Video Screencast Help

SQL Tables - Exchange 2010 Migration User permissions Questions

Created: 19 Mar 2013 • Updated: 01 Apr 2013 | 5 comments
This issue has been solved. See solution.

Hello all,

The company I am working for is attempting to script out the granular permissions for a user in the Enterprise Vault.

In Archive we can set the users permissions using the mmc console. I want to script the user permission add granting full permissions

to the archive for the user. Since I am not an enterprise vault "egghead", can someone tell me the SQL tables with in the vault system that holds the User rights and acls. I want to build a powershell script to rip through all users and assign full controll to their archives.

Can someone guide me in table and rights documentation. I will post my script when done to help others with this scenario. The Exchange 2007 to 2010 removed the rights and I need to repopulate.

Comments 5 CommentsJump to latest comment

TonySterling's picture

You wouldn't be doing that in SQL.  You could use EVPM to assign permissions similar to this:

How to grant Enterprise Vault permissions on all archives to a user using EVPM (Enterprise Vault Policy Manager)
padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH195096 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2012-08-16 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2012-12-12 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL

Or if you assing the permission on the mailbox itself EV can synchronize it over to the archive for you.

Tremaine's picture

You should be able to use an EVPM script to assign users Full access on their archives if you really need to do that. However if a Mailbox/Folder synchronization is failing to set the permissions correctly then it sounds like something that needs further investigation.

You can read up on how to use EVPM in the EV admin guide.

Arjun Shelke's picture

I dont think EV stores user account names into SQL DB's for rights assignment. Even if you find out tables involved in archive permissions, you will need to pull SID of every user whom you want to grant access...

dnb50's picture

Ok, Thanks. So in looking through the EVPM documentation will i need to create a specific file for each user being permissioned? Looks like it. Am I missing something? Again appreciate the patience. New to EV. Also the other thing i am trying to figure out is how to export an archive via script. Is EVPM an option there? I see a few examples of Importing PST to achives, but nothing the other way around. Any help appreciated.


TonySterling's picture

You can't export via the script but you can have more than one archive section. 

It would look something like this:

DirectoryComputerName = Vaultserver_that_hosts_directoryservice
SiteName = Sitename_from_admin_console
ArchiveName = John Smith
GrantAccess = read write, CORP\TJones

ArchiveName = Tom Jones
GrantAccess = read write, CORP\JSmith