Exchange 2010 Public Folders and the NT User Permission

I am currently working on a transition from Exchange 2007 to 2010. I like to use these types of projects to work on cleaning up the current environment before performing the upgrade. In this post I am going to talk about something every Exchange administrator loves... public folders. Why does everyone cringe when this topic comes up? We should be happy that Microsoft didn't build their replication technology for mailbox databases off of public folder replication. That would have been the end of Exchange. Back to the point. Everyone who has ever checked permissions on a public folder has seen this:



Well, now the question becomes: how can I easily remove these zombie accounts (terminology from back in the Exchange 5.5 days)? You could manually use either Outlook or PFDavAdmin to remove these permissions. But what if you had thousands of folders to process? I doubt any of us have that kind of time or patience. Exchange 2007 introduced Powershell, so let's look there. Here I have an example folder with its current folder permissions:

Thanks to PowerShell this task is going to be really simple. You just need to run the following command against this folder to remove the zombie account permissions from the parent and all subfolders:

Get-PublicFolder "\Folder1" -Recurse Get-PublicFolderClientPermission Where { $_.User.ToString().Contains("NT User:") -eq $true } Remove-PublicFolderClientPermission -Confirm:$False

Then when you check your folder permission it should look like the following:

Just a word of caution is the amount public folder replication traffic that this process may cause is dependent on the number of public folders and the number of permissions that were removed. The sample script above will also remove accounts that had their mailboxes removed. These accounts would appear as "NT User:DOMAIN\Username".