Using Exchange Sever 2007 Built-in Scripts - Part 1: Managing Public Folder Replicas and Client Permissions

All scripts shown in this article can be found under the Scripts folder of any Exchange Server 2007 installation folder.
Public Folders is one Exchange feature that offers multiple management options. We will take a look at some of the principal management methods and then use some built-in scripts to demonstrate how we can manage some Public Folder features through them.
With Exchange Server 2007 SP1 we can use a tool called the Public Folder Management Tool which allows an administrator to create and manage Public Folders and System Folders in the same view, as shown in Figure 01.

Figure 01

We can use the Exchange Server 2003 Exchange System Manager to manage Exchange Server 2007 Public Folders. We can install the Exchange System Manager tool in a variety of operating systems (Windows 2000 Server, Windows Server 2003 or Windows XP), we just need to follow some prerequisites which depend on each operating system.
We do not need to have an Exchange Server 2003 in place to install the management tool. Let’s say that we have a pure Exchange Server 2003 and a Windows Server 2003, we just need to install IIS and put the Exchange Server 2003 installation disk on the drive, click on Exchange Deployment Tools, and then click on Install Exchange System Management Tools only. Follow the installation process and make sure that you select Exchange System Management Tools during the components selection.
One last thing to keep in mind to access the Public Folders using Exchange Management Tools is to disable the SSL requirement for the ExAdmin virtual folder.

-Log on to the Exchange Server 2007 box where the Public Folders were deployed.
-Open IIS (Internet Information Services Manager).
-Expand Web Sites.
-Expand Default Web Site.
-Right-click on ExAdmin.
-Click on the Directory Security tab.
-Click on the last button Edit... under the Secure Communications area.
-Uncheck the option Require Secure Channel (SSL).
Now, we can go back to the server which has the Exchange System Manager installed and expand the Public Folders (Figure 02). Do not forget to install Service Pack 2 on top of this installation because it adds a lot of useful Public Folders management resources.

Figure 02

We also have a third good option which is using the PFDavAdmin tool (Figure 03), where we can manage replicas, client permissions, limits, etc. In order to use PFDavAdmin we can download it from the Microsoft Download site.

Figure 03

By default any Exchange Server 2007 installation has a subfolder called Scripts where we can find a lot of useful scripts to help us out in some daily administrative tasks. In this article we are going over the scripts related to Public Folder management. These are all scripts that we are going to use in this article:

-AddReplicaToPFRecursive
-RemoveReplicaFromPFRecursive
-ReplaceReplicaOnPFRecursive
-MoveAllReplicas.ps1
-AddUsersToPFRecursive.ps1
-ReplaceUserWithUserOnPFRecursive.ps1
-ReplaceUserPermissionOnPFRecursive.ps1
-RemoveUserFromPFRecursive.ps1

We will test these scripts in a scenario where we have three servers (srv-ex01, srv-ex02 and srv-ex03) and all of them have the Mailbox Server role installed and a Public Folder Database mounted and operational. We have some Public Folders hosted on the srv-ex01 server and in this article we are going to configure replication among these servers. The Public Folder in place is on the first server and has three Public Folders (Finance, IT and Sales), the top folder IT has four extra additional folders. The Public Folder structure can be seen in Figure 04.
Figure 04

Before using these scripts, let’s go over the general usage instructions. First of all, you can edit them and create your own scripts, you can also use the switch –help to get help and examples on how to use the script, and finally always use “./” plus the script name to run it through an Exchange Management Console session.
A last warning is to use them against Exchange Server 2007, the parameter Server in all of the scripts must be an Exchange Server 2007 box.

Managing Public Folder Replicas

The Public Folder hierarchy is replicated among all servers, but the content replication must be defined by the Exchange Administrator. We are going to use the AddReplicaToPFRecursive.ps1 script to add another server into the replication list of a top folder and all sub folders, that way all the information will be available in both servers. The following syntax can be used, as follows:
.\AddReplicaToPFRecursive.ps1 –server srv-ex01 –TopPublicFolder “\IT” –ServertoAdd srv-ex02

Time to validate if the script worked as expected, let’s use the Exchange Management Shell to get such information. We can use Get-PublicFolderStatistics –Identify “\IT” fl cmdlet and look at Replicas attribute (Figure 05) and we will see the two Public Folder databases where the information is being hosted. Both machines srv-ex01 and srv-ex02 have the same Public Folder Database name.

Figure 05

We can also remove replicas from a folder and its subfolders, using the following syntax:
./RemoveReplicaFromPFRecursive.ps1 –server -ToPublicFolder “\FolderName”-ServerToRemove

Sometimes an Exchange Admin has a replication in place with two servers and a new server joins the organization to remove one of the existent servers. We can use the following example where we have srv-ex01 and srv-ex02 replicating and we want to remove srv-ex02 and add srv-ex03 into the current replica list, as follows:

./ReplaceReplicaOnPFRecursive.ps1 –Server srv-ex01 -TopPublicFolder “\Foldername” –ServerToRemove srv-ex02 –ServerToAdd srv-ex03

And the last but not the least script is the MoveAllReplicas.ps1 where we can move all the Public Folders from one server to another. This operation will remove the server from all replicas tab. It is a very useful script when we are decommissioning a server. The syntax is pretty simple:

./MoveAllReplicas.ps1 –Server srv-ex02 –NewServer srv-ex03

Note:When using the MoveAllReplicas.ps1 script the System Folders are moved as well.

Managing Users Permissions on Public Folders

Okay, in the last section we saw how to configure Public Folder Replication, now we are going to configure some client permissions on Public Folders. Let’s use the Public Folder structure shown in Figure 06.

Figure 06

Let’s say that we have to add a user as Publishing Editor in all IT Public Folders and subfolders, we can do that using the AddUsersToPFRecursive.ps1 script, and where we just need to specify a set of parameters where we define which folder, user, and permission will be configured. This syntax can be used:

.\AddUsersToPFRecursive.ps1 –Server srv-ex01 –TopPublicFolder “\IT” –User Anderson.patricio –Permissions {PublishingEditor}

Using the cmdlet above the user Anderson.patricio will be assigned as Publishing Editor in all folders and subfolders of the IT folder structure. We can define a customized set of permissions in a public folder, such as CreateItems, ReadItems, CreateSubfolders and so forth. We can also define permissions based on Roles. Each role has a set of pre-defined permissions to be applied.

To validate if the permissions are in place, we can run this cmdlet:
Get-PublicFolderClientPermission \IT fl

Both steps are shown in Figure 07.

Figure 07

We can change the user permission in a folder structure using the script called ReplaceUserPermissionOnPFRecursive.ps1. Let’s say that we want to change the recent user that we have just added to be PublishingAuthor instead of Publishing Editor, in order to do that we can use the following syntax:

./ReplaceUserPermissiononPFRecursive.ps1 –TopPublicFolder “\IT” –User anderson.patricio –Permissions {PublishingAuthor}

We are also able to remove a user from a Folder and subfolder using the RemoveUserFromPFRecursive.ps1 script, as follows:

./RemoveUserfromPFRecursive.ps1 –TopPublicFolder “\FolderName” –user UserNametobeRemoved

You will be asked in each folder if you are sure you want to remove the specified user. Just say Y and hit enter to confirm.

Another possible option is to replace a current user listed on the Public Folder permissions for another user. This script does not play with the permission just changes one user for another. All permissions in place will not be changed.

./ReplaceUserWithUserOnPFRecursive.ps1 –TopPublicFolder “\FolderName” –UserOld UsertobeReplaced –NewUser NewUserName

Conclusion
In this article we have seen how to use the built-in scripts that come with Exchange Server 2007 to manage Public Folders. Using such scripts we are able to manage Public Folder replicas and client permissions using a single line script command.