Managing Public Folder replication and client permissions with scripts

Anderson Patricio

Network Administration - This series will introduce you to Exchange Server 2007 scripts for managing Public Folder replicas and client permissions.

All the scripts introduced in this article can be found in the Scripts folder of any Exchange Server 2007 installation directory.

Public Folder folders are a feature of Exchange in providing many management options. We'll show you some of the main management methods, then use some scenarios to demonstrate how we can manage some Public Folder features through them.

With Exchange Server 2007 SP1 we can use the tool called Public Folder Management Tool to allow administrators to create and manage Public Folders and System Folders in the same view window, as shown in Figure 1. .

Picture 1 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 01

We can use Exchange Server 2003 Exchange System Manager to manage Exchange Server 2007 Public Folders. Install the Exchange System Manager tool in some operating systems (Windows 2000 Server, Windows Server 2003 or Windows XP), though However, it is necessary to follow some prerequisites, these prerequisites depend on each operating system.

We do not need to install management tools on Exchange Server 2003. Let's assume that we have a completely pure Exchange Server 2003 and Windows Server 2003, then just install IIS and install the Exchange Server installation disk. 2003 into the drive, click Exchange Deployment Tools, and then click Install Exchange System Management Tools only. Follow the installation process and make sure you select the Exchange System Management Tools during the selection of components.

One problem you need to keep in mind to access Public Folder using the Exchange Management Tools is to disable the SSL procedure for the ExAdmin virtual directory.

Open IIS (Internet Information Services Manager).

Open Web Sites.

Open Default Web Site.

Right-click ExAdmin.

Click the Directory Security tab

Click the last button Edit . located in the Secure Communications area .

Remove the option to Require Secure Channel (SSL).

Now we can return to the server where Exchange System Manager has been installed and opened Public Folders (Figure 2). Don't forget to install Service Pack 2 on this installation as it will add a lot of useful Public Folder management resources.

Picture 2 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 02

We also have the third option, which is using the PFDavAdmin tool (Figure 3), this is where we can manage duplicates, client permissions, restrictions, . To use PFDavAdmin we can download it from here.

Picture 3 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 03

By default, any Exchange Server 2007 installation has a subdirectory called Scripts, which is where we can find a lot of scripts to help us perform administrative tasks. day. In this section, we will introduce scenarios related to Public Folder management. There are all the scripts we will use in this section.

AddReplicaToPFRecursive

RemoveReplicaFromPFRecursive

ReplaceReplicaOnPFRecursive

MoveAllReplicas.ps1

AddUsersToPFRecursive.ps1

ReplaceUserWithUserOnPFRecursive.ps1

ReplaceUserPermissionOnPFRecursive.ps1

RemoveUserFromPFRecursive.ps1

We will test these scripts in a scenario where we have three servers (srv-ex01, srv-ex02 and srv-ex03) and they all have the Mailbox Server role installed, with Public Folder Database and active. We have several Public Folders configured on the srv-ex01 server and in this section we will configure replicas between these servers. Public Folders are located on the first server and have three directories (Finance, IT and Sales), the Internet top folder has four extended folders. Public Folder structure can be referenced in Figure 4.

Picture 4 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 04

Before using these scripts, let's look at some general usage guidelines. First of all, you can edit them and create your own scripts, and you can use the –help switch for help and examples of how to use the script, eventually using the ' ./' plus the script name to run the script through the Exchange Management Console session.

The final warning is to use them for Exchange Server 2007, the parameters in the Server all scripts must be Exchange Server 2007.

Manage folder copies

The Public Folder architecture is replicated between servers, but the copy content must be defined by Exchange Administrator. We will use the AddReplicaToPFRecursive.ps1 script to add another server to the replica list of the top directory and all subdirectories, that way all information will be available on both machines. master. The syntax below can be used, see below:

.AddReplicaToPFRecursive.ps1 –server srv-ex01 –TopPublicFolder 'IT' –ServertoAdd srv-ex02

Time to validate if the script works as expected, let's use Exchange Management Shell to see such information. Using the Get-PublicFolderStatistics –Identify 'IT' | fl command and considering the properties of Replicas (Figure 5), we will see two Public Folder databases where the information is being configured. Both srv-ex01 and srv-ex02 both have the same Public Folder database name.

Picture 5 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 05

We can also remove duplicates from a directory and its subdirectories, using the following syntax:

./RemoveReplicaFromPFRecursive.ps1 –server -ToPublicFolder 'FolderName'-ServerToRemove

Sometimes the Exchange Admin has a replica set with both servers and another server entered into the organization to remove one of the existing servers. We can use the example below, where we have ex01 and srv-ex02 are regenerating and will remove the server srv-ex02 then add the server srv-ex03 to the current copy list, see below:

./ReplaceReplicaOnPFRecursive.ps1 –Server srv-ex01 -TopPublicFolder 'Foldername' –ServerToRemove srv-ex02 –ServerToAdd srv-ex03

Finally, the MoveAllReplicas.ps1 (this is not the last scenario) is where we can transfer all Public Folders from one server to another. This operation will remove the server from all replica tabs. It is a very useful scenario when we demonstrate a server. The syntax of the statement is quite simple.

./MoveAllReplicas.ps1 –Server srv-ex02 –NewServer srv-ex03

Note:
When using the MoveAllReplicas.ps1 script, System Folder will also be transferred.

Manage user permissions on folders

In the last part we will look at how to configure Public Folder replication, now we will configure some permissions on Public Folder. Use the Public Folder structure as shown in Figure 6.

Picture 6 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 06

Let's assume that we need to add a Publishing Editor user to all IT folders and subdirectories, we can do that using the AddUsersToPFRecursive.ps1 script and need to specify the set The parameters refer to where we define which directory, which user, which permissions will be configured. This syntax can be used:

.AddUsersToPFRecursive.ps1 –Server srv-ex01 –TopPublicFolder 'IT' –User Anderson.patricio –Permissions {PublishingEditor}

Using the above command, the user named Anderson.patricio will be assigned to Publishing Editor in all folders and subdirectories of the IT directory structure. We can define a set of custom permissions in public folders, such as CreateItems, ReadItems, CreateSubfolders, etc. Besides Role-based permissions can be defined. Each role has a set of pre-defined permissions that will be applied. The roles and text that can be used with the -Permission parameter of the script are in the following table:

Role access

The value is used with the parameter parameter

Owner

Publishing Editor

PublishingEditor

Editor

Publishing Author

PublishingAutor

Author

Non-editing Author

NonEditingAuthor

Reviewer

Contributor

Folder Visible

None

To validate which permissions are allowed, we can run the following command:

Get-PublicFolderClientPermission IT | fl

Both steps are shown in Figure 7.

Picture 7 of Managing Public Folder replication and client permissions with scripts - Part 1
Figure 07

We can change user permissions in a directory structure using a script called ReplaceUserPermissionOnPFRecursive.ps1. Let's assume that we want to change the existing user added to PublishingAuthor instead of Publishing Editor, to do that, you can use the syntax below:

./ReplaceUserPermissiononPFRecursive.ps1 –TopPublicFolder 'IT' –User anderson.patricio –Permissions {PublishingAuthor}

We can also remove users from a directory and subdirectory using the RemoveUserFromPFRecursive.ps1 script:

./RemoveUserfromPFRecursive.ps1 –TopPublicFolder 'FolderName' - user UserNametobeRemoved

You will be asked in each folder but if you want to remove a user, just press Y to confirm.

Another option here is to replace an existing user listed on Public Folder permissions for other users. The script does not change the terms but only changes this user to another user. All terms are completely unchanged.

./ReplaceUserWithUserOnPFRecursive.ps1 –TopPublicFolder 'FolderName' - UserOld UsertobeReplaced –NewUser NewUserName

Conclude

In this article, I have shown you how to use the scripts available in Exchange Server 2007 to manage Public Folders. Using such scripts we can completely manage Public Folder replicas and client permissions with a command line script.

ncG1vNJzZmismaXArq3KnmWcp51kuqK6wKCgp59dpcKjuMicZJ%2BnnJmys3nRnqeloZOWwaq7zWaYp5xdmLmqsc2tZKmdoqK2tL%2FIqKWsZaeewal50pypoqikqHqxrdGtZGo%3D