Public Folders

Kaiming

The public folders are the application or data sharing, often because it was a better answer than file shares. Microsoft is still “de-emphasizing” public folders in Exchange 2007. Other services, such as sharepoint, offer the better answer than public folders.

In an Exchange 2007 environment, you only need public folders for two reasons:
1. To support legacy Exchange 2003 or 2000 servers
2. To support legacy Outlook clients ( pre Outlook 2007)

All MAPI clients up to and including Outlook 2003 require a connection to a public folder server to access components that these clients depend on, including the offline address book, free/busy data, Outlook security settings, and the organization form library.

Outlook 2007 clients do not require access to public folders.
The free/busy information is through Exchange 2007 availability web service.
The offline address book is fetched through the Web Distribution Point on Client Access Server.

public1

Public2

public3

Organizational forms are not available in Exchange 2007.

Within Exchange 2003 and 2007 environment, the mailbox database must associate with a public folder database.

public4

Ex20071 is the first Exchange 2007 installed in this environment.

Public5

Ex20072 is the second Exchange 2007 installed into Exchange 2003 organization.

Public6

Even though there is no new public folder database automatically created, the Mailbox Database is still associated with a public folder database (Paula). If you want, you can create a public folder database and modify the association.

New-PublicFolderDatabase -Name Pub –StorageGroup ‘Ex20072\PFS Group’ –EdbFilePath ‘C:\Program Files\Microsoft\Exchange Server\Mailbox\PFS Group\Pub.edb’

Active Directory operation failed on Paula.work.com. This error is not retriable. Additional information:Access is did. Active Director repons:00000005: SecErr:DSID03151E04, problem 403 (INSUFF_ACCESS_RIGHTS),data 0

Cause: Administrator is denied to create/delete Public Information Store Objects on Ex20072 server.

Public7

Allow Administrator to create/delete Public Information Store Objects on Ex20072.

New-PublicFolderDatabase -Name 'Pub' -StorageGroup 'Ex20072\First Storage Group' -EdbFilePath 'C:\Program Files\Microsof\Exchange Serer\Mailbox\First Storage Group\pub.edb'

mount-database 'ex20072\pub'

Set-MailboxDatabase -id 'ex20072\Mailbox Database' –PublicFolderDatabase 'ex20072\pub'

Exchange Server Manager

public8

public9

public10

Get-PublicFolder '\' -Recurse | fl Name,Replicas

Name : IPM_SUBTREE
Replicas : {}

Name : 2003-abc
Replicas : {Public Folder Store (PAULA)}

Name : ex20071-abc
Replicas : {Public Folder Database}

Name : ex20072-ABC
Replicas : {Pub}

Name : Internet Newsgroups
Replicas : {Public Folder Store (PAULA)}

Remove-PublicFolderDatabase 'EX20072\First Storage Group\Pub'
Remove-PublicFolderDatabase : The public folder database "EX20072\First Storage Group\Pub" contains folder replicas. Before deleting the public folder database, remove the folders or move the replicas to another public folder database. For detailed instructions about how to remove a public folder database, see http://go.microsoft.com/fwlink/?linkid=81409.
At line:1 char:28
+ Remove-PublicFolderDatabase <<<< 'EX20072\First Storage Group\Pub'

Don’t run the following batches on your production Exchange Server. They will delete all public folders.

get-publicFolder –Server 'Ex20072' "\" -Recurse -ResultSize:unlimited | Remove-PublicFolder -Server "Ex20072" -Recurse -ErrorAction:SilentlyContinue

get-publicFolder -Server 'Ex20072' "\NON_IPM_SUBTREE" -Recurse -ResultSize:unlimited | Remove-PublicFolder -Server "Ex20072" -Recurse -ErrorAction:SilentlyContinue

Remove-PublicFolderDatabase -Identity 'ex20072\First Storage Group\pub'

get-publicFolder –Server 'Ex20071' "\" -Recurse -ResultSize:unlimited | Remove-PublicFolder -Server "Ex20071" -Recurse

get-publicFolder -Server 'Ex20071' "\NON_IPM_SUBTREE" -Recurse -ResultSize:unlimited | Remove-PublicFolder -Server "Ex20071" -Recurse

Remove-PublicFolderDatabase -Identity 'ex20071\Second Storage Group\public Folder Database'

New-StorageGroup -Server 'EX20072' -Name 'Second Storage Group' -LogFolderPath 'C:\Program Files\Microsoft\Exchange Server\Mailbox\Second Storage Group' -SystemFolderPath 'C:\Program Files\Microsoft\Exchange Server\Mailbox\Second Storage Group'

New-PublicFolderDatabase -Name 'Pub' -StorageGroup 'Ex20072\Second Storage Group' -EdbFilePath 'C:\Program Files\Microsof\Exchange Serer\Mailbox\Second Storage Group\pub.edb'

Observation:
If the public folder database is not associated with a Mailbox database, the public folder hierarchy will not replicate to it.

Set-MailboxDatabase -id 'ex20072\Mailbox Database' –PublicFolderDatabase 'ex20072\pub'

If your Public Folder Hierarchy does not replicate to another exchange server, you should check the Event Viewer.
WORK\IUSR_PAULA was unable to log on as WORK\IUSR_PAULA to the Public Folder Store "First Storage Group\Public Folder Store (PAULA)".

I restart the Microsoft Exchange Information Store. The replication works.

public11

Public12

I didn’t see the difference between “Public Folders” and “Public Folder Instances”, except that you can add/remove replicas from “Public Folder Instances”.

Understanding the public folder hierarchy

Forest work.com has two trees.

public13

public14

public15

Win20081\First Storage Group\Mailbox Database is associated with Win20081\Second Storage Group\Public Folder Database.

public17

Win20082\First Storage Group\Mailbox Database is associated with Win20082\Public Folder Storage Group\Public Folder Database.

public16

public18

CDI Top folder is created in Win20081 server.

public19

VANARTS Top folder is created in Win20082 server.

public20

public21

get-mailbox | Where {$_.alias -eq 'administrator'}| Fl ServerName,*SMTP*,alias, database

ServerName         : win20081
PrimarySmtpAddress : Administrator@work.com
Alias              : Administrator
Database           : WIN20081\First Storage Group\Mailbox Database

ServerName         : win20082
PrimarySmtpAddress : Administrator2@work.com
Alias              : Administrator
Database           : WIN20082\First Storage Group\Mailbox Database

Experiment one:
dismount-database 'Win20081\Second Storage Group\Public Folder Database'

Open Outlook profile with administrator@work.com

You cannot open the Public Folders, because the administrator@work.com mailbox is associated with Win20081\Second Storage Group\Public Folder Database.

public22

mount-database "Win20081\second storage group\public folder database"
dismount-database "win20082\Public Folder Storage Group\public Folder database"

Administrator@work.com can browse the entire folder tree but cannot open the folders that are hosted on Win20082\Public Folder Storage Group\Public Folder Database.

public23

That confirms that there is only one public folder tree. You can create folders on any public folder database. The folders will automatically replicate to the other public folder databases in the organization. The content under the folder will not automatically replicate to other public folder databases.

What is Replica?

If you want VANARTS folder to be replicated to Win20081\Second Storage Group\Public Folder Database, do the following:

public24

Set-PublicFolder -Identity '\VANARTS' -Replicas "Win20081\Second Storage Group\Public Folder Database","Win20082\Public Folder Storage Group\Public Folder Database"

public25

Wait for 15 minutes for replication.

dismount-database "win20082\Public Folder Storage Group\public Folder database"

public26

You can open Vanarts folder but you cannot open all the subfolders.

Setting the replicas is one folder at a time. No inheritance.

public folder management scripts

CD $ExScripts

AddReplicaToPFRecursive.ps1
AddUsersToPFRecursive.ps1

MoveAllReplicas.ps1

RemoveReplicaFromPFRecursive.ps1
RemoveUserFromPFRecursive.ps1
ReplaceReplicaOnPFRecursive.ps1
ReplaceUserPermissionOnPFRecursive.ps1
ReplaceUserWithUserOnPFRecursive.ps1

AddReplicaToPFRecursive.ps1 -Server "Win20081" -TopPublicFolder "\CDI" -ServerToAdd "Win20082"

Server Win20082 will host replicas for entire public folders of Win20081.

List the hierarchy of public folders

Get-PublicFolder -Identity '\' -Recurse

Name                                    Parent Path
----                                    -----------
IPM_SUBTREE
CDI                                                     \
Business                                               \CDI
CDI Calendar                                       \CDI
Network                                            \CDI
Programming                                        \CDI
Vanarts                                                \
2D                                                       \Vanarts
3D                                                       \Vanarts
DP                                                       \Vanarts
GAD                                                    \Vanarts
vanarts Calendar                                   \Vanarts

System Folders
System folders store information such as the Offline Address Book and free/busy information.

Do not modify these folders.

Get-PublicFolder -Identity '\non_IPM_SUBTREE' -Recurse

MoveAllReplicas.ps1 -Server Ex20072 -NewServer Paula

RemoveReplicaFromPFRecursive.ps1 -topPublicFolder '\' -ServerToRemove Ex20071

If you have successfully moved the replicas and you receive an error stating that the public folder database cannot be removed because the public folder database contains replicas, you may need to wait several hours for public folder replication to finish.

If a public folder has only one replica, you must run MoveAllReplicas.ps1 script. If you run RemoveReplicaFromPFRecursive.ps1, it will report error. The reason is simple that you got have a Exchange server to host the replica.

Why mail-enable a public folder?

Enable-MailPublicFolder -id '\vanarts'

You could post your messages by sending e-mail.

Public Folder Permissions

To manage Public Folder Permissions, you have to use the Outlook client or Exchange Management Shell.

Add-PublicFolderClientPermission

ReadItems The user has the right to read items within the specified public folder.
CreateItems The user has the right to create items within the specified public folder.
EditOwnedItems The user has the right to edit the items that the user owns in the specified public folder.
DeleteOwnedItems The user has the right to delete items that the user owns in the specified public folder.
EditAllItems The user has the right to edit all items in the specified public folder.
DeleteAllItems The user has the right to delete all items in the specified public folder.
CreateSubfolders The user has the right to create sub-folders in the specified public folder.
FolderOwner The user is the owner of the specified public folder.
FolderContact The user is the contact for the specified public folder.
FolderVisible The user can view the specified public folder, but cannot read or edit items within the specified public folder.

Add-PublicFolderClientPermission '\cdi' -AccessRights 'Contributor' -User Rob.Prince

Add-PublicFolderAdministrativePermission

None The administrator does not have any rights to modify public folder attributes.
ModifyPublicFolderACL The administrator has the right to modify client access permissions for the specified folder.
ModifyPublicFolderAdminACL The administrator has the right to modify administrator permissions for the specified public folder.
ModifyPublicFolderDeletedItemRetention The administrator has the right to modify the Public Folder Deleted Item Retention attributes (RetainDeletedItemsFor, UseDatabaseRetentionDefaults).
ModifyPublicFolderExpiry The administrator has the right to modify the Public Folder Expiration attributes (AgeLimit, UseDatabaseAgeDefaults).
ModifyPublicFolderQuotas The administrator has the right to modify the Public Folder Quota attributes (MaxItemSize, PostQuota, PostWarningQuota, UseDatabaseQuotaDefaults)
ModifyPublicFolderReplicaList The administrator has the right to modify the replica list attribute for the specified public folder (Replicas).
AdministerInformationStore The administrator has the right to modify all other public folder properties that are not defined above.
ViewInformationStore The administrator has the right view public folder properties.
AllExtendedRights The administrator has the right to modify all public folder properties.

Add-PublicFolderAdministrativePermission '\cdi' -AccessRights 'AllStorerights' -user Rob.Prince

Get-PublicFolderAdministrativePermission \vanarts -user rob.prince | fl user,AccessRights

User : WORK\Rob.Prince
AccessRights : {ModifyPublicFolderACL}

User : WORK\Rob.Prince
AccessRights : {ModifyPublicFolderAdminACL}

User : WORK\Rob.Prince
AccessRights : {ModifyPublicFolderDeletedItemRetention}

User : WORK\Rob.Prince
AccessRights : {ModifyPublicFolderExpiry}

User : WORK\Rob.Prince
AccessRights : {ModifyPublicFolderQuotas}

User : WORK\Rob.Prince
AccessRights : {ModifyPublicFolderReplicaList}

User : WORK\Rob.Prince
AccessRights : {AdministerInformationStore}

User : WORK\Rob.Prince
AccessRights : {ViewInformationStore}

Remove-PublicFolderAdministrativePermission \vanarts -User Rob.Prince -AccessRights AllStoreRights

Add-PublicFolderAdministrativePermission \vanarts -user Rob.Prince -AccessRights 'AllExtendedRights'

The AllStoreRights access option does not allow the user to assign administrative permissions to another user. If you want to give them full administrative permission, you use the –AccessRights AllExtendedRights option. To check what management permissions exist on a public folder:

What is the difference between Client Permissions and Administrative Permissions?

Get-PublicFolderStatistics | Select Name, ItemCount,TotalItemSize| Sort-Object TotalItemSize | Format-Table

public27

Get-PublicFolderStatistics | Select Name, ItemCount,TotalItemSize | Sort TotalItemSize | Format-Table @{expression="Name"; width=30; label ="Public Folder"},@{expression="ItemCount"; width=10; label = "Items"},@{expression={[math]::round([double](([string]$_.TotalItemSize).split("B")[0]) /1024 , 2)} ; width=15; label="Size(KB)"}

public28

Suspend-PublicFolderReplication

Resume-PublicFolderReplication

Why to suspend the replication of public folder content?

You want to reconfigure the public folder hierarchy and replication schedules. Suspend-PublicFolderReplication cmdlet will suspend the Public Folder Content Replication but not Public Folder Hierarchy. In the mixed environment with Exchange 2003, the Suspend-PublicFolderReplication cmdlet will suspend the public folder content replication on all servers in the organization.

Update-PublicFolder –identity PUBLICFOLDER

To start content synchronization of a public folder

Update-PublicFolder -Identity '\vanarts' -Server 'Win20082'

Update-PublicFolderHierarchy

Update-PublicFolderHierarchy -Server 'Win20081'

By default, Exchange 2007 allows only Exchange Organization Administrator to create the top level public folders. You can change it by using Add-ADPermission cmdlet.

Add-ADPermission -id 'CN=Public Folders,CN=Folder Hierarchies,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=work,DC=com' -ExtendedRights ms-exch-create-top-level-public-folder -AccessRights ReadProperty,GenericExecute

What is Public Folder Referral?

If you only have one Public Folder Database, don’t worry about the referral. All public folders are stored there.

Assuming you has two public folder databases:

public29

Each Exchange Organization has only one hierarchy. Win20081 and Win20082 have the entire hierarchy. Win20081 has the replicas of content under CDI folder. Win20082 has the replicas of content under Vanarts folder.

When User1 opens the Business Folder, its default public folder database does host the content. OUTLOOK client accesses the local replica. When user1 opens the DP folder, the default public folder database does not host the content and knows where it is. This process is called referral.

How about the Win20081 server hosts All Replicas?

public30

The USER will get the content from local replicas.

If you have three or more public folder database servers and you have not configured any replicas, each exchange server will have the entire hierarchy of the organization.

public31

How to get to other public databases?
The default configuration is to USE ACTIVE DIRECTORY SITE COSTS.

public32

Backup—how do you know it was performed?

Exchange 2003 and 2007 both stamp databases with the date and time after each successful backup. You can view the time stamp by selecting a database and viewing its properties through EMC. Exchange records times for the last full and last incremental backups,

Get-MailboxDatabase -Server ex20071 -status | fl *backup*

BackupInProgress               : False
SnapshotLastFullBackup         : False
SnapshotLastIncrementalBackup : False
SnapshotLastDifferentialBackup :
SnapshotLastCopyBackup         :
LastFullBackup                 : 12/9/2008 7:49:38 PM
LastIncrementalBackup          : 12/9/2008 7:53:59 PM
LastDifferentialBackup         :
LastCopyBackup                 :
RetainDeletedItemsUntilBackup : False

The NTBackup utility uses the streaming mechanism. I don't have the backup utility that uses the Volume Shadow Copy mechanism. I downloaded the Symantec Backup Exec trial but failed toback up my Exchange 2007 database.

$_	This variable contains the current pipeline object that is used in script blocks, filters, and the Where statement.
$Error	This variable contains objects for which an error occurred when they are processed in a cmdlet.
$ExBin	This variable displays the full path of the Exchange Server\bin directory.
$ExScripts	This variable the full path of the Exchange scripts directory.
$ForEach	This variable refers to the enumerator in a ForEach loop.
$Home	This variable specifies the user’s root directory. It is the equivalent of %HomeDrive%%HomePath%.
$MaximumHistoryCount	This variable specifies the maximum number of entries that can be saved in the command history.
$PSHome	This variable specifies the directory where the Exchange Management Shell is installed.

Home