This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello!
Having the problem trying to apply permissions to a public folder by means of universal security group: as you know by default all users have the Author permissions for any public folder (I'd call them "implicit permissions" because they are displayed as coming from the user "Default" in the Get-PublicFolderClientPermission's output) and if you don't want some user has the Author permission for a folder you can click Manage (Permission) in EAC, add this user and set the appropriate permission level (for example, Reviewer) - and this will work, meaning that the public folder permissions (as seen in Outlook from user's perspective) would change from Author to Reviewer. But it's not wise applying permissions on the per-user basis, so you can make use of the universal security groups - but this time permissionsdo not change from the default Author to Reviewer 9or anything else):
What am I missing here??? ...it's not possible to manage public folders without using groups...
Thank you in advance,
Michael
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 31%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJX%3C/text%3E%3C/svg%3E)
Hi @Mikhail Firsov ,
Do you have the same problem with distribution group? You can check the group permissions with the following command:
Get-PublicFolderClientPermission -Identity "\My Public Folder" -User groupname | Format-List
If you do not have the correct permissions, you may try to remove and re-create the group.
Could you please check the permission using the command below?
Get-PublicFolderClientPermission -Identity "\My Public Folder" -User groupname | Format-List
Yes, you could try re-adding the permission for this group. And check if any steps are missed or wrong with the below process, a similar discussion here:
If your security group is synced from on-prem:
New-ADGroup -Name "PF-FolderName" -SamAccountName "PF-FolderName" -GroupCategory Security -GroupScope Universal -DisplayName "PF-FolderName" -Path "OU=Security,OU=Groups,OU=MyDept,OU=Departments,DC=MyDomain,DC=Foo"
The rest were done in a MSOL pssession
Start-ADSyncSyncCycle -PolicyType delta
Get-PublicFolder -Identity "\PublicRoot\PublicFolderName" -Recurse | Add-PublicFolderClientPermission -AccessRights Editor -User PF-FolderName
Add-PublicFolderClientPermission
Remove-PublicFolderClientPermission
Hi JameXu-MSFT,
I'll check propagation of permissions with distribution groups and post back the results.
Here's the screenshot of my security group's permissions - as you see the group's permissions are correct, the problem is that they do not propagate to users in that group:
By the way: it's rather weird method for displaying user permissions: as per command's output for the user Shannon it may look like she's currently not having any permissions while she really does have the default Author permission granted ~by means of user Default:
"Do you have the same problem with distribution group?" - mmm... distribution groups can't be used for applying permissions...
Hi imamitsingh,
"Get-PublicFolder -Identity "\PublicRoot\PublicFolderName" -Recurse | Add-PublicFolderClientPermission -AccessRights Editor -User PF-FolderName" does exactly the same as adding permissions in EAC, and now it's working fine - seems restarting Outlook helped re-evaluate the new permissions (didn't check it earlier because previous permission tests did NOT require restarting Outlook to have the new permissions applied). Thank you very much for your help!
...just for not publishing one more post for the accompanying question: would you please tell me why Outlook may be asking for credentials upon starting?
The only way authentication can work out is to enter the Windows login - Shannon - instead of her email E_Shannon@...?
Thank you in advance,
Michael