Adding Rights to Public Folders (Recursively)

KB ID 0001598

Problem

After a recent Exchange migration (2007 > 2013 > 2016), I had problems with users not being able to see public folders, one user could see them all, (so I know they were present and correct, content wise,) but other users could not even see them.

Normally in this situation I’d test them in Outlook Web App first, if they work there then look at Outlook, but Public folders just didn’t work in Outlook Web App 2016 at all.

My first task was to check/set the permissions of the public folders, the one user who could see them was set as ‘Owner‘ on the root of the public folders, so my first step was working out how to grant myself these rights, and apply all those rights to all the child public folders below?

Note: Granting a user ‘Owner‘ rights at the root has obvious security implications, in your scenario you might want to choose ‘Reviewer’, or some other level of access.

View Existing Public Folder ‘Root’ Permissions

Simply use the following PowerShell in the Exchange Management Shell;

[box]

Get-PublicFolderClientPermission "\"

[/box]

If you just wanted to check for one user, then do this instead;

[box]

Get-PublicFolder -Identity "\" -Recurse | Get-PublicFolderClientPermission | Where-Object { $PSItem.User -like "SURNAME*" }

[/box]

Note: If you are working on a particular ‘child’ Public Folder the the syntax is “\FOLDER NAME“.

Granting Public Folder Rights Recursively

Use the following PowerShell in the Exchange Management Shell

[box]

Get-PublicFolder -Identity "\" -Recurse | Add-PublicFolderClientPermission -User pete.long -AccessRights Owner

[/box]

It complains and says this user already has rights? If this happens then Recursively Remove all rights then re-execute the command above.

Removing Public Folder Rights Recursively

Use the following PowerShell in the Exchange Management Shell

[box]

Get-PublicFolder -Identity "\" -Recurse | Remove-PublicFolderClientPermission -User pete.long

[/box]

Related Articles, References, Credits, or External Links

NA

Users Cannot Access Public Folders Post Migration (Exchange 2016)

KB ID 0001295 

Problem

This post comes form my colleague Andrew Dorrian, he usually follows my migrating public folders article. Recently after a couple of Exchange 2016 migrations he has seen a problem where the public folders are visible in the Exchange Admin Console, but the users can’t access them.

Solution

Open ADSIedit.msc and connect to the ‘Configuration’ context.

Navigate to;

CN=Services > CN=Microsoft Exchange > CN=(your organization name) > CN=Administrative Groups > CN=Exchange Administrative Group (FYDIBOHF23SPDLT) > CN=Databases.

Locate you mailbox database(s) > Right Click > Properties > Locate: msExchHomePublicMDB  > Edit > Clear > OK > Apply > OK.

Open an Exchange administrative shell and run the following command;

[box]Set-OrganizationConfig -PublicFoldersEnabled Local[/box]

Note: Depending on the size of your organisation, you might want to wait a while for the changes to get replicated.

Related Articles, References, Credits, or External Links

NA

Public Folder Migration Error hr=0x80040111

KB ID 0001228

Problem

I usually follow my own documented process for migrating public folders to Exchange 2016. I did that this week, and this happened;

Error;

[box]

MapiExceptionLogonFailed: Unable to make connection to the server. (hr=0x80040111, ec=-2147221231)
Diagnostic context:
    Lid: 49064   dwParam: 0x1
    Lid: 37288   StoreEc: 0x6AB
    Lid: 49064   dwParam: 0x2
    Lid: 49191   EMSMDBMT.EcDoConnectEx called [length=178]
    Lid: 48679   EMSMDBMT.EcDoConnectEx returned [ec=0x80040111][length=56][latency=0]
    Lid: 45169   StoreEc: 0x80040111
    Lid: 50544   ClientVersion: 15.1.225.42
    Lid: 52080   StoreEc: 0x80040111
    Lid: 1494    ---- Remote Context Beg ----
    Lid: 22086
    Lid: 27206
    Lid: 39869
    Lid: 56893   StoreEc: 0x8004010F
    Lid: 44989
    Lid: 24684
    Lid: 20076   StoreEc: 0x80040111
    Lid: 29100
    Lid: 20396   StoreEc: 0x80040111
    Lid: 9486    StoreEc: 0x80040111
    Lid: 24492
    Lid: 18348   StoreEc: 0x80040111
    Lid: 26540   dwParam: 0xE0003
    Lid: 22444   dwParam: 0xC30001
    Lid: 1750    ---- Remote Context End ----
    Lid: 51152
    Lid: 52465   StoreEc: 0x80040111
    Lid: 60065
    Lid: 33777   StoreEc: 0x80040111
    Lid: 59805
    Lid: 52487   StoreEc: 0x80040111
    Lid: 19778
    Lid: 27970   StoreEc: 0x80040111
    Lid: 17730
    Lid: 25922   StoreEc: 0x80040111
    + CategoryInfo          : NotSpecified: (:) [New-PublicFolderMigrationRequest], RemoteTransientException
    + FullyQualifiedErrorId : [Server={New-Server},RequestId=6cbefa76-98ad-4a2e-bb33-237d7fd795fd,TimeStamp=03/08/2016 7:1
   7:17 PM] [FailureCategory=Cmdlet-MapiExceptionLogonFailed] 42728F13,Microsoft.Exchange.Management.Migraion.NewMgrationBatch
    + PSComputerName        : {new-server}

[/box]

Solution

Although it looks a pretty scary error, it’s quite straightforward to rectify. I was doing a migration and I’d moved all the mailboxes already, so I had dismounted and removed the mailbox database on the source Exchange server. (Exchange 2010). All I had to to was mount a mailbox database (I just created a new empty one, and mounted it.)

If I then tried to do the migration, it queued up properly!

Related Articles, References, Credits, or External Links

NA

Migrate Exchange 2010 to Exchange 2016 or 2013

Part 2

Migrate Public Folders Exchange 2010 to Exchange 2013 / 2016

KB ID 0000789

Problem

Continued from Migration From Exchange 2010 to Exchange 2016 / 2013 Part 1

Solution

Exchange 2016 / 2013 Migration Step 7 “Migrate Public Folders”

Note: This article uses the newer ‘Batch Migration’ method. Make sure your exchange server is patched and up to date or the process will not work.

Minimum Patch Levels

  • Source: Exchange 2010 SP3 RU8 (At Least).
  • Source: Exchange 2007 SP3 RU15 (At Least).
  • Destination: Exchange 2013 CU7 (Or Later).
  • Destination: Exchange 2016 RTM.

The new migration scripts are here PF-Migration-Scripts-v2

1. Make sure the user you will be performing the migration as, is in the right security groups, (Organizational Management and Recipient Management).

2. On the Legacy Exchange server download the  PF-Migration-Scripts-v2 Then extract them to the servers C: drive.

3. Launch the Exchange Management Shell > Change to the script directory > Then create a folder name to folder size mapping file by running the Export-PublicFolderStatistics.ps1 script, supply the name of the file you want to create. (Here I use PublicFoldersStats.csv). Then supply the name of the server, (the legacy one, with the source public folders on it).

[box]

cd c:\Scripts
./Export-PublicFolderStatistics.ps1 PublicFoldersStats.csv Mail-Server 

[/box]

4. Create a Public Folder to Mailbox mapping file, by running the PublicFolderToMailboxMapGenerator.ps1 script, supply it with the maximum mailbox size (in bytes) Note: The Maximum size is 25GB. You will also need to supply the import file you created in step 3 (PublicFoldersStats.csv). Finally supply the name of the output file you wish to generate i.e. Folder2Mailbox.csv.

[box]

./PublicFolderToMailboxMapGenerator.ps1

[/box]

5. Open the last CSV file you created (Folder2Mailbox.csv) and take note of the TargetMailbox name. By default the first one is called Mailbox1, I’m changing it to Public-Folder-Mailbox and saving the change. Note: You may get more than one! If so take note of them all, or rename them accordingly.

6. Now copy the ‘Scripts’ Directory from your legacy 2010 Exchange server, to the new 2013 / 2016 Server.

7. Whilst still on the new Exchange 2013 / 2016 Server, you need to open a command shell, navigate to the scripts directory and then run the Create-PublicFolderMailboxesForMigration.ps1 script. Reply ‘A’ to run all the scripts, then supply the name of the mapping csv you created above, (Folder2Mailbox.csv). Supply the estimated concurrent users to this mailbox, and enter ‘Y’ to proceed. Now the public folder mailbox will be created.

(Note: Public folders are now in a Mailbox, NOT their own Mailbox database, as in older versions of Exchange).

[box]

cd c:\Scripts
./Create-PublicFolderMailboxesForMigration.ps1

[/box]

8. Next we need to create a ‘batch task’ much the same as when we migrate multiple mailboxes. This first command creates the task, and the second one sets it running. (Change the values in red to match your own). 

Update: 05/08/16: Make sure you have a ‘mailbox database’ mounted on the source Exchange server before proceeding, or you may see the following problem.

Public Folder Migration Error hr=0x80040111

[box]

New-MigrationBatch -Name PF-Migration -SourcePublicFolderDatabase (Get-PublicFolderDatabase -Server EX2010) -CSVData (Get-Content C:\Scripts\Folder2Mailbox.csv -Encoding Byte) -NotificationEmails info@petenetlive.com
Start-MigrationBatch PF-Migration

[/box]

9. There are two ways to check its progress, 

Check Public Folder Migration Progress Option 1 From Command Shell

[box]

Get-MigrationUser -Batch PF-Migration | Get-MigrationUserStatistics -IncludeReport | fl

[/box]

It might say Queued for quite a while, don’t worry!

Check Public Folder Migration Progress Option 2 From EAC

Open the Exchange Admin Center website and logon. Navigate to recipients > Migration > View Details

10. If you were looking at the progress you will see its stops just before 100%, this is because you need to “Lock” the source public folder and let the migration complete. WARNING this will involve downtime, so warn your users, or do this next step out of hours.

To MAKE SURE you are ready, check either the progress report like so;

Or, re-run the progress command above and look for 95% completion and ‘Automatically suspending job’

DOWNTIME FROM THIS POINT ONWARDS

11. Go to the legacy Exchange 2010 server and ‘lock’ the source public folders for migration, and restart the service.

[box]

Set-OrganizationConfig –PublicFoldersLockedForMigration:$true
Restart-Service MSExchangeIS

[/box]

12. Now access to the legacy Public Folder Database is shut down, but before replication to the new Public Folder Mailbox can be completed you need to return to the new Exchange 2013 / 2016 server and run the following commands;

[box]

Set-OrganizationConfig -PublicFoldersEnabled Remote
Complete-MigrationBatch PF-Migration

[/box]

13. Wait until it completes;

or in the shell

This can take a little time, I would wait least a couple of hours before proceeding (depending on your network topology, if you have a slow network or the Exchange 2010 server is on another network segment it may take longer).

Now to check the migration worked with a test user, and (provide everything is OK, unlock the Public Folders.

[box]Set-Mailbox -Identity {Test-Username} -DefaultPublicFolderMailbox {PF-Mailbox Name}[/box]

Log on as that user, (Outlook 2010 SP3 or Later.) Make sure the public folders are correct, you can expand them, the permissions are correct and you can create and delete entries. 

It’s All Gone Wrong!

Don’t panic! You can remove the migration request with the following command;

[box]

Get-PublicFolderMigrationRequest | Remove-PublicFolderMigrationRequest 

[/box]

Then complete the migration, with the following two commands;

[box]

Set-PublicFolderMigrationRequest –Identity PublicFolderMigration -PreventCompletion:$false
Resume-PublicFolderMigrationRequest –Identity PublicFolderMigration 

[/box]

13. Once you are ready to proceed, issue the following command, and onfirm that, the public folders are now correct and available.

[box]

Get-Mailbox -PublicFolder | Set-Mailbox -PublicFolder -IsExcludedFromServingHierarchy $false

[/box]

Note: As per feedback (from Tobias Gebler) Test mail flow to your public folders, you may need to manually “Mail Enable” them before they function properly, In some cases you need to disable then re-enable them before they work properly.

14. Remember in Outlook Web App 2013 / 2016, public folders are not visible until you add them!

Note: If, (post Migration to Exchange 2016). Your users cannot access the public folders, see the following article.

Users Cannot Access Public Folders Post Migration (Exchange 2016)

Related Articles, References, Credits, or External Links

Thanks to Brian L. Jensen, for the feedback about the new public folder migration procedure.

Thanks to Eske (Boxx Jakobsen), for the Public Folder Migration feedback and assistance.

Thanks to Tobias Gebler for the Public Folder mail flow feedback.

Migration From Exchange 2010 to Exchange 2016 Part 3

Covering transferring certificates from Exchange 2010, and decommissioning your old Exchange servers.

Original Article Written: 19/04/13

SEM – SPAMfighter Exchange Module – Installation and Configuration with Exchange 2013

KB ID 0000824 

Problem

“I seem to get a lot of spam”, and “I get a lot more spam than I used to” are right up there with “My computer is running slow”. It’s a problem that, eats up users time and fills your mail stores with junk, and time/disk space costs money.

SEM is tiny! In a world where a graphics driver is now over 100MB the entire install suite is less than 11MB. This is going into my test network so testing its ability to limit spam is NOT the point of this exercise, I’m looking at the ease of installation, configuration, and administration.

SEM Pre-Requisites

1. Exchange 2000, 2003, 2007, 2010, or 2013.

2. Windows Server 2000, 2003, 2003 R2, 2008, 2008 R2, or 2012.

3. .Net framework version 2.0 (SP1).

4. MDAC (Microsoft Data Access Components) version 2.7.

5. Internet Information Services.

Solution

Before You Start

1. If you have already installed the Microsoft Anti Spam agents you might want to remove them, (not that you have to). If you don’t know you can run the following command;

[box]
Get-TransportAgent[/box]

If you just have the four below then you DO NOT have the extra agents installed.

2. If yours looks like the one below, then YOU DO have them installed.

3. As stated you don’t have to remove them but if you want to simply execute the following two commands;

[box]

cd "Program FilesMicrosoftExchange ServerV15Scripts"
./Uninstall-AmtispamAgents.ps1

[/box]

4. Answer each question, then run;

[box]
services.msc[/box]

5. Restart the Microsoft Exchange Transport service.

Install SPAMfighter

6. Download the installer, and run it.

7. The installer is pretty straight forward > Next > Accept the EULA > Next > Enter your details > Next > Accept or change the install location > Next.

8. The product will install.

9. At this point it’s downloading definitions form the internet, and it will take a while.

10. When complete it needs to setup a user that the services will run under. Just supply a password > Next.

Note: This user (by default) is added to the local administrators group, and the Exchange Organization Management group.

11. Finish.

12. The management console installs on TCP port 5000, so if you need to access it through a firewall you will need to open that port.

13. Toolbars Tab: From here, I’ll jump straight to the configuration section, this drops you straight onto the Plugins tab. From here you can change the logo that will be displayed with the toolbar (this is NOT visible with Outlook 2013). You can also change the URL it points to and adding rights to users.

14. Toolbar Tab > Outlook Toolbar: On a client running Outlook > Download Outlook Toolbar > Run the installer.

Note: The installer is a .exe file, I would have preferred a .msi file, so I could deploy this out (on mass), to domain clients via GPO.

15. Next > Accept the EULA > Next > Next.

16. Finish.

17. Now when you launch Outlook you can see the plugin loading.

18. You will now have an extra toolbar with the following options.

BE AWARE: You install the OWA toolbar ONCE on the Exchange CAS server.

19. Toolbars > Outlook Web Application: Install OWA toolbar.

20. Yes.

21. Now when your clients access OWA, you have the toolbar.

22. Latest news: Essentially this is just an RSS feed from the manufacturer to keep you abreast of software updates etc. If you have some RSS aggregation software you can add this same feed.

23. Mailbox Tab > Mailboxes: Here it will list all the mailboxes, by default the ‘Default policy’ will be applied and virus filtering will NOT be enabled (this is an add on license). you can also access statistics for this particular mailbox, and view quarantined emails. The User filter settings are for applying an exception for this one mailbox (I’ll cover this later). If you can’t locate a particular user there is also a search function.

24. Mailbox Tab > Usergroups: Usergroups are used to apply policies, any new group requires you to maintain membership manually. But if your Active Directory is well designed, you can select your SPAMfighter groups based on your OU structure.

SEM – SPAMfighter – Configuring and Working with Policies

This is pretty intuitive, and the default policy comes preconfigured and already applied, though with all filtering systems it will probably take you a little while to get it streamlined to your requirements. The policies section has four main tabs;

Filter Settings: What tools you are going to use to look for spam.
Accept Actions: What it will do if it finds nothing.
Block Actions: What it will do if it finds something.
User Filter settings: Exceptions to the filters for one or more users.
Mailboxes: Puts you straight back to the mailbox section you saw earlier.

25. Out of the box there are five filters enabled.

26. But there are four further filters that you can add to the policies.

SPAMfighter – Filters

27. VIRUSfighter Antivirus Filter for SPAMfighter Exchange Module: Remember this is an ‘Add on’ so it would only apply to mailboxes that have this enabled. It’s on its most conservative setting, and will replace the infected email with safe content.

28. SPAMfighter Sender Filter > Whitelist:Simply add either a particular email address you want to allow or add in an entire domain.

29. If your lists get a little unwieldy you can import or export them, and chose weather to overwrite them or append the imported list to your existing list.

30. And where there is a Whitelist there is a Blacklist, it’s configured exactly the same.

31. Automatic Whitelist: This is a brilliant feature! It dynamically adds the addresses our users send to to the Whitelist, and maintains the cache for 10 days (which you can alter). I’m surprised this is disabled by default.

Note: This will be enabled by default in the next release.

32. SPAMfighter Content Filter > Whitelist phrases: Gives you the power to automatically Whitelist emails based on a phrase they contain i.e. Your corporate email disclaimer or default signature.

33. SPAMfighter Content Filter > Blacklist phrases: As the warning says be careful with this section, this is the sort of thing that is handy for blocking “We attempted to deliver your parcel but were unable to” emails that urge you to click an attached zip file full of infected spyware nastiness.

34. SPAMfighter Content Filter > Whitelist Attachments: Here you can upload an attachments (like your company logo from your email signatures) and the system will whitelist and allow through emails containing them.

35. SPAMfighter Content Filter > Blacklist Attachments: Thankfully this is disabled by default, the list of file extensions is quite long, and contains some commonly used file extensions, You will need to do some planning and testing with this one if you want to enable it.

36. SPAMfighter Community Filter: This will filter mail based on mails that have already been blocked by other SPAMfighter users, it uses a scoring/weighting system. You simply set a threshold the higher you set it the more mail will be stopped, this will require some fine tuning.

37. SPAMfighter Language Filter:This is enabled by default, but no languages are selected (which is sensible). If you are never expecting any emails in Chinese you can block them here.

SPAMfighter Filters that you can Manually Add to the Policy.

38. SPAMfighter IP-address Filter: Pretty much does what it says on the tin! Though blocking spammers by IP address is a little hard to manage, and it’s pretty easy to spoof an IP address anyway, which is probably when this is not on the default policy.

39. SPAMfighter Sender Policy Framework Filter: Personally I think you would be crazy to turn this on! If you don’t know what an SPF record is then read the following article.

Setting up the Correct DNS Records for your Web or Mail Server

40. SPAMfighter DNSBL Filter: A DNSBL is a dynamic DNS list of known spammers, if you are familiar with RBL block lists this is similar.

41. SPAMfighter Combined Spam Score Filter: All the other filters check the mail and give it a score, if the score is higher than a certain threshold this this filter will aggregate all those scores and block the mail.

SPAMfighter – Policies > Accept Actions

42. If the mail makes it through all the filters, then this section decides what happens with it.

43. And that is adding information to the mail header that says the mail was scanned and accepted.

SPAMfighter – Policies > Block Actions

44. If the mail gets blocked by any of the filters, this section decides how that is handled.

Note: You can add other actions from the drop-down list below if this does not do what you require.

45. Just as for the accept policy action, this modifies the email header, though this one says the mail was blocked.

46. SPAMfighter Move To Folder Policy Action > Mailboxes : The second default policy action takes that filtered email and places it within a folder called SPAMfighter within the users mailbox.

Note: You can redirect that mail to another mailbox if that is your preference.

47. The system for Public Folders (if you use them) is identical.

48. Contacts: As is says contacts do not have a mailbox, but you can redirect filters contact mail to a specific mailbox should you wish.

49. User Filter Settings: This section can create an exception for one particular user, it simply creates another policy that you can apply to that user.

50. You can create new policies and apply then to particular users or usergroups, and make the system as granular as you like.

51. Statistics: On my test network I didn’t have any throughput on which to pull some meaningful statistics.

52. Statistics > Notifications: You can have daily/weekly/monthly reports emailed to you.

53. If you decide to purchase, the licenses are priced per mailbox. Prices start at £14.50 each (or £29.00 with the Antivirus) And go down to £2.45 (or £4.90 with Antivirus) depending on the amount you buy. They are available for 1, 2, and 3 year periods. For an up to date price list go here.

Related Articles, References, Credits, or External Links

NA

Give users Calendar Access (Exchange 2000/2003/2007) PFDAVAdmin.

KB ID 0000031 Dtd 10/04/09

Problem

You want to grant access to a users calendar for another user, In Exchange 2000 and 2003 this can be done in Active Directory Users and Computers, and with 2007 it can be done with Powershell But Get used to using PFDAVAdmin.

This tool can also modify permissions on Public Folders (In fact that’s what it was built for) but it’s a handy tool to carry on your USB Key if you work on multiple Exchange systems.

Solution

1. Download and install PFDAVAmin.

http://www.microsoft.com/downloads/details.aspx?FamilyId=635BE792-D8AD-49E3-ADA4-E2422C0AB424&displaylang=en

Or HERE

2. Launch the PFDAVAmin.exe tool
3. File > Connect
4. Enter the Exchange Server name, Global Catalogue Server name, authenticate as your current user, or supply alternative credentials.
5. Select All Mailbox’s.

6. Expand Mailbox’s > Expand the user you are granting permissions ON > Expand "Top of Information Store".

7. Right Click Calendar > Folder Permissions > Add > Browse.
8. Click the drop down arrow and select your domain
9. Drill down to the user you want to grant permissions TO > Select them > OK > OK

 

Note: You can select the EVERYONE object if you wish.

10. Under Permissions change "None" to reviewer, author editor etc as appropriate.
11. Click Commit Changes.

 

Related Articles, References, Credits, or External Links

NA

Update Global Address List Error “WARNING: The recipient “xxxxxMicrosoft Exchange System Objects/xxxxx” is invalid and couldn’t be updated

KB ID 0000516 

Problem

Seen when manually trying to update the Global Address List, with the following powershell command:

[box]Update-GlobalAddressList -identity ‘Default Global Address List'[/box]

Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/{A Public Folder Name}” is invalid and couldn’t be updated.

or

Error: WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 2” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/OAB Version 3a” is invalid and couldn’t be updated. WARNING: The recipient “{your domain name}/Microsoft Exchange System Objects/Offline Address Book – /o={your domain name}V/cn=addrlists/cn=oabs/cn=123” is invalid and couldn’t be updated.

This is commonly seen when an Exchange environment has been migrated from Exchange 2003. And it happens because the Alias names for the particular public folders have spaces in them (or a character that Exchange does not like).

Solution

1. On your Exchange 2007/2010 Server Launch the Exchange Management Console > Toolbox > Public Folder Management Console.

2. If you error is about OAB / Address books skip to step 5, If it’s to do with a public folder that your organisation has created, expand default public folders and locate one of them that’s causing the error (In the example above I’ve highlighted one called “1045 – Greengairs” > Select its parent > Then select it (in the central pane) and open its properties.

3. As soon as you select the “Exchange General” tab, you will get an error popup which indicates the problem, there is a problem with the Alias name, in this example there’s spaces in it remove them.

Error: The properties on this object have invalid data. If you click OK, default values will be used instead and will be saved if you do not change them before hitting Apply or OK on the property page. If you click cancel, the object will be displayed read-only and corrupted values will be retained.

4. Once removed apply the changes.

5. If your error references OAB or address books, expand system Public Folders > OFFLINE ADDRESS BOOK > Check the properties of ALL its child objects > and on the Exchange General tab remove any spaces or unusual characters.

 

Related Articles, References, Credits, or External Links

NA

Public Folder Migration Exchange 2003 to 2010

KB ID 0000426 

Problem

I’ve already written at length about migrating from Exchange 2003 to 2010, I was doing a migration this week and migrating the public folders was proving to be a pain.

If you have multiple public folders within public folders then setting up replication can be a nightmare, as the replication settings don’t get passed down to the child object.

Normally you could use PFDAdmin and this would do it for you, or use the Exchange ExFolder tool, or even the powershell scripts included with Exchange 2010 (like AddReplicatoPFRecursive.ps1). But sadly all these failed for me today.

To use the Exchange 2010 Scripts click here.

In the end, with the aid of third line support at Microsoft, it was fixed using a feature of Exchange 2003 that I NEVER KNEW was there 🙂

Solution

1. The bad news is you still have to add the new Exchange 2010 server as a replica on the top level folder. (Right click > Properties > Replication Tab > Add > Add in the new server > Set the interval to always run > priority to urgent (unless you have a LOT! then choose Normal) > Apply.

Update: Eagle eyed visitor Brian Morphey, mailed me to point out that in my diagram all the folders are under the Exchange 2010 Administrative group, How did they get there? You need to use Exchange system Manager to create a public folder group in the new administrative group then simply DRAG the public folder group from the old admin group to the new one.

2. Right click the folder again > All Tasks > Manage Settings.

3. Select “Modify lists of replica servers” > Next.

4. Add servers > Next.

5. Add in BOTH the 2003 server AND the 2010 server > Next.

6. Finish.

7. It will now run through all the sub folders and apply the same replication settings on all of them, this can take a while depending on the number of folders.

8. Go to the Exchange 2010 Server and open the Public Folder Management console, right click Public Folder {your server name} > Update Hierarchy.

9. Repeat the above, but this time select “Refresh”.

10. Finally to speed things along, you can right click each folder and select “Update Content”.

11. Now wait! It can take a while till replication is complete.

Removing Public Folder Replicas

Once All the data has replicated across you can remove the 2003 replica by doing the reverse.

1. Right click the public folder > All Tasks > Manage Settings > Next > Modify List of replica servers > Next.

2. Remove servers> Next > Tick the server you want to REMOVE the replica from > Next.

3. Finish > Depending on the amount of data it may take a while.

Migrating Public Folders with Exchange 2010 Scripts

Step 1 Set up Public Folder Replication to Exchange 2010

On the Exchange 2010 Server open the Exchange Management Shell and execute the following three commands;

[box]
CD “C:Program FilesMicrosoftExchange ServerV14Scripts”
.AddReplicaToPFRecursive.ps1 -TopPublicFolder “” -ServerToAdd “EX-2010.petenetlive.com”

Update-PublicFolderHierarchy -Server “EX-2010.petenetlive.com”
[/box]

Step 2 Once the Replication Has occurred

Warning: Check that replication is complete before you do this!

Check replication with a “Get-PublicFolderStatistics ” command, once you are happy, run the following two commands;

[box]CD “C:Program FilesMicrosoftExchange ServerV14Scripts”
.MoveAllReplicas.ps1 -Server “EX-2003.petenetlive.com” -NewServer “EX-2010.petenetlive.com”[/box]

Related Articles, References, Credits, or External Links

Thanks to Brian Morphey for the feedback.

The requested operation is forbidden.  ID no: c1030af1

KB ID 0000014 

Problem

Above error seen when connecting to a public folder instance from Exchange 2003

The requested operation is forbidden.
ID no: c1030af1
Exchange System Manager

Solution

1.  Go to the Exchange Server  that you were trying to connect to (I see this error quite often in Exchange 2000 to 2007 migrations, you see this error when connecting to public folders on the 2007 Server).  Start> Administrative tools > Internet Information Server Manager.

2. Expand Web sites > Default Web Sites > Right click EXADMIN > Properties > Directory Security > Secure Communications Section (at the bottom) > Edit

3. Un-tick require secure channel SSL > Apply > OK

4. Start > run > services.msc > Locate the IIS Admin service > right click > Restart.

5. Restart Exchange System Manager on the Exchange 2003 Server you should now be able to connect.

Related Articles, References, Credits, or External Links

NA