Public Folders is one Exchange feature that offers multiple management options. We will take a look at some of the principal management methods and then use some built-in scripts to demonstrate how we can manage some Public Folder features through them.
With Exchange Server 2007 SP1 we can use a tool called the Public Folder Management Tool which allows an administrator to create and manage Public Folders and System Folders in the same view, as shown in Figure 01.
We can use the Exchange Server 2003 Exchange System Manager to manage Exchange Server 2007 Public Folders. We can install the Exchange System Manager tool in a variety of operating systems (Windows 2000 Server, Windows Server 2003 or Windows XP), we just need to follow some prerequisites which depend on each operating system.
We do not need to have an Exchange Server 2003 in place to install the management tool. Let’s say that we have a pure Exchange Server 2003 and a Windows Server 2003, we just need to install IIS and put the Exchange Server 2003 installation disk on the drive, click on Exchange Deployment Tools, and then click on Install Exchange System Management Tools only. Follow the installation process and make sure that you select Exchange System Management Tools during the components selection.
One last thing to keep in mind to access the Public Folders using Exchange Management Tools is to disable the SSL requirement for the ExAdmin virtual folder.
-Log on to the Exchange Server 2007 box where the Public Folders were deployed.
-Open IIS (Internet Information Services Manager).
-Expand Web Sites.
-Expand Default Web Site.
-Right-click on ExAdmin.
-Click on the Directory Security tab.
-Click on the last button Edit... under the Secure Communications area.
-Uncheck the option Require Secure Channel (SSL).
We also have a third good option which is using the PFDavAdmin tool (Figure 03), where we can manage replicas, client permissions, limits, etc. In order to use PFDavAdmin we can download it from the Microsoft Download site.
By default any Exchange Server 2007 installation has a subfolder called Scripts where we can find a lot of useful scripts to help us out in some daily administrative tasks. In this article we are going over the scripts related to Public Folder management. These are all scripts that we are going to use in this article:
-AddReplicaToPFRecursive
-RemoveReplicaFromPFRecursive
-ReplaceReplicaOnPFRecursive
-MoveAllReplicas.ps1
-AddUsersToPFRecursive.ps1
-ReplaceUserWithUserOnPFRecursive.ps1
-ReplaceUserPermissionOnPFRecursive.ps1
-RemoveUserFromPFRecursive.ps1
Before using these scripts, let’s go over the general usage instructions. First of all, you can edit them and create your own scripts, you can also use the switch –help to get help and examples on how to use the script, and finally always use “./” plus the script name to run it through an Exchange Management Console session.
A last warning is to use them against Exchange Server 2007, the parameter Server in all of the scripts must be an Exchange Server 2007 box.
Managing Public Folder Replicas
The Public Folder hierarchy is replicated among all servers, but the content replication must be defined by the Exchange Administrator. We are going to use the AddReplicaToPFRecursive.ps1 script to add another server into the replication list of a top folder and all sub folders, that way all the information will be available in both servers. The following syntax can be used, as follows:
.\AddReplicaToPFRecursive.ps1 –server srv-ex01 –TopPublicFolder “\IT” –ServertoAdd srv-ex02
Time to validate if the script worked as expected, let’s use the Exchange Management Shell to get such information. We can use Get-PublicFolderStatistics –Identify “\IT” fl cmdlet and look at Replicas attribute (Figure 05) and we will see the two Public Folder databases where the information is being hosted. Both machines srv-ex01 and srv-ex02 have the same Public Folder Database name.
Figure 05
We can also remove replicas from a folder and its subfolders, using the following syntax:
./RemoveReplicaFromPFRecursive.ps1 –server
Sometimes an Exchange Admin has a replication in place with two servers and a new server joins the organization to remove one of the existent servers. We can use the following example where we have srv-ex01 and srv-ex02 replicating and we want to remove srv-ex02 and add srv-ex03 into the current replica list, as follows:
./ReplaceReplicaOnPFRecursive.ps1 –Server srv-ex01 -TopPublicFolder “\Foldername” –ServerToRemove srv-ex02 –ServerToAdd srv-ex03
And the last but not the least script is the MoveAllReplicas.ps1 where we can move all the Public Folders from one server to another. This operation will remove the server from all replicas tab. It is a very useful script when we are decommissioning a server. The syntax is pretty simple:
./MoveAllReplicas.ps1 –Server srv-ex02 –NewServer srv-ex03
Note:When using the MoveAllReplicas.ps1 script the System Folders are moved as well.
Managing Users Permissions on Public Folders
Okay, in the last section we saw how to configure Public Folder Replication, now we are going to configure some client permissions on Public Folders. Let’s use the Public Folder structure shown in Figure 06.
Figure 06
Let’s say that we have to add a user as Publishing Editor in all IT Public Folders and subfolders, we can do that using the AddUsersToPFRecursive.ps1 script, and where we just need to specify a set of parameters where we define which folder, user, and permission will be configured. This syntax can be used:
.\AddUsersToPFRecursive.ps1 –Server srv-ex01 –TopPublicFolder “\IT” –User Anderson.patricio –Permissions {PublishingEditor}
Using the cmdlet above the user Anderson.patricio will be assigned as Publishing Editor in all folders and subfolders of the IT folder structure. We can define a customized set of permissions in a public folder, such as CreateItems, ReadItems, CreateSubfolders and so forth. We can also define permissions based on Roles. Each role has a set of pre-defined permissions to be applied.
To validate if the permissions are in place, we can run this cmdlet:
Get-PublicFolderClientPermission \IT fl
Both steps are shown in Figure 07.
Figure 07
We can change the user permission in a folder structure using the script called ReplaceUserPermissionOnPFRecursive.ps1. Let’s say that we want to change the recent user that we have just added to be PublishingAuthor instead of Publishing Editor, in order to do that we can use the following syntax:
./ReplaceUserPermissiononPFRecursive.ps1 –TopPublicFolder “\IT” –User anderson.patricio –Permissions {PublishingAuthor}
We are also able to remove a user from a Folder and subfolder using the RemoveUserFromPFRecursive.ps1 script, as follows:
./RemoveUserfromPFRecursive.ps1 –TopPublicFolder “\FolderName” –user UserNametobeRemoved
You will be asked in each folder if you are sure you want to remove the specified user. Just say Y and hit enter to confirm.
Another possible option is to replace a current user listed on the Public Folder permissions for another user. This script does not play with the permission just changes one user for another. All permissions in place will not be changed.
./ReplaceUserWithUserOnPFRecursive.ps1 –TopPublicFolder “\FolderName” –UserOld UsertobeReplaced –NewUser NewUserName
Conclusion
In this article we have seen how to use the built-in scripts that come with Exchange Server 2007 to manage Public Folders. Using such scripts we are able to manage Public Folder replicas and client permissions using a single line script command.