I'm the Engineer.

# Remove-AdminOwnerPermissions

This script checks each folder if the Administrator has Owner Permissions and removes if so

Script requires another user (domain account synced with 365 ,replace svc365migrator with appropriate user) to have owner permissions on folders before Administrator can be removed

Run in Exchange Console/Powershell

Update outputlocation before running

This will take quite some time to run against a large hierarchy.

$outputlocation = "C:\Source\PublicFolderSyncScripts\PublicFolderAdminOutput.txt"

param([string]$Server)

if ([System.String]::IsNullOrEmpty($Server)) { "You must specify a server." return }

function CheckOwnerForFolder($folder) { ($folder.Identity.ToString() + ": Checking folder") $administrator = Get-PublicFolderClientPermission -Identity $folder -Server $Server| WHERE { $.User -like "Administrator" } if ($administrator -ne $null -and $administrator.AccessRights -like "Owner") { $svc365migrator = Get-PublicFolderClientPermission -Identity $folder -Server $Server| WHERE { $.User -like "svc365migrator" } if ($svc365migrator -ne $null -and $svc365migrator.AccessRights -like "Owner") { #Remove if svc365migrator exists and has owner permissions foreach ($item in $administrator) { $item | Remove-PublicFolderClientPermission -Identity $folder -Server $Server -Confirm:$false } Add-Content $outputlocation ($folder.Identity.ToString() + ": Administrator permissions removed") } else { Write-Host "No svc365migrator. Unable to remove permissions" }

} }

function DoFolderRecursive($folder) { CheckOwnerForFolder($folder) $subfolders = Get-PublicFolder -Identity $folder -GetChildren if ($subfolders -ne $null) { foreach ($subfolder in $subfolders) { DoFolderRecursive($subfolder) } } }

$ipmSubtree = Get-PublicFolder "\" -Server $Server DoFolderRecursive($ipmSubtree) $nonIpmSubtree = Get-PublicFolder "\NON_IPM_SUBTREE" -Server $Server DoFolderRecursive($nonIpmSubtree)