Manage Exchange 2007 public folders with the Exchange Management Shell

Find out how to use the Exchange Management Shell to execute command-line scripts and parameters to manage Microsoft Exchange Server 2007 public folders.

There are two methods for managing public folders in Exchange Server 2007: the Exchange Management Shell or the Exchange Management Console with Service Pack 1. This tutorial explains how to use the former to execute command-line scripts and parameters to manage Exchange 2007 public folders. Specifically, you'll learn how to assign client and administrative permissions to public folders and mail-enable public folders with SMTP email addresses.

   Configuring client permissions on Exchange 2007 public folders
   Granting administrative permissions on Exchange 2007 public folders
   Mail-enabling Exchange 2007 public folders

  Configuring client permissions  Return to Top

Configuring client permissions in the Exchange Management Shell requires the use of two commands: Add-PublicFolderClientPermission and Remove-PublicFolderClientPermission. The syntax for these commands is:

Add-PublicFolderClientPermission -Identity \"public folder name" –User user name –AccessRights rights being assigned –Server "server name"

Remove-PublicFolderClientPermission -Identity \"public folder name" –User user name –AccessRights rights being removed –Server "server name"

The Exchange Management Shell also has a few individual parameters available.

The Identity parameter specifies the name of the public folder on which the action is being performed. This parameter is required.

The User parameter specifies the name of the user to which the action is being performed. You can enter either a user's principle name or an alias. You may also enter the user name in domainuser format.

The –AccessRights parameter specifies the rights that are being assigned to, or removed from, the specified user on the specified public folder. Some rights that you can specify include CreateItems or DeleteOwnedItems.

The Server parameter lets you specify the name of the server on which the requested action should be performed.

There also is an optional parameter called DomainController that lets you specify the domain controller that should be used as configuration changes are written to Active Directory. If you use the –DomainController parameter, then you must specify the name of the domain controller in fully qualified domain name (FQDN) format. For example, to grant User1 permission and create items in the Finance folder stored on the Exch1 server, you would use the following command:

Add-PublicFolderClientPermission –Identity \"Finance" –User user1 –AccessRights CreateItems –Server "Exch1"

  Granting administrative permissions  Return to Top

The Exchange Management Shell can be used to perform several administrative actions related to Exchange 2007 public folder management, including the ability to grant administrative permissions. This task uses the Add-PublicFolderAdministrativePermission command.

The basic syntax for setting public folder administrative permissions is:

Add-PublicFolderAdministrativePermission –Identity \"the name of the folder" –User user name –AccessRights the permissions that you want to assign –Server "the server that you want to perform the action on"

The PublicFolderAdministrativePermission command can be used to remove permissions. Its basic syntax is:

Remove-PublicFolderAdministrativePermission –Identity \"the name of the folder" –User user name –AccessRights the permissions that you want to remove –Server "the server that you want to perform the action on"

There are additional parameters and options available to grant administrative permissions to Exchange 2007 public folders. While most parameters perform the same function as their PublicFolderClientPermission counterparts, some are different. For example, the AccessRights parameter works in a similar way as it doesto set client permissions. This parameter accepts values related to administrative actions, instead of client access. The following values can be used with the AccessRights parameter:

  • AdministerInformationStore
  • AllExtendedRights
  • AllStoreRights
  • ModifyPublicFolderACL
  • ModifyPublicFolderAdminACL
  • ModifyPublicFolderDeletedItemRetention
  • ModifyPublicFolderExpiry
  • ModifyPublicFolderQuotas
  • ModifyPublicFolderReplicaList
  • None
  • View InformationStore

Optional parameters

The Exchange Management Shell also contains several optional public folder parameters. First is the Deny parameter, which is used to deny access to a specified public folder.

The InheritanceType parameter lets you control how the public folder handles inheritances. You can set the InheritanceType to All, Children, Decedents, None or SelfAndChildren.

The Owner parameter lets you set the folder's owner. You can enter an owner name using a user principle name, an alias or a user name in domain/user format.

The Instance parameter, which you likely won't need when manually specifying administrative permissions, can be useful if you want to call the PublicFolderAdministrativePermission command from a script. The Instance parameter lets you pass an entire object to the command for processing.

When using the PublicFolderAdministrativePermission command, you can specify multiple administrative permissions within a single command. For example, suppose that you wanted to grant User1 all store rights and all extended rights to the Finance folder on Exch1 server. You could do so by entering the following command:

Add-PublicFolderAdministrativePermission –Identity \"Finance" –User user1 –AccessRights AllStoreRights AllExtendedRights –Server "Exch1"

  Mail-enabling public folders  Return to Top

Mail-enabling an Exchange 2007 public folder assigns it with an email address. This makes it possible to post items to the public folder by emailing them to its associated address. The basic command to mail-enable a public folder is:


Before using this command, verify that the public folder that you want to mail-enable has not been enabled already by entering:


This command provides you with a list of all mail-enabled public folders. To obtain more detailed information on a specific folder, enter the following command, where public_folder_name is the actual name of the folder that you want to check:

Get-MailPublicFolder –Identity public_folder_name

Once you have confirmed that the public folder you want to mail-enable hasn't been enabled, use the Enable-MailPublicFolder command to do so. This is a fairly simple command to use, although there are several optional parameters associated with it. Table 1 shows additional command parameters that work with the Set-MailPublicFolder command. Some also work with the Enable-MailPublicFolder command.

New Page 1



AcceptMessagesOnly From

Specify which recipients are allowed to send messages to the designated public folder.


If a public folder is part of a distribution list, use this parameter to specify that the folder will only accept messages from members of the distribution list.


Reference the public folder by alias, rather than its assigned name.


Specify the designated contact person for the public folder.

CustomAttribute (1 to 15)

Specify a custom attribute.


Specify whether or not an email message should be forwarded to another address.


Specify the display name of the public folder proxy object.


Specify which domain controller you want to use as the command executes.


Specify a proxy address.


Associate a recipient policy with the public folder.


Set a forwarding address for the folder.


Specify the distinguished name of a mailbox that is allowed to send mail on behalf of the folder.


Omit the public folder from the address book. Use this parameter with the Enable-MailPublicFolder command when the folder is initially mail-enabled, or with the Set-MailPublicFolder command, if you later decide that the email address should be hidden.


Set the maximum size of an email message that a public folder can accept. Set a size limit ranging from 1KB to 2,097,151 KB. This can prevent a mail-enabled public folder from being spammed. For example, if you know that any posts to the public folder should always be short text messages, no one should post large attachments to the folder. Setting the size limit would prevent messages containing attachments from being posted to the folder.


Specify the maximum size of an email message that it can be sent from a public folder. Generally, there is really no reason to set a message size limit. However, if you're concerned about the possibility that someone might use the public folder to deliver spam, it might be useful to set an outbound message size limit.


Specify the name of the public folder.


Specify the primary SMTP address that will be associated with the mail-enabled public folder.


Designate the public folder type.


Specifically deny a mailbox the ability to send messages to the mail-enabled public folder.


Specify the name of a distribution list for which you want to prevent members from sending messages to the mail-enabled public folder.


Require that senders are authenticated before allowing them to send messages to the public folder.


Associate a simple or friendly display name with a public folder.

Table 1. Additional command parameters that work with the Set-MailPublicFolder command.

At a minimum, the only information that you must supply to the Enable-MailPublicFolder command is the name of the public folder. For example, suppose that you wanted to mail-enable an Exchange 2007 public folder named Marketing. You could complete the task by entering:

Enable-MailPublicFolder –Identity "\Marketing"

Notice that there is no email address specified in this command. If you don't specify an email address, the Exchange server will create one for you by combining the public folder name with the default SMTP domain.

More Exchange Server public folder resources:
Tip: An introduction to the Exchange Management Shell

Exchange Server 2007 Learning Guide

Tutorial: Exchange Server 2003 public folder permissions

An administrator's guide to Exchange 2003 public folders

For example, if you were to run this command on an Exchange server with a primary SMTP domain of, the public folder would be assigned the email address: [email protected]

You can also assign an email address to the Exchange 2007 public folder. Doing so involves using the PrimarySmtpAddress parameter, in conjunction with the Set-MailPublicFolder command. For example, suppose that you wanted to assign the email address [email protected] to the Marketing public folder. To do so, you would mail-enable the public folder using the MailPublicFolder command, and then use Set-MailPublicFolder to set the folder's email address. The full command would be:

Set-MailPublicFolder –Identity "\Marketing" –PrimarySMTPAddress: [email protected]

Brien M. Posey, MCSE
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at

Dig Deeper on Exchange Server setup and troubleshooting