Exchange 2010 BPA Results

Exchange Server 2010 SP3 RU8 Enterprise 64 bit
Windows 2008 R2 64 bit

Ran Best Practices Analyzer and I have most of the problems resolved

A few outdated drivers and this one

Top level public folder creation
All users are allowed to create top level public folders  It is best practice to deny this facility

All my research find information on how to do this on Exchange 2003 and Exchange 2007

I need command or EMC method for Exchange 2010
Even Adsiedit information I found was for Exchange 2003 and Exchange 2007

Thanks

Tom
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Public Folder Permissions can be modified using the Public Folder Management Console. It is somewhat confusing because you have to click the root folder on the left and in the right hand pane you right click the public folder and select properties, permissions tab and add/remove users as needed.

The link below also describes exactly how to propagate permissions to child public folders (half way down in the link)

Also the link below provides examples of how to do this using Exchange Management Shell.

https://technet.microsoft.com/en-us/library/bb691327(v=exchg.141).aspx

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thank you for the information

Forgot the put that under tools

After starting the Public Folder Management Console I do not see my Public Folder listed.

I expanded Default Public Folders and it is empty
Under System Public folders
Eforms Registry
Event Roots
Offline Address Book
OWAScratchPad {593....
OWAScratchPad {704....
Schedule Free + Busy
Store Events

Using EMC Organization Configuration Expand Mailbox On Database Management Tab I have
Public Folder Database 2010   Mounted  Serv025


What am I missing here?

Thoughts?
0
Will SzymkowskiSenior Solution ArchitectCommented:
Do you have multiple public folder databases? If you do, have you checked to ensure that the replication is setup for both servers?

If you have multiple servers check all of the public folders that are hosted on each mailbox server and see if connecting to different ones will present the data you are looking for. If 1 public folder hosted on a mailbox database is showing your Public folder and another mailbox server is not then replication is not working properly.

pub2.JPG
Will.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Thomas GrassiSystems AdministratorAuthor Commented:
Will

I had Exchange 2007 but that server is no longer available we removed that a while back

So Only one Public database and One Exchange Server.

No replication is setup

When I start the Public Folder Management Console I am connected to the default server which is my only server
I am doing this on the server console not my windows 7 computer.

The public folder database should show up under default public folders correct?

Should I create a new public folder database from the PFMC ?

Not sure what happened when I originally create this public folder database I know it is new because of the name
Public Folder Database 2010


Thoughts
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Update

Just created a new Public folder using PFMC. Now I see the Public folder under default Public Folder in PFMC

Then went to EMC under organization configuration and saw under actions "New Public Folder Database"

That is what I did when I created Public Folder Database 2010

What is the difference between PFMC and EMC methods?

Should I delete the "Public Folder Database 2010" from the EMC Database management section?

If that database required for Public folder to work? If so how do I tie them together?


Thoughts
0
Will SzymkowskiSenior Solution ArchitectCommented:
What is the difference between PFMC and EMC methods?

in the EMC you are creating the initial public folder database. This is the first step. Once you have created the database you can then start to create public folders within the databases.

Should I delete the "Public Folder Database 2010" from the EMC Database management section?
No, you need to have a database where the public folders are stored.

Once you have created the public folder database you can then create Public Folders within the database using Public Folder Management Console.

So now that you have created your public folder using the PFMC this your starting point.

What you have done it correct.

Your initial Exchange BPA results are probably referencing objects that are still in active directory that were not properly removed, from your previous environment. That would be by guess.

A side from that everything looks good from what you have stated now.

You can also create public folders within Outlook as well (you need the required permissions) and also this does not show all of the properties required so that is when you can use PFMC to perform high level tasks.

Will.

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

I see that I see how the Folder is connected to the database

I checked the permissions on the folder all look ok

What Entries in AD should I look for?
0
Will SzymkowskiSenior Solution ArchitectCommented:
Using the following...
- adsiedit.msc
- connect to Configuration Partition
- expand Services, Microsoft Exchange, First Site Name, Administrative Groups
- expand Administrative Group,
- expand servers (check to make sure that there are no servers listed that are no longer online)

If everything looks good then you should be fine.

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thank you

Ran adsiedit.msc   Only one server listed that is the 2010 server

So I guess we are now back to my original post.

Just reran the BPA again with same results

Very strange where to find this information I always find the difficult issues.

Thoughts
0
Will SzymkowskiSenior Solution ArchitectCommented:
In the initial links i have provided you can verify the permissions using PFMC or Shell. Below is how you would do this from the shell.

Get-PublicFolderAdministrativePermission -Identity \

Open in new window


If you see All Users in the list you can simply remove or deny this permission (just on this root folder).

Use the Remove-PublicFolderAdministrativePermission to remove or Add-PublicFolderAdministrativePermission to add groups or individuals.

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks

Results of

[PS] C:\Windows\system32>get-publicfolderadministrativepermission -identity \

Identity             User                 AccessRights                                                IsInherited Deny
--------             ----                 ------------                                                ----------- ----
\                    OUR\Organization ... {ViewInformationStore}                                      True        False
\                    OUR\Public Folder... {ViewInformationStore}                                      True        False
\                    OUR\Exchange View... {ViewInformationStore}                                      True        False
\                    OUR\Exchange Publ... {ViewInformationStore}                                      True        False
\                    OUR\Organization ... {AdministerInformationStore}                                True        False
\                    OUR\Public Folder... {AdministerInformationStore}                                True        False
\                    OUR\Exchange Publ... {AdministerInformationStore}                                True        False
\                    OUR\Organization ... {ModifyPublicFolderACL}                                     True        False
\                    OUR\Public Folder... {ModifyPublicFolderACL}                                     True        False
\                    OUR\Exchange Publ... {ModifyPublicFolderACL}                                     True        False
\                    OUR\Organization ... {MailEnablePublicFolder}                                    True        False
\                    OUR\Public Folder... {MailEnablePublicFolder}                                    True        False
\                    OUR\Organization ... {ModifyPublicFolderQuotas}                                  True        False
\                    OUR\Public Folder... {ModifyPublicFolderQuotas}                                  True        False
\                    OUR\Exchange Publ... {ModifyPublicFolderQuotas}                                  True        False
\                    OUR\Organization ... {ModifyPublicFolderAdminACL}                                True        False
\                    OUR\Public Folder... {ModifyPublicFolderAdminACL}                                True        False
\                    OUR\Exchange Publ... {ModifyPublicFolderAdminACL}                                True        False
\                    OUR\Organization ... {ModifyPublicFolderExpiry}                                  True        False
\                    OUR\Public Folder... {ModifyPublicFolderExpiry}                                  True        False
\                    OUR\Exchange Publ... {ModifyPublicFolderExpiry}                                  True        False
\                    OUR\Organization ... {ModifyPublicFolderReplicaList}                             True        False
\                    OUR\Public Folder... {ModifyPublicFolderReplicaList}                             True        False
\                    OUR\Exchange Publ... {ModifyPublicFolderReplicaList}                             True        False
\                    OUR\Organization ... {ModifyPublicFolderDeletedItemRetention}                    True        False
\                    OUR\Public Folder... {ModifyPublicFolderDeletedItemRetention}                    True        False
\                    OUR\Exchange Publ... {ModifyPublicFolderDeletedItemRetention}                    True        False
\                    OUR\Exchange Doma... {AllExtendedRights}                                         True        False
\                    OUR\Exchange Servers {AllExtendedRights}                                         True        False
\                    OUR\Exchange Doma... {AllExtendedRights}                                         True        False
\                    NT AUTHORITY\SYSTEM  {AllExtendedRights}                                         True        False
\                    OUR\Organization ... {AllExtendedRights}                                         True        False
\                    OUR\Exchange Serv... {AllExtendedRights}                                         True        False
\                    OUR\Exchange Orga... {AllExtendedRights}                                         True        False
\                    OUR\Exchange Trus... {AllExtendedRights}                                         True        False
\                    OUR\Administrator    {AllExtendedRights}                                         True        False
\                    OUR\Enterprise Ad... {AllExtendedRights}                                         True        False
\                    OUR\Domain Admins    {AllExtendedRights}                                         True        False


[PS] C:\Windows\system32>

I did not see ALL Users


Thoughts
0
Will SzymkowskiSenior Solution ArchitectCommented:
Have you also checked the permissions using adsiedit.msc for these public folders? I am wondering if these permissions are being applied (inherited on the active directory side).

Check all of your public folders in adsiedit, under the security tab and make sure that the permissions are correct.

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Thanks

What folder are the public folders in using Adsiedit.msc I do not see anything that shows public folders
0
Will SzymkowskiSenior Solution ArchitectCommented:
They are listed under CN=Exchange Administrative Group (FYDIBOHF23SPDLT) > Databases >

You will then see all of your databases including your public folders.

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

Found it thanks

Now I just need to figure out what to change.

Has many groups in the list

I found EVERYONE
Has
READ
Create named properties in the information store
Special Permissions

Under advanced
Allow inheritable permissions from the parent to propagate to this object and all child objects . Include these with entries explicitly defined here.

This is checked

Thoughts
0
Will SzymkowskiSenior Solution ArchitectCommented:
Whatever Public Folder database you are using has correct permissions. I have just checked my public folder databases (clean install in my lab) and the permissions are same as what you are presenting.

Do you have any other public folders which might be from previous versions of Exchange?

Will.
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

NO

Only One Public folder Database is listed
0
Will SzymkowskiSenior Solution ArchitectCommented:
Take a look at the First Organization Group properties. Showing screenshot below. If this is not checked you can try denying this action and running the Exchange BPA again.

adsiedit.JPG
Also based on this error message this was a setting that was enabled back with Exchange 2000 and is now not enabled by default with newer version of Exchange.
https://technet.microsoft.com/en-us/library/aa996768%28v=exchg.80%29.aspx

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Will

That's it..

I was on the Public folders properties not the first organization

Now I see the same thing

I removed the check and I will run another BPA in a while after AD updates the network
0
Thomas GrassiSystems AdministratorAuthor Commented:
Will

That did it.  Also I finally figured out how to get Public Folder to work on Exchange and in Outlook The BPA helps a lot as do you.

Just need to see how I can get public folders on my iphones etc.

If you get a change can you take a look at my 1033 message

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28616876.html

I have a thought on that

Thanks again for all your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.