Mastering Microsoft Exchange Server 2007 SP1
When Microsoft announced it was "deemphasizing'' support for public folders in Exchange Server 2007, a lot of Exchange administrators immediately got worried. What was the future of public folders? Would Exchange Server 2007 continue to support them? If not, what would the migration path look like?
Happily, Microsoft has clarified its position on public folder support. Public folders are still fully supported in Exchange Server 2007 (and will be through 2016), although they may not be included in future releases of Exchange Server. However, Exchange Server 2007 is the first version to provide support for Microsoft Windows SharePoint Services integration as an alternative method of seamlessly sharing data within your organization and making it available to Outlook 2007 and Outlook Web Access (OWA) users.
In the meantime, you can go forward with your Exchange 2007 migration secure in the knowledge that you will be able to continue using your public folder infrastructure. You can continue to use the Exchange 2003 System Manager console to create, manage, and delete public folders, or you can use the functionality built into Exchange 2007.
Understanding Native Exchange 2007 Support
Although the Exchange Management Console (EMC) offers minimal support for public folders, Exchange 2007 provides the bulk of its built-in support via Exchange Management Shell (EMS) cmdlets. Don't worry; they're not difficult to use, even if you're not a script or command-line guru.
Before we show you how to use the new public folder cmdlets, though, we'll cover exactly what you can do in the EMC. Be warned that it isn't much: you can create and delete public folder stores on your mailbox servers and manage the basic properties of these stores. You can't view the public folder hierarchy, add or delete public folders, set folder properties, manage access permissions, or view and manage replication. To do all of those tasks, you'll need some other tool, such as Outlook to manage individual folders or EMS to deal with public folders from the server.
If you're missing the GUI and feeling left high and dry, ponder the plight of POP3, IMAP, and NNTP GUI management. Exchange 2007 includes no GUI interface for managing those protocols and EMS is the only way to go. At least with public folders, if you don't feel up to tackling EMS, you can always use the Exchange 2003 System Manager console.
Using the EMS
The EMS is built on the Windows PowerShell technology. Because it's a specialized application of PowerShell, it uses the same format as standard PowerShell cmdlets. That format is as follows:
verb-noun
By combining the noun and verb in the name of the cmdlet, each cmdlet self-describes both the type of operation it performs as well as the object it manipulates. Verbs produce a standard behavior regardless of which object they're applied to. For example, the Get verb will always provide a read-only list of the object's properties, while the Set verb will always allow you to modify those properties - even when those properties vary from object to object.
| Tip | In some of the following examples, you'll see lines terminated by a backtick (') character. PowerShell uses this character for line termination; it tells the shell that the logical line of input will be continued on the next physical line. This allows you to break up long lines for display and still ensure that they work correctly when you enter them. |
As a result, the same verbs and nouns tend to be used over and over again; this helps you learn your way around more quickly. Many of the properties are common across multiple objects, so you'll quickly get used to how to use them. The help page for each cmdlet lists all parameters that can be used with that cmdlet.
| Note | As we explore the public folder cmdlets in the EMC, we'll group related cmdlets together by noun so you can see the different types of operations you can perform. It makes it a lot easier to keep related types of operations together in your mind. |
Performing General Public Folder Tasks
These cmdlets apply to the entire public folder hierarchy at once and provide broad control of your public folder infrastructure:
-
Get-PublicFolderStatistics This cmdlet provides a detailed set of statistics about the public folder hierarchy on a given server:
Get-PublicFolderStatistics -Server" MBX01"
Note If the -Server parameter is not specified, the cmdlet will default to displaying the statistics on the local server.
-
Resume-PublicFolderReplication This cmdlet reenables all public folder content replication when it has been suspended:
Resume-PublicFolderReplication
-
Suspend-PublicFolderReplication This cmdlet suspends all public folder content replication:
Suspend-PublicFolderReplication
-
Update-PublicFolderHierarchy This cmdlet starts the content synchronization process for the public folder hierarchy on the specified server:
Update-PublicFolderHierarchy -Server" MBX01"
Manipulating Individual Public Folders
These cmdlets are designed to work with a specific public folder:
-
Get-PublicFolder This cmdlet retrieves the properties for the specified public folder. If you don't name a public folder by specifying a value for the -Identity property, it will default to the root public folder:
Get-PublicFolder-Identity"\Jobs\Posted"-Server" MBX01" Get-PublicFolder-Recurse Get-PublicFolder -Identity\NON_IPM_SUBTREE -Recurse
If you need to see system folders, you'll need to set the -Identity property to a value beginning with the string \NON_IPM_SUBTREE.
Note By default, the Get-PublicFolder cmdlet returns the values for only a single folder. The -Recurse switch changes the behavior to report on all subfolders as well.
-
New-PublicFolder This cmdlet creates a new public folder. The -Path property is required and provides the name and location of the new public folder:
New-PublicFolder -Identity"\Jobs\New" -Server" MBX01"
-
Remove-PublicFolder This cmdlet deletes a public folder. The -Path property is required and provides the name and location of the public folder to be deleted:
Remove-PublicFolder -Identity"\Jobs\Old" -Server" MBX01"
Note By default, the Remove-PublicFolder cmdlet removes only the named public folder. The -Recurse switch will delete all subfolders as well, which is handy for removing an entire group of folders at once.
-
Set-PublicFolder This cmdlet allows you to set most of the properties for the named public folder, such as limits, replicas, replication schedules, and more:
Set-PublicFolder -Identity"\Jobs\Posted" -Server" MBX01"
Note You cannot use the Set-PublicFolder cmdlet to mail-enable a public folder or to change its mail-related attributes. See the next section, "Manipulating Public Folder Mail Attributes,'' for the cmdlets to use for these tasks.
-
Update-PublicFolder This cmdlet starts the content synchronization process for the named public folder. The -Identity property is required:
Update-PublicFolder -Identity"\Jobs\Posted"
Manipulating Public Folder Mail Attributes
These cmdlets are designed to work with a specific public folder and modify the attributes it receives when it is mail-enabled:
-
Disable-MailPublicFolder This cmdlet takes an existing mail-enabled public folder and renders it mail-disabled (what a great term!):
Disable-MailPublicFolder -Identity"\Jobs\New"
-
Enable-MailPublicFolder This cmdlet takes an existing public folder and renders it mail-enabled. The optional -HiddenFromAddressListsEnabled switch allows you to hide the folder from your address lists:
Enable-MailPublicFolder-Identity"\Jobs\New" -HiddenFromAddressListsEnabled $true -Server" MBX01"
Note You set the mail-related attributes separately using the Set-MailPublicFolder cmdlet.
-
Get-MailPublicFolder This cmdlet retrieves the mail-related properties for the specified public folder. If you don't name a public folder by specifying a value for the -Identity property, it will default to the root public folder:
Get-MailPublicFolder -Identity"\Jobs\Old" -Server" MBX01"
Note You set the mail-related attributes separately.
-
Set-MailPublicFolder This cmdlet allows you to set the mail-related properties for the named public folder, such as alias, e-mail addresses, send and receive sizes, permitted and prohibited senders, and so on:
Set-PublicFolder-Identity"\Jobs\Posted"-Server" MBX01"‘ -AliasPostedJobs-PrimarySmtpAddress"postedjobs\commatcontoso.com"
Note Once you have set the mail-related attributes for a public folder, you must still mail-enable it using the Enable-MailPublicFolder cmdlet.
Managing Public Folder Databases
These cmdlets allow you to manage the public folder databases:
-
Get-PublicFolderDatabase This cmdlet provides the functionality used by the EMC and allows you to view the properties of existing public folder databases:
Get-PublicFolderDatabase -Server "MBX01"
Note The -Identity, -Server, and -StorageGroup parameters are not compatible with each other. Use only one of the three to narrow down your selection.
-
New-PublicFolderDatabase This cmdlet allows you to create a new public folder database.
Note You can see the New-PublicFolderDatabase cmdlet in action by using the EMC to create a new database; it will show you the exact syntax it used with the cmdlet.
-
Remove-PublicFolderDatabase This cmdlet deletes an existing public folder database from the active configuration of the server:
Remove-PublicFolderDatabase'-Identity "PublicFolderDatabase"
Note The corresponding EDB file is not deleted by the Remove-PublicFolderDatabase cmdlet; you have to manually remove it from the hard drive.
-
Set-PublicFolderDatabase This cmdlet provides the underlying functionality used by the EMC to update the properties of existing public folder databases:
Set-PublicFolderDatabase' -Identity" PublicFolderDatabase"'-Name "NewandImprovedPFDatabase"
Managing Public Folder Permissions
These cmdlets allow you to modify and monitor the permissions on your public folders. Administrative and client permissions are handled through two separate sets of nouns. The Exchange 2007 documentation contains the list of specific permissions that you can apply.
-
Add-PublicFolderAdministrativePermission This cmdlet lets you add an administrative permission entry to a given public folder:
Add-PublicFolderAdministrativePermission -User 'Jim' -Identity"\Jobs\Posted" -AccessRights "ViewInformationStore,AdministerInformationStore"
Note You can specify a single access right or list multiple rights at once using the syntax shown in the example for the Add-PublicFolderAdministrativePermission cmdlet.
-
Add-PublicFolderClientPermission This cmdlet lets you add a client permission entry to a given public folder:
Add-PublicFolderClientPermission -User 'Makoto.Suzuki' -Identity "\Jobs\Posted" -AccessRights CreateItems
Note You can specify a single access right or list multiple rights at once using the syntax shown in the example for the Add-PublicFolderAdministrativePermission cmdlet.
-
Get-PublicFolderAdministrativePermission This cmdlet lets you view the administrative permission entries on a given public folder:
Get-PublicFolderAdministrativePermission -Identity"\Jobs\Posted"
-
Get-PublicFolderClientPermission This cmdlet lets you view the client permission entries on a given public folder:
Get-PublicFolderClientPermission -Identity"\Jobs\Posted"
-
Remove-PublicFolderAdministrativePermission This cmdlet lets you remove an administrative permission entry from a given public folder:
Remove-PublicFolderAdministrativePermission -User Lyle.Bullock -Identity"\Jobs\Posted" -AccessRights ViewInformationStore
Note You can specify a single access right or list multiple rights at once using the syntax shown in the Remove-PublicFolderAdministrativePermission example.
-
Remove-PublicFolderClientPermission This cmdlet lets you remove a client permission entry from a given public folder:
Remove-PublicFolderClientPermission -User Nathan.Peters‘ -Identity"\Jobs\Posted" -AccessRights CreateItems
Note You can specify a single access right or list multiple rights at once using the syntax shown in the Remove-PublicFolderAdministrativePermission example.
Using Additional Scripts for Complicated Tasks
While the cmdlets described in the preceding sections are certainly great for single folder operations, performing common operations on entire groups of folders starts getting sticky. Since most of us aren't scripting gurus, Exchange 2007 provides some example EMS scripts that allow you to perform more complicated server and management tasks that affect groups of folders:
-
AddReplicaToPFRecursive.ps1 adds the specified server to the replica list for a given public folder and all folders underneath it.
-
AddUsersToPFRecursive.ps1 allows you to grant user permissions to a folder and all folders beneath it.
-
MoveAllReplicas.ps1 finds and replaces a server in the replica list of all public folders, including system folders.
-
RemoveReplicaFromPFRecursive.ps1 removes the specified server from the replica list for a given public folder and all folders underneath it.
-
ReplaceReplicaOnPFRecursive.ps1 finds and replaces a server in the replica list of a given public folder as well as all subfolders.
-
ReplaceUserPermissionOnPFRecursive.ps1 finds and replaces one user in the permissions on a given public folder and all its subfolders with a second user; the original user permissions are not retained.
-
ReplaceUserWithUserOnPFRecursive.ps1 copies one user's access permissions on a given public folder and all its subfolders to a second user while retaining permissions for the first user; it's confusingly named.
-
RemoveReplicaFromPFRecursive.ps1 removes the given user's access permissions from the given public folder and all its subfolders.
You can find these scripts in the Scripts subfolder of the Exchange 2007 installation folder. Note that with the default Windows PowerShell configuration, you just can't click on these scripts and run them; you must invoke them from within the EMS, usually by navigating to the folder and calling them explicitly.
Using Outlook
Exchange public folders can also be created by mailbox-enabled users in their e-mail clients. We'll show you how to create a public folder using the Outlook client.
Open Outlook and make sure the folder list is displayed. Next, double-click Public Folders in the folder list, or click the plus icon just in front of Public Folders. Notice that the plus sign becomes a minus sign when a folder is expanded to show the folders within it.
You've now expanded the top-level folder for public folders, which contains two subfolders: Favorites and All Public Folders. Expand the All Public Folders folder and you'll see that it has at least one subfolder: Internet Newsgroups. If your organization uses public folders, you probably have at least one other subfolder here as well.
| Note | If your Exchange organization has a large number of public folders, you can drag the ones that you use a lot to your Favorites subfolder. This makes them easier to find. Folders in the Favorites folder are also the only ones that are available when you work offline without a connection to your Exchange server. |
To create new public folders in the folder All Public Folders, follow these steps:
-
Right-click All Public Folders, and then select New Folder from the menu that pops up. This brings up the Create New Folder dialog box (see Figure 14.1).
-
Enter a name for the folder; we've given ours the somewhat unimaginative name My New Folder.
Note that the folder will hold e-mail and posted items. E-mail items are messages. Posted items contain a subject and text. You can post an item in a folder designed to hold posts without having to deal with messaging attributes such as whom the item is sent to. To post an item, click the down arrow near the New icon on the main Outlook window and select Post in This Folder from the drop-down menu.
When you're done creating your folder, click OK.
If you're told that you don't have sufficient permissions to create the folder, you need to assign those permissions using one of the other Exchange public folder management tools. If you have Exchange administrative permissions, you can make this change yourself.
The new public folder now shows up under the All Public Folders hierarchy. If you can't see the full name of your new folder, make the Folder List pane a little wider.
Now right-click your new folder and select Properties from the pop-up menu. This brings up the Properties dialog box for the folder, shown in Figure 14.2.
We're not going to spend a lot of time with this dialog box. Among other things, mailbox owners use public folder Properties dialog boxes to do the following:
-
Add a description for other mailbox owners who access the folder
-
Make the folder available on the Internet
-
Set up a default view of the folder, including grouping by such things as the subject or sender
-
Set up some administrative rules on folder characteristics, access, and such
-
Set permissions for using the folder
Go ahead and look around in the Properties dialog box. When you're done, click Cancel, unless you've made some changes. If you have, then click OK to save your changes.
| Note | You create and manage private folders inside mailboxes in the same way that you create and manage public folders in the Public Folders hierarchy. 'Nuff said. |
Using the Exchange 2003 System Manager
In Exchange 5.5, you could only create public folders using an e-mail client. You couldn't create one in the Administrator program. Exchange 2003 lets you create public folders in Exchange System Manager as an Exchange administrator.
Launch the System Manager, expand the Administrative Groups node, expand the desired administrative group, and expand the Folders node. Right-click the Public Folders container and select New Ø Public Folder from the pop-up menu to bring up the new public folder Properties dialog box.
Let's take a look at the key property pages on this dialog box.
General
You use the General property page to name your folder and enter a description. The Path field shows where the folder is located in the Public Folder hierarchy after it has been created. If Maintain Per-User Read and Unread Information for This Folder is selected, each user will see items in the folder that they have read in non-bold text. If this option is not selected, all items show in bold text for all users whether they have been read or not.
Replication
This is a very important property page because it is used to manage replication of folders between this server and other Exchange servers. Replication enables you to put copies of the same folder on multiple Exchange servers. It is very useful either for local load balancing or to limit wide area network traffic and improve performance by placing copies of folders in routing groups at geographically distant sites.
Limits
You've seen limits property pages before. Let's look at each of the three types of limits on this page:
-
Storage Limits As with mailboxes, you can set thresholds at which warnings are sent and posting to the folder is prohibited. You can also set a maximum posted-item size. If you want, you can choose to use the default storage limits settings for the public folder store where the folder resides.
-
Deletion Setting As with mailboxes, you can set the maximum number of days that a deleted item will be kept for recovery before being totally deleted. If you deselect the Use Public Store Defaults check box, you can enter a number of days that deleted items should be retained. If you don't want items retained at all, set the number of days to 0.
-
Age Limits This is the number of days that an item in the folder lives before being deleted. This is a very useful tool for controlling storage usage.
When you're finished creating your public folder, click OK and admire your handiwork in the Public Folders container. You should create folders in the Folders\Public Folders container, not in the public folder store. The public folder store holds created folders. You create new public folders in the Folders\Public Folders container. Seems simple, but if we had a dollar for every time we wrongly went to the public folder store to create a new public folder, well, we'd at least be on the beach in Hawaii right now.
| Warning | In some earlier versions of Exchange, the Windows group Everyone had rights by default to create folders in the Public Folders container. This right extends to both top-level folders (folders within and, thus, just below the Public Folders container) and subfolders within top-level folders. If you want to alter this right, right-click the Public Folders container and select Properties. Use the Security tab in the Public Folders Properties dialog box to add or remove users and groups or their rights in the Public Folders container. Even if you don't want to change the default, we strongly recommend that you take a look at the Security tab. Many of the permissions on it are specific to public folders and are therefore quite different from the permissions for other types of Exchange recipients. |
Using the Public Folder DAV Administration Tool
It is really unfortunate that the initial release of Exchange 2007 provides no GUI for public folder management. While the EMS cmdlets are very functional, it can take some time to master using them; in the meantime, you still have public folders to administer.
Happily, Microsoft has an outstanding freely available GUI tool, the Public Folder DAV Administrator (PFDAVAdmin.exe), that it makes available. PFDAVAdmin is a .NET application that uses WebDAV instead of MAPI to access the public folder store.
| Note | You might now be wondering if using PFDAVAdmin is a good idea, given its reliance on WebDAV. In Exchange 2007 support for the WebDAV protocol is "deemphasized,'' meaning that Microsoft doesn't promise it will be around for the next major version of Exchange. But it's still here in Exchange 2007 - and it allows you to use this wonderful management tool. |
PFDAVAdmin requires the .NET framework version 1.1 to be installed, which means you must maintain multiple versions of the .NET framework on your management servers and workstations.
PFDAVAdmin is a wonderfully flexible tool. At first glance, it seems to give you the ability to manage public folder permissions using a GUI that is close to the legacy Exchange System Manager. In addition to querying and setting permissions, you can add, replace, and remove individual access control entries (ACEs) across a set of folders without having to wholesale replace the access control lists (ACLs) in question. PFDAVAdmin will also notify you when an ACL is damaged or in noncanonical order (meaning that the ACEs aren't properly ordered) and allow you to fix them on more than one folder at once.
| Note | Administrators who made use of the Installable File System (IFS) - otherwise known as the M: drive - in Exchange 2000 and 2003 would often use the Windows Explorer permission tool to modify permissions on public folders. Unfortunately, this usually causes ACEs to get written in the wrong order, causing all sorts of subtle problems. PFDAVAdmin is the easy way to fix them, if you've got to deal with them and you don't have to wait until you've got Exchange 2007 in your organization to do it! Luckily, Exchange 2007 makes the IFS go away, so once you fix the problems, they're not likely to come back. |
You can also use PFDAVAdmin to do the following:
-
Perform bulk operations on folder properties. In addition, you can do bulk search and removal operations of per-item permissions.
-
Apply changes to your list of replicas to a folder and all subfolders without overwriting each folder's replica list (that is, add or remove specific server entries without making each folder's replica list an exact copy of your starting point).
-
Export folder permissions on folders, public folder stores, and mailbox stores.
-
Export and import public folder replica lists.
Microsoft makes PFDAVAdmin freely available through the Microsoft Exchange tools download website at http://tinyurl.com/h2jvv.
Using Other Public Folder Tools
There are a couple of additional tools that Exchange administrators have used throughout the years. While they work with legacy Exchange servers, many of them are not certified for use with Exchange 2003 (let alone Exchange 2007). However, you can still use them as long as you have legacy Exchange public folder servers in your organization. There are two in particular we'd like to mention:
-
The PFAdmin tool (PFAdmin.exe) is a command-line tool for common administrative tasks. With it you can manage ACLs, manage replicas, and re-home folders. If you happen to have old product CDs laying around, you can find a copy of this tool on the BackOffice Resource Kit (BORK) 4.5 CD.
-
The PFInfo tool (PFInfo.exe) is a GUI tool that provides reporting on a server's folder replicas and associated permissions. The output of this tool can even be used as input to PFAdmin, allowing you to provide a level of consistency across multiple servers.
While you might be tempted to use PFAdmin and PFInfo in your Exchange 2007 organization (especially if you're already using them), we recommend that you finally retire these tools before retiring your legacy Exchange public folder servers. The most compelling reason to use these tools with legacy Exchange servers was to provide the missing command-line and scripting capability for public folder management, and now that Exchange 2007 includes the EMS, you should really put the effort into mastering the public folder cmdlets it provides.
There is one additional legacy tool you might find of value. The Public Folder Migration Tool (PFMigrate.wsf) is a Visual Basic script that was introduced in the Exchange Server 2003 Deployment Tools (ExDeploy). This script was designed for one purpose: to provide a simple interface for performing bulk public folder replica transfers from Exchange 5.5 servers to Exchange 2003 servers. However, because it can handle cross-administrative group replica transfers, PFMigrate can be used to move replicas to Exchange 2007 servers. The script is downloadable from the Microsoft website as part of the latest versions of the Exchange Server 2003 ExDeploy tools.
Категории