Our auditor wants pfdavadmin to do a mailbox/folder ACL audit of 2 of our exchange servers. Can she run it on her machine in the same domain as the exchange servers, or does she need an account on the servers themselves? If she can run it remotely, whats the least priveleged account we can give her for security purposes?

Hi PFDAVAdmin must be run on a computer that has the following: .NET Framework 1.1 and Microsoft Windows® 2000 Server, Windows XP, Windows Server™ 2003, or Windows Vista. PFDAVAdmin is supported when running with Exchange 2000 Server, Exchange Server 2003 and Exchange Server 2007. I don’t know the permission of your auditor. The account must should has permission to log on GC,exchange server and has permission to access the mailbox which he wants to audit. I always grant permission to all mailbox. Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll You can adjust it by yourself. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi PFDAVAdmin must be run on a computer that has the following: .NET Framework 1.1 and Microsoft Windows® 2000 Server, Windows XP, Windows Server™ 2003, or Windows Vista. PFDAVAdmin is supported when running with Exchange 2000 Server, Exchange Server 2003 and Exchange Server 2007. I don’t know the permission of your auditor. The account must should has permission to log on GC,exchange server and has permission to access the mailbox which he wants to audit. I always grant permission to all mailbox. Get-Mailboxdatabase | Add-AdPermission -User "Username" -AccessRights GenericAll You can adjust it by yourself. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Can you run any sort of report in pfdavadmin to show mailbox permissions for ALL mailboxes, i.e. a master report, or do you have to provide a parameter for a specific mailbox?

Hi Cf090 This is the same quetion you have asked here. http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/b4cb645d-470d-4358-a8e2-c31b8b3f2383 Answer is here, have you even looked at this. Sukh