Exchange 2010 – Working with Public Folders – Part 12

In this post, we will look at Public Folders in Exchange 2010. More specifically:

  • We will review the purpose and use of Public Folders within your organization (and discuss the fact that they may no longer be used in some future version of Exchange).
  • We will go through the creation of a Public Folder database in the Exchange Management Console and see the properties that we can configure.
  • We will work with the Public Folder Management Console and the Outlook client to create and manage Public Folders.
  • We will review permission settings and delegating permissions for folders and sub-level folders.
In review, the purpose of Public Folders:
  • Public Folders are Nostalgic (out of date) – Public Folders were introduced with the first version of Exchange and have been used for many years as a means of collaborating with persons in your organization through a shared folder structure.
  • Users will see the Public Folder structure in their Outlook client and can view items that have been either posted or emailed to the folder (if it is mail-enabled) and they may have the ability to add content, create sub-folders and so-forth if they have permissions to do so.
  • Are Public Folders required in Exchange 2010?
  •      If you have Outlook 2007 and/or 2010 clients only, than the answer is no (it is completely optional if you want to).
  •      If you have Outlook 2003 clients, then the answer is yes. They use the Public Folder structure for Offline Address book distribution, free/busy lookups, organization form library, and security settings.
The Offline Address Book distribution in Exchange 2010 is now done with the BITS HTTP connection to the Exchange Client Access server. The Free/Busy look-ups are now done through the Availability Web Service. Security settings are done through Group Policy. Organizational Forms have been pushed aside in favor of InfoPath forms.
Starting with Exchange 2010, Public Folders are De-emphasized
  • Public Folders have become the dumping grounds for anything and everything your people want to share with each other. Public folders tend to sprawl out of control.
  • Public Folders are so late-1990’s. They aren’t designed for two very important 2010+ aspects of corporate life: Archiving data, and Document Sharing and Collaboration (check-in/check-out, versioning). Associates tend to try to hide their personal mail archives in Public Folders so that they are backed up.
  • As a result, the Microsoft Exchange Team has been making threats to pull Public Folder support from a future version of Exchange.
  • The idea is to encourage organizations toward SharePoint (although you are welcome to research and use some other collaboration solution).
  • While SharePoint has great features, any collaboration software has the potential to become the NEW dumping grounds for your organization.
How do I create the Public Folder database in Exchange 2010?
  • During the installation of the first Exchange 2010 Mailbox Server in your organization you see the question: “Do you have any client computers running Outlook 2003 and earlier or Entourage in your Organization?” If you answer “Yes” then the Public Folder database is automatically created.
  • You can also manually create a Public Folder database on any Mailbox Server in your organization and then determine if you want to replicate folders to that server.
How do I establish or create a High Availability structure for my Public Folders?
  • In Exchange 2010 there are no HA solutions you can use by default. The only way to ensure content is available is to create a new database and replicate content to that server.
Options for configuring Public Folder databases:
  • Maintenance Schedule
  • Replication Interval – specific to DB
  • Storage Limits
  • Deletion Settings
  • Age Limits
  • Public Folder Referral
Options for configuring individual Public Folders:
  • Replication (Both server choice and replication schedule)
  • Limits (Storage, Deleted Item, Age)
Path to managing the Public Folder in the Exchange Management Console (EMC):
MS Exchange -> MS Exchange On Premises -> Organization Configuration -> Mailbox -> Database Management Tab -> Right-click on Public Folder DB file and choose Properties.
Maintenance Schedules run from 1-5am by default. (ESE scanning check sum is an option as well. For smaller databases, you can get away with un-checking this option).
Circular Logging, again, is not having transaction logs building up. This is a space saver but not good when trying to recover from an emergency.
Replication Tab – replication of messages between PF databases.
Limits Tab – storage limits on the database. There is by default a maximum size of message of 10MB for each item placed in a Public Folder by default.
Public Folder Referral – Use Active Directory site costs. Essentially PFR comes into play with large organizations with multiple PF DBs, multiple Mail Box servers hosting PF DB’s. Certain PF’s may not be hosted at that same location. Site costs can be used to determine or manage PF locations.

You can configure  certain items on individual public folders like replication. Replication at the database level can be scheduled, or you can establish on the individual folder themselves.

Go to the Public Folder Console by going to the EMC -> Toolbox -> Public Folder Management Console:

Default Public Folders – include existing public folders created by an administrator. Try to maintain and organize Public Folders with a structure to maintain focus. One possibility is organizing by location. To add new folders, select New Public Folder… in the Action Pane. You can create sub-folders inside each Public Folder. You can delegate permissions on Public Folders to allow users the ability to create new sub-folders. Right-Click on a Public Folder, choose Properties. Under the Replication tab, you can add servers to replicate the content to and if you want High Availablity, you will select a different MailBox server and replicate the folder. You might replicate content to put them closer to actual user’s locations. You can use the default public folder replication schedule, or create your own. For limits, you can use the default quotas, or establish your own.

System Public Folders – we will cover these later.

 

Key Focus Points of Public Folders:

What are some of the key concepts of Public Folders?

  • Public Folder Trees
  •      Default Public Folders (IPM_Subtree – folders that users are typically aware of)
  •      System Public Folders (System PF structure known as the Non_IPM_Subtree – used by outlook for free/busy data, eforms registry and events root, for outlook clients that do not support 2010 or 2007 features (Availability service etc.) Legacy clients don’t know where to look for this, but can get their legacy data from these structures)
  • Replication
  •      Hierarchy – Properties of the folders, and organizational information, name of public folder, which server holds the replicas, and permissions are replicated with the heirarchy
  •      Content (Requires configured replication) – you decide which mailbox servers have copies of the content.
  • Referrals
  •      If a client looks for somethign in the Public Folder heirarchy, if they click on the folder, do they get it from their local Mailbox server? If it can’t find the data from their Mailbox, it will look for a replica in the same site. If it can’t find it there, it will look for the lowest cost site.
  • What are Mail-enabled Public Folders?
  •      They provide a bit more functionality to PFs
  •      Users can post to a PF through email.
Permissions: The Reality vs. The Potential
  • Exchange Administrators should consider delegating folder creation and management to others.
  • The easiest way to delegate is to assign persons to the Public Folder Management Group and let them worry about creating and managing Public Folders through Outlook
  • If you wanted to see the permissions or set the permissions on Public Folders, you cannot use the EMC/Public Folder Management Console. You must use the Exchange Management Shell.
  •      – Cmdlet used to add administrative permissions:  Add-PublicFolderAdministrativePermission
  •      – Cmdlet used to add client permissions: Add-PublicFolderClientPermission

In an Outlook 2010 client, if a user does not have permissions to create a sub-folder in a Public Folder, check the properties of the folder first -> Summary Tab.

To add a user to a Public Folder Management Group so that they can make changes/add folders to a Public Folder, you’ll need to open the Exchange Management Shell:

Edit – you can change permissions now through the Public Folders Management Console if Exchange 2010 SP1 is installed

[PS] c:windowssystem32>Add-RoleGroupMember -Identity “Public Folder Management” -Member User.Name 

After hitting Enter, nothing appears to happen, but when logged in as the user, and visiting the properties of a Public Folder in Outlook, you will see the additional properties/permissions available. And from here you can give additional permissions to other users.

If a Public Folder is mail-enabled, in the Global Address List, you can change the address book to Public Folders, which will list all available Mail-Enabled Public Folders.

Permissions: Rights vs. Roles

  • When using Outlook to assign permissions to a Public Folder you assign Roles (like Editor, Author and so forth).
  • Those Roles have underlying Rights assigned to them. For example, a Reviewer (role) has the rights ReadItems and FolderVisible.
  • There are 10 different Rights that mix and match for each role:
  1. ReadItems
  2. CreateItems
  3. EditOwnedItems
  4. DeleteOwnedItems
  5. EditAllItems
  6. DeleteAllItems
  7. CreateSubFolders
  8. FolderOwner
  9. FolderContact
  10. FolderVisible
Each of these is a different set of permissions that combine to create a different role. A “none” role doesn’t allow any permissions and the user will not be able to even view items.
If you are the type that doesn’t want to delegate to users rights and roles, and want to adjust them on the EMShell, you can use the following commands:
[PS] c:windowssystem32>Get-PublicFolderClientPermission -identity “PublicFolderName”
Let’s say we want to give Jason.Coltrin a role:
[PS] c:windowssystem32>Add-PublicFolderClientPermission -identity “PublicFolderName” -user “jason.coltrin” -accessrights Editor
It can be more simple to use the Outlook client GUI, but using the above commands, you can make the changes in the Exchange Management Shell.

With Exchange SP1, you can change permissions (rights and roles) for public folders using the Public Folder Management Console -> Right-click on Default Public Folders -> Choose Properties -> Permissions Tab. 

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Transitioning Exchange 2007 to Exchange 2010 – Part 9

This post has to do with transitioning from Exchange 2007 to 2010. Essentially you will be installing Exchange 2010 on the 2007 Exchange server, setup some co-existence if necessary, transfer the mailboxes, and then uninstall Exchange 2007.

* Upgrades – There is no “In-Place” upgrade from 2007 to 2010

– You can either deploy fresh, migrate, or transition.

*Migration

From Exchange 5.5 or 2000 to Exchange 2010 – when moving over to Exchange 2010 you will not be able to move over mailboxes or use transitioning coexistence. You might have to upgrade from 5.5 or 2000 to 2003, and then transition. Quest is a good transitioning tool from older versions to 2010. Lotus Domino has a transition path to 2007.

*Transition: involves introducing an Exchange Server(s) into the environment and moving over mailboxes and public folders

– Co-Existence: the state of your Exchange environment when different versions of Exchange are running together side-by-side within the same Exchange Organization

You can run exchange 2003, 2007, and 2010 all co-existing together. Slowly move the mailboxes and public folders over.

When migrating from a single 2007 server:

1. Ensure Exchange 2007 servers are running SP2

2. Deploy Exchange 2010 Servers in this order: Client Access Server, then Hub Transport Server, Unified Messaging, and then Mailbox server

3. Configure legacy DNS host name records* and implement new certificates for CAS

*Legacy DNS host name records: only necessary if you cannot transition quickly and need to provide remote OWA/Mobile usage.

4. Move over mailboxes and public folder data to Exchange 2010.

5. Tie up loose ends and uninstall Exchange 2007

Legacy Host Names and Certificates for CAS

  • If you plan for a period of co-existence with 2007, you will need to establish a legacy host name
  • The goal is to move your primary namespace, mail.companyname.com and autodiscover.companyname.com over to Exchange 2010
  • So for example, your mail.companyname.com domain continues but a new legacy.companyname.com is put in place for 2003/2007 users of OWA, ActiveSync, etc…
  • You will need to obtain a new certificate for Exchange and you should consider a Subject Alternative Name (SAN) certificate although wildcard certificates are also supported

Some DNS Record Types Review:

  • A Record: an address record that maps a host name to an IP address
  • NS Record: a name server record that maps a domain name to a list of DNS servers that are authoritative for that domain
  • MX Record: mail exchange record – maps a domain name to a list of mail exchange servers for that record
  • CNAME Record: gives the ability to provide an alias of one name to another
  • SRV Record: links a particular service to a specific server
  • SOA: Specifies the DNS server providing authoritative service for a particular domain

Users trying to log into an Exchange 2010 server, but have not had their mailbox transitioned yet, will be re-directed to the previous server if the legacy A record is listed in DNS.

Deployment Assistant: (upgrade means transistion) -this tool can be used from the website or downloaded.

The tool can be found here:

http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Index

Disjointed namespace: the FQDN of a server does not match the domain of which it is a member.

Transitioning Paths Vary

* Depending on your organization you may have the following variables in play for your transition to mold itself around:

– Exchange 2003 to 2010 (or mixed 2003/2007 to 2010)

– Public folders need to be transitioned

– Co-existence is necessary (requires legacy host name)

* Our example transition includes the following concerns:

-Public folders do, in fact, exist and need to be transitioned

-Co-existence is not necessary (we will perform the move in a minimal amount of time over a weekend of inactivity within the organization)

In a transition from Exchange 2007 to 2010 here are the following necessary items:

  1. Exchange 2007 is already running SP2
  2. The Server is 2008 and the forest functional level is already higher than the required 2003 forest functional level mode
  3. Exchange 2010 is already installed with CAS/HT/MB roles
Items to Complete:
  1. Move Offline Address Book (OAB) generation to Exchange 2010
  2. Move Exchange 2007 Mailboxes to 2010
  3. Move Public Folder data to Exchange 2010
  4. Ensure funtionality, test connectivity options, remove Exchange 2007

To check the domain functional level

  1. Go to Active Directory Computers and Users
  2. Right-click on the domain name, click “Raise Domain Functional Level”
  3. Look at Current Domain Functional Level

 

Moving the OAB generation from 2007 over to Exchange 2010

  1. Open Exchange Management Console
  2. Expand Organization Configuration node
  3. Select the Mailbox node
  4. Select Offline Address Book tab
  5. Select the Default Offline Address book, ->Actions -> Properties -> Distribution tab
  6. Make sure Enable Web-based distribution is On (checked)
  7. Enable public folder distribution (On/checked) -> ok

Warning (ok)

In the actions pane click Move

Click Browse -> Select the new Exchange 2010 server -> Move

Completed (Warning) -> Finish

Generation server should now be your new 2010 server.

Online Mailbox Moves:

  • Previous transitions called for mailboxes to be offline for a period of time while they moved to the new server
  • Exchange 2010 eliminates this issue by allowing the mailbox to be moved while still online. Note: If transitioning from Exchange 2003 to 2010 you will still need to do an offline mailbox move
  • To the user, short of a restart of Outlook, they will not know a difference or notice any loss of service
  • Need to use the wizard or new powershell cmdlet New-MoveRequest

You need to start on the new Exchange 2010 server to move mailboxes from 2007 to 2010

Start Exchange Management Console

Go to Recipient Configuration node -> Mailbox

Add a column (Database) and place next to the display name

Select multiple users -> Actions -> New Local Move Request…

Target Mailbox Database (Browse) -> Select new 2010 server DB -> ok -> Next

Move options:

If corrupted messages are found:

  • Skip the mailbox (recommended)
  • Skip the corrupted messages
Next -> New -> Finish
Move Request -> If you look at the status it should say completed
Using the exchange management shell: (more flexibility and control)
get-help new-moverequest -examples
(3 examples)
System will perform check of mailbox for readiness
>New MoveRequest Identity ‘[email protected]’ -TargetDatabase “MBEX2K10”
To test
>get move-request
-shows which move requests have been completed
For example to move just mailboxes from one organizational unit into exchange 2010

> get user organizationalunit LegalDept | New MoveRequest -TargetDatabase “MBEX2K10”

Replicating Public Folder Structure:

Once we have replicas we can remove the original copy

Go to Toolbox – Public Folder Management Console – should connect back to your 2007 exchange server.

We first need an Exchange 2010 Public Folder database:
Organization Configuration under Mailbox

Database Management Tab -> Actions -> New Public Folder Database

Give it a name (2K10PF) -> Next -> New -> Finish.

Go back to PF management console -> Right click on folder and choose properties -> Replication tab -> Add -> Select new 2K10PF database -> OK

Change “Use public folder database replication schedule” to Run Every Hour.

Now we’ve asked the public folders to replicate over. One way to check if it’s working ok is right click on the root, and choose connect to server, select 2010 server, and find the replicated folders (update Heirarchy)

Now you can remove 2007 replicas. Make sure you have complete all public folders.

2007 Exchange Pre-Removal Tasks 

  • If you are confident that your Exchange 2010 server(s) are ready to work alone – don’t uninstall the Exchange 2007 server yet…
  • In the EMC Toolbox is the Exchange Best Practices Analyzer – use it!
  • Use the Exchange Remote Connectivity Analyzer Tool is another option
  • When your testing is complete and you feel comfortable — Uninstall Exchange 2007 from the Programs and Features item in the control panel

Decommissioning is simply removing the Programs and Features. It will go through the process of uninstalling the various roles (MB, CAS, etc)

We have ended the period of coexistence, and have transitioned over to 2010.

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com