One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server

One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server

 

Keyword: Public Folder permission sharing, Exchange 2007, public folder permission, Distribution list, security group

 

Once I tried to share a public folder to the DL, I got the following error:

"One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server"

 

The first reaction is I have to concert the DL to security group and set it as Universal Group type as an MS KB (support.microsoft.com/kb/941318) mentioned. I used ADUC to make the change. However, it still doesn't work.

 

I know since Exchange 2007, you cannot assign a public folder to a shared mailbox and we have to run

 

set-mailbox -id "username" -type regular

 

I checked members of the group, and changed some of shared mailbox to regular, however, I still got the same error.

 

Why this has happened.

 

This has been a known problem since Exchange 2007. Essentially there's an active directory attribute called "msExchRecipientDisplayType" that does not get changed properly when you convert the group using the GUI interface.

 

How to Fix it

Exchange 2007

Run the following Powershell command in the Exchange Management Shell:

 

Set-DistributionGroup -Identity "thegroupname"

Exchange 2010

 

If you run that command on Exchange 2010, you will see the error (shown above)

"Members can't remove themselves from security groups. Please set the group to Closed for requests to leave."

 

You need to run the following Powershell command, in the Exchange Management Shell instead:

 

Set-Distributiongroup–identity {group name} –MemberDepartRestriction Closed

 

After that, update your Global address list, offline address list, restart Exchange file disitribution services on your all CaS servers, and f9 to download update your offline address on your Outlook. Or use online Outlook profile if you are in rush, you should be all set.

 

Summary

 

Issue:

 

You got error: "One or more users cannot be added to the folder access list. Non-local users cannot be given rights on this server" once you try to assign a DL to public folder permission.

 

You tried

1. You converted the DL to security group and changed the group type to Universal Group using ADUC

 

2. You checked member of the group and make sure you changed shared mailbox type to regular using the following cmdlet:

 

set-mailbox -ID username -type regular

 

3. You set the group using the following cmdlet:

 

for Exchange 2007

 

Set-DistributionGroup -Identity "thegroupname"

 

For Exchange 2010,

Set-Distributiongroup–identity "thegroupname" –MemberDepartRestriction Closed