PRB: Cannot Use MAPI To Remove Self From Public Folder ACL (294689)



The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 5.5
  • Microsoft Extended Messaging Application Programming Interface (MAPI)

This article was previously published under Q294689

SYMPTOMS

You cannot remove yourself from a public folder's access control list (ACL) by using MAPI.

CAUSE

To modify folder permissions by using MAPI, you must have owner permissions on that folder. MAPI cannot handle the request to remove a permission that it needs to modify permissions. Any attempt to remove yourself from a public folder's ACL results in the following two rights being enabled:
  • Folder Owner
  • Folder Visible
NOTE: The Acl.dll sample that is included with the Platform Software Development Kit (SDK) uses MAPI to manipulate ACLs, and also has this limitation.

RESOLUTION

The only way to remove yourself completely from a public folder's ACL is to use Exchange Administrator (Exchange 5.5) or Exchange System Manager (Exchange 2000). You can also use Pfadmin.exe. For additional information on Pfadmin.exe, click the article number below to view the article in the Microsoft Knowledge Base:

188629 XADM: Using PFADMIN to Remove Public Folder Permissions

STATUS

This behavior is by design.

MORE INFORMATION

Steps to Reproduce Behavior

NOTE: These steps require that you have the Acl.dll file registered on your computer. For more information regarding this DLL, see the "About the ACL Component" topic in the Microsoft Developer Network (MSDN).
  1. Start Outlook and expand Public Folders. Right-click All Public Folders and click New Folder. Type ACL Remove Test in the Name text box, and accept all default settings. Click OK.
  2. Right-click the new folder and click Properties. Click the Permissions tab. Note you have three entries:
    • Default, Role of Author
    • Anonymous, Role of None
    • Mailbox you used to create the folder, Role of Owner
  3. In Microsoft Visual Basic, create a new Standard EXE project. Add references to Microsoft CDO 1.21 Library and Microsoft Exchange 5.5 ACL Type Library 1.0.
  4. Add a button to the form. Double-click the new button, and paste the following code into its Click event:
       Dim oSession As MAPI.Session
       Dim oFolders As MAPI.Folders
       Dim oFolder As MAPI.Folder
       Dim oACLObj As MSExchangeACLLib.ACLObject
       Dim oACEs As MSExchangeACLLib.IACEs
       Dim oACE As MSExchangeACLLib.ACE
       Dim strProfile As String
       Dim index As Integer
        
       ' Create profile string.
       strProfile = "ExchangeServerName" & vbLf & "YourMailboxName"
        
       ' Create a new session object.
       Set oSession = CreateObject("MAPI.Session")
        
       ' Log on.
       oSession.Logon , , False, True, , True, strProfile
        
       ' Get the public folders.
       Set oFolders = _
          oSession.InfoStores.Item("Public Folders").RootFolder.Folders
        
       ' Find the All Public Folders folder.
       For Each oFolder In oFolders
          If oFolder.Name = "All Public Folders" Then
             Exit For
          End If
       Next
        
       ' Get the ACL Remove Test folder.
       Set oFolder = oFolder.Folders.Item("ACL Remove Test")
        
       ' Create a new ACL Object.
       Set oACLObj = CreateObject("MSExchange.ACLObject")
        
       ' Link the ACL Object to the ACL Remove Test folder.
       oACLObj.CDOItem = oFolder
        
       ' Get the ACEs collection.
       Set oACEs = oACLObj.ACEs
        
       ' Look for the ACE that corresponds to the Owner.
       ' Since there are only 3 by default,
       ' Default, Anonymous, and the owner, we
       ' just look for the one that isn't default or anonymous.
       For index = 1 To oACEs.Count
          Set oACE = oACEs.Item(index)
          If oACE.ID <> "ID_ACL_DEFAULT" And oACE.ID <> "ID_ACL_ANONYMOUS" Then
             ' Delete the ACE.
             oACEs.Delete oACE.ID
          End If
       Next
        
       ' Update the ACL object to commit changes.
       oACLObj.Update
        
       ' Log off.
       oSession.Logoff
        
       ' Clean up memory.
       Set oACE = Nothing
       Set oACEs = Nothing
       Set oACLObj = Nothing
       Set oFolder = Nothing
       Set oFolders = Nothing
       Set oSession = Nothing
    						
  5. Run your Visual Basic project. Click the button that you added to run the code.
  6. Switch back to Outlook. Right-click the ACL Remove Test folder and click Properties. Click the Permissions tab. Note that your mailbox is still listed, with a role of Custom. Folder Owner and Folder Visible are selected. If you cannot view the permissions on the folder in Outlook, try viewing the permission on the folder in Exchange Administrator (Exchange 5.5) or Exchange System Manager (Exchange 2000).

Modification Type:MinorLast Reviewed:8/25/2005
Keywords:kbMsg kbprb KB294689