Microsoft KB Archive/294689

= PRB: Cannot Use MAPI To Remove Self From Public Folder ACL =

Article ID: 294689

Article Last Modified on 2/22/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition
 * Microsoft Exchange Server 5.5 Standard Edition
 * Microsoft Messaging Application Programming Interface

-



This article was previously published under Q294689



SYMPTOMS
You cannot remove yourself from a public folder's access control list (ACL) by using MAPI.



CAUSE
To modify folder permissions by using MAPI, you must have owner permissions on that folder. MAPI cannot handle the request to remove a permission that it needs to modify permissions. Any attempt to remove yourself from a public folder's ACL results in the following two rights being enabled:
 * Folder Owner
 * Folder Visible

NOTE: The Acl.dll sample that is included with the Platform Software Development Kit (SDK) uses MAPI to manipulate ACLs, and also has this limitation.



RESOLUTION
The only way to remove yourself completely from a public folder's ACL is to use Exchange Administrator (Exchange 5.5) or Exchange System Manager (Exchange 2000). You can also use Pfadmin.exe. For additional information on Pfadmin.exe, click the article number below to view the article in the Microsoft Knowledge Base:

188629 XADM: Using PFADMIN to Remove Public Folder Permissions



STATUS
This behavior is by design.



Steps to Reproduce Behavior
NOTE: These steps require that you have the Acl.dll file registered on your computer. For more information regarding this DLL, see the &quot;About the ACL Component&quot; topic in the Microsoft Developer Network (MSDN).  Start Outlook and expand Public Folders. Right-click All Public Folders and click New Folder. Type ACL Remove Test in the Name text box, and accept all default settings. Click OK. Right-click the new folder and click Properties. Click the Permissions tab. Note you have three entries:  Default, Role of Author Anonymous, Role of None Mailbox you used to create the folder, Role of Owner</li></ul> </li> In Microsoft Visual Basic, create a new Standard EXE project. Add references to Microsoft CDO 1.21 Library and Microsoft Exchange 5.5 ACL Type Library 1.0.</li>  Add a button to the form. Double-click the new button, and paste the following code into its Click event: Dim oSession As MAPI.Session Dim oFolders As MAPI.Folders Dim oFolder As MAPI.Folder Dim oACLObj As MSExchangeACLLib.ACLObject Dim oACEs As MSExchangeACLLib.IACEs Dim oACE As MSExchangeACLLib.ACE Dim strProfile As String Dim index As Integer ' Create profile string. strProfile = &quot;ExchangeServerName&quot; & vbLf & &quot;YourMailboxName&quot; ' Create a new session object. Set oSession = CreateObject(&quot;MAPI.Session&quot;) ' Log on. oSession.Logon, , False, True, , True, strProfile ' Get the public folders. Set oFolders = _ oSession.InfoStores.Item(&quot;Public Folders&quot;).RootFolder.Folders ' Find the All Public Folders folder. For Each oFolder In oFolders If oFolder.Name = &quot;All Public Folders&quot; Then Exit For End If  Next ' Get the ACL Remove Test folder. Set oFolder = oFolder.Folders.Item(&quot;ACL Remove Test&quot;) ' Create a new ACL Object. Set oACLObj = CreateObject(&quot;MSExchange.ACLObject&quot;) ' Link the ACL Object to the ACL Remove Test folder. oACLObj.CDOItem = oFolder ' Get the ACEs collection. Set oACEs = oACLObj.ACEs ' Look for the ACE that corresponds to the Owner. ' Since there are only 3 by default, ' Default, Anonymous, and the owner, we  ' just look for the one that isn't default or anonymous. For index = 1 To oACEs.Count Set oACE = oACEs.Item(index) If oACE.ID <> &quot;ID_ACL_DEFAULT&quot; And oACE.ID <> &quot;ID_ACL_ANONYMOUS&quot; Then ' Delete the ACE. oACEs.Delete oACE.ID     End If   Next ' Update the ACL object to commit changes. oACLObj.Update ' Log off. oSession.Logoff ' Clean up memory. Set oACE = Nothing Set oACEs = Nothing Set oACLObj = Nothing Set oFolder = Nothing Set oFolders = Nothing Set oSession = Nothing </li> Run your Visual Basic project. Click the button that you added to run the code.</li> Switch back to Outlook. Right-click the ACL Remove Test folder and click Properties. Click the Permissions tab. Note that your mailbox is still listed, with a role of Custom. Folder Owner and Folder Visible are selected. If you cannot view the permissions on the folder in Outlook, try viewing the permission on the folder in Exchange Administrator (Exchange 5.5) or Exchange System Manager (Exchange 2000).</li></ol>

Keywords: kbmsg kbprb KB294689

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.