This script removes or updates users in legacy public folder ACLs. This reduces the likelihood of legacy public folder migration errors due to corrupted ACLs.
When you perform a migration from legacy public folders to modern public folders, you might see the following error as part of the migration reports.
A corrupted item was encountered: Folder ACL
Corrupted items count towards the bad item limit and will not be migrated.
When you take a closer look at the public folder ACLs, you'll see that there will be orphaned users and even users that have not been properly converted during past legacy replications.
In preparation for a modern public folder migration, you should clean up the public folder ACLs from so-called zombie users.
Tasks performed by the script:
- Remove orphaned users listed with SIDs, e.g. NT User:S-1-*
- Identify ACL user/group with notation NT User:DOMAIN\samAccountName
- Remove user/group, if the object cannot be found in Active Directory
- Replace user/group, if the object can be found in Active Directory
# EXAMPLE 1# Validate ACLs on public folder \MYPF and all of it's child public folders on Exchange server EX2010.\Clean-PublicFolderACL.ps1 -RootPublicFolder "\MYPF" -PublicFolderServer EX2010 -ValidateOnly -Recurse# EXAMPLE 2# Clean ACLs on public folder \MYPF and all of it's child public folders on Exchange server EX200701.\Clean-PublicFolderACL.ps1 -RootPublicFolder "\MYPF" -PublicFolderServer EX200701 -Recurse
- 1.0, Initial community release
- 1.1, Fixed group replacement logic
- 1.2, Script optimization
- 1.3, Updated public folder handling
- Download and follow at Github: https://github.com/Apoc70/Clean-PublicFolderACL
- Download and like at TechNet Gallery: https://gallery.technet.microsoft.com/Remove-orphaned-users-and-bba62a39