This issue only occurs within native Exchange 2013 environments that are leveraging Modern Public Folders. The issue exists when you move public folder mailboxes. The specific issue is that if you move a public folder mailbox, there is the potential for the permission structure on some public folders to be lost. Specifically:
- If you move (via New-MoveRequest) a secondary public folder (PF) mailbox, the permissions on any public folder (including well known folders) not stored in the secondary PF mailbox would be lost from the secondary PF mailbox and replaced by the default ACL. The original ACLs can be restored via a full synchronization event by executing Update-PublicFolderMailbox -InvokeSynchronizer <Public Folder Mailbox> -FullSync.
- If you move (via New-MoveRequest) the primary PF mailbox, the permissions on any public folder (including well known folders) not stored in that public folder mailbox are lost and replaced by the default ACL.
The default ACL gives Author permissions to Default authenticated users.
Recommendation
If you have already deployed Exchange 2013 RTM CU2 (712.22) and have Modern Public Folders in your environment, we recommend you do not move public folder mailboxes so that you do not experience this issue. We will be releasing an IU that will address this issue in the near future.
If you are in the midst of a migration to Exchange 2013 and will not be deploying Modern Public Folders for some time, you can proceed with installing Exchange 2013 RTM CU2 (712.22). Once you are ready to deploy Modern Public Folders ensure you have deployed the soon-to-be-released Interim Update or the latest available Cumulative Update.
More information can be found here; please read comments prior to installing Exchange Updates as history has shown a litany of foobars!
No comments:
Post a Comment