the result you want:

1. In ESM, use the Manage Full Permissions option on the user's Mailbox to give yourself full permissions on the user's account.
2. On your Windows machine, go to Control Panel, Mail, Profiles.
3. Add the user's name - when you fill in the New Account form, leave the password section blank and click Next. Because you have full permissions, you don't need a password.
4. Radio on "Ask for Profile"
   
5. Open Outlook, and choose the user's profile.
6. Fill out their OOF.
7. Quit Outlook, remove their profile from the Mail Control Panel applet.
8. On the server, remove your full permissions from their account.

A kludge because it's too easy to forget the very final step, leaving a security hole.

But it works!

Exchange 2007 Public Folder reporting

Probably the best free tool to report and manage on your Public Folder hierarchy is PFDAVAdmin, available from Microsoft. I've mentioned it before.

There are two main commercial tools available that can help - Ark's Admin Report Kit for Exchange Server, and Priasoft's Public Folder Analyzer. A fairly comprehensive list of Exchange Permissions Management tools can also be found on Slipstick.

Ok, down to the real-world scenario. At the moment, I'm creating a new user, and need to give them the same permissions on the Public Folders as a current employee. I can accomplish this in a variety of ways:

1. Use the context menu, Folder Permissions to view an individual folder's permissions, and to add a user.
2. Use the context menu on the containing folder to add a user, then use context-menu, Propagate Folder ACEs to push the same permissions down to the subfolders, for that user.
3. Use powershell for a single folder:
   Add-PublicFolderClientPermission -Identity "\Marketing\West Coast" -AccessRights PublishingEditor -User Kim
4. Use one of the included E2K7 powershell scripts under C:\Program Files\Microsoft\Exchange\Scripts to recursively apply permissions:
   AddUsersToPFRecursive.ps1 -TopPublicFolder "\Sales" -User "David" -Permission Reviewer
   

Which is fine if you know which folders to touch.
But what if you've come to an organisation with an extensive preexisting Public Folder hierarchy, and missed out on the chance to mind-meld with the previous sysadmin who built it from the ground up?

Obviously you'll need a report. We have a small Public Folder scenario, with 4500+ folders which contain more than 600,000 mail items. Using

Get-PublicFolderStatistics | ft FolderPath,*ItemCount,total*

returns the size of each and every public folder. (You can pipe it out with export-csv and chuck it in Excel.)

To find out which permissions a user has on a particular folder, use:

Get-PublicFolderClientPermission -Identity "\yourfoldernamehere" -User yourusernamehere

Awesome, that's almost what we need!

To get the same info recursively over the whole Public folder tree:

Get-PublicFolder "\" -recurse | Get-PublicFolderClientPermission -user yourusernamehere export-csv

Very useful!