Member_2_6492660_1
asked on
Exchange 2010 BPA Results
Exchange Server 2010 SP3 RU8 Enterprise 64 bit
Windows 2008 R2 64 bit
Ran Best Practices Analyzer and I have most of the problems resolved
A few outdated drivers and this one
Top level public folder creation
All users are allowed to create top level public folders It is best practice to deny this facility
All my research find information on how to do this on Exchange 2003 and Exchange 2007
I need command or EMC method for Exchange 2010
Even Adsiedit information I found was for Exchange 2003 and Exchange 2007
Thanks
Tom
Windows 2008 R2 64 bit
Ran Best Practices Analyzer and I have most of the problems resolved
A few outdated drivers and this one
Top level public folder creation
All users are allowed to create top level public folders It is best practice to deny this facility
All my research find information on how to do this on Exchange 2003 and Exchange 2007
I need command or EMC method for Exchange 2010
Even Adsiedit information I found was for Exchange 2003 and Exchange 2007
Thanks
Tom
ASKER
Will
Thank you for the information
Forgot the put that under tools
After starting the Public Folder Management Console I do not see my Public Folder listed.
I expanded Default Public Folders and it is empty
Under System Public folders
Eforms Registry
Event Roots
Offline Address Book
OWAScratchPad {593....
OWAScratchPad {704....
Schedule Free + Busy
Store Events
Using EMC Organization Configuration Expand Mailbox On Database Management Tab I have
Public Folder Database 2010 Mounted Serv025
What am I missing here?
Thoughts?
Thank you for the information
Forgot the put that under tools
After starting the Public Folder Management Console I do not see my Public Folder listed.
I expanded Default Public Folders and it is empty
Under System Public folders
Eforms Registry
Event Roots
Offline Address Book
OWAScratchPad {593....
OWAScratchPad {704....
Schedule Free + Busy
Store Events
Using EMC Organization Configuration Expand Mailbox On Database Management Tab I have
Public Folder Database 2010 Mounted Serv025
What am I missing here?
Thoughts?
Do you have multiple public folder databases? If you do, have you checked to ensure that the replication is setup for both servers?
If you have multiple servers check all of the public folders that are hosted on each mailbox server and see if connecting to different ones will present the data you are looking for. If 1 public folder hosted on a mailbox database is showing your Public folder and another mailbox server is not then replication is not working properly.
Will.
If you have multiple servers check all of the public folders that are hosted on each mailbox server and see if connecting to different ones will present the data you are looking for. If 1 public folder hosted on a mailbox database is showing your Public folder and another mailbox server is not then replication is not working properly.
Will.
ASKER
Will
I had Exchange 2007 but that server is no longer available we removed that a while back
So Only one Public database and One Exchange Server.
No replication is setup
When I start the Public Folder Management Console I am connected to the default server which is my only server
I am doing this on the server console not my windows 7 computer.
The public folder database should show up under default public folders correct?
Should I create a new public folder database from the PFMC ?
Not sure what happened when I originally create this public folder database I know it is new because of the name
Public Folder Database 2010
Thoughts
I had Exchange 2007 but that server is no longer available we removed that a while back
So Only one Public database and One Exchange Server.
No replication is setup
When I start the Public Folder Management Console I am connected to the default server which is my only server
I am doing this on the server console not my windows 7 computer.
The public folder database should show up under default public folders correct?
Should I create a new public folder database from the PFMC ?
Not sure what happened when I originally create this public folder database I know it is new because of the name
Public Folder Database 2010
Thoughts
ASKER
Will
Update
Just created a new Public folder using PFMC. Now I see the Public folder under default Public Folder in PFMC
Then went to EMC under organization configuration and saw under actions "New Public Folder Database"
That is what I did when I created Public Folder Database 2010
What is the difference between PFMC and EMC methods?
Should I delete the "Public Folder Database 2010" from the EMC Database management section?
If that database required for Public folder to work? If so how do I tie them together?
Thoughts
Update
Just created a new Public folder using PFMC. Now I see the Public folder under default Public Folder in PFMC
Then went to EMC under organization configuration and saw under actions "New Public Folder Database"
That is what I did when I created Public Folder Database 2010
What is the difference between PFMC and EMC methods?
Should I delete the "Public Folder Database 2010" from the EMC Database management section?
If that database required for Public folder to work? If so how do I tie them together?
Thoughts
What is the difference between PFMC and EMC methods?
in the EMC you are creating the initial public folder database. This is the first step. Once you have created the database you can then start to create public folders within the databases.
Should I delete the "Public Folder Database 2010" from the EMC Database management section?No, you need to have a database where the public folders are stored.
Once you have created the public folder database you can then create Public Folders within the database using Public Folder Management Console.
So now that you have created your public folder using the PFMC this your starting point.
What you have done it correct.
Your initial Exchange BPA results are probably referencing objects that are still in active directory that were not properly removed, from your previous environment. That would be by guess.
A side from that everything looks good from what you have stated now.
You can also create public folders within Outlook as well (you need the required permissions) and also this does not show all of the properties required so that is when you can use PFMC to perform high level tasks.
Will.
Will.
ASKER
Will
I see that I see how the Folder is connected to the database
I checked the permissions on the folder all look ok
What Entries in AD should I look for?
I see that I see how the Folder is connected to the database
I checked the permissions on the folder all look ok
What Entries in AD should I look for?
Using the following...
- adsiedit.msc
- connect to Configuration Partition
- expand Services, Microsoft Exchange, First Site Name, Administrative Groups
- expand Administrative Group,
- expand servers (check to make sure that there are no servers listed that are no longer online)
If everything looks good then you should be fine.
Will.
- adsiedit.msc
- connect to Configuration Partition
- expand Services, Microsoft Exchange, First Site Name, Administrative Groups
- expand Administrative Group,
- expand servers (check to make sure that there are no servers listed that are no longer online)
If everything looks good then you should be fine.
Will.
ASKER
Will
Thank you
Ran adsiedit.msc Only one server listed that is the 2010 server
So I guess we are now back to my original post.
Just reran the BPA again with same results
Very strange where to find this information I always find the difficult issues.
Thoughts
Thank you
Ran adsiedit.msc Only one server listed that is the 2010 server
So I guess we are now back to my original post.
Just reran the BPA again with same results
Very strange where to find this information I always find the difficult issues.
Thoughts
In the initial links i have provided you can verify the permissions using PFMC or Shell. Below is how you would do this from the shell.
If you see All Users in the list you can simply remove or deny this permission (just on this root folder).
Use the Remove-PublicFolderAdminis trativePer mission to remove or Add-PublicFolderAdministra tivePermis sion to add groups or individuals.
Will.
Get-PublicFolderAdministrativePermission -Identity \
If you see All Users in the list you can simply remove or deny this permission (just on this root folder).
Use the Remove-PublicFolderAdminis
Will.
ASKER
Will
Thanks
Results of
[PS] C:\Windows\system32>get-pu blicfolder administra tivepermis sion -identity \
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
\ OUR\Organization ... {ViewInformationStore} True False
\ OUR\Public Folder... {ViewInformationStore} True False
\ OUR\Exchange View... {ViewInformationStore} True False
\ OUR\Exchange Publ... {ViewInformationStore} True False
\ OUR\Organization ... {AdministerInformationStor e} True False
\ OUR\Public Folder... {AdministerInformationStor e} True False
\ OUR\Exchange Publ... {AdministerInformationStor e} True False
\ OUR\Organization ... {ModifyPublicFolderACL} True False
\ OUR\Public Folder... {ModifyPublicFolderACL} True False
\ OUR\Exchange Publ... {ModifyPublicFolderACL} True False
\ OUR\Organization ... {MailEnablePublicFolder} True False
\ OUR\Public Folder... {MailEnablePublicFolder} True False
\ OUR\Organization ... {ModifyPublicFolderQuotas} True False
\ OUR\Public Folder... {ModifyPublicFolderQuotas} True False
\ OUR\Exchange Publ... {ModifyPublicFolderQuotas} True False
\ OUR\Organization ... {ModifyPublicFolderAdminAC L} True False
\ OUR\Public Folder... {ModifyPublicFolderAdminAC L} True False
\ OUR\Exchange Publ... {ModifyPublicFolderAdminAC L} True False
\ OUR\Organization ... {ModifyPublicFolderExpiry} True False
\ OUR\Public Folder... {ModifyPublicFolderExpiry} True False
\ OUR\Exchange Publ... {ModifyPublicFolderExpiry} True False
\ OUR\Organization ... {ModifyPublicFolderReplica List} True False
\ OUR\Public Folder... {ModifyPublicFolderReplica List} True False
\ OUR\Exchange Publ... {ModifyPublicFolderReplica List} True False
\ OUR\Organization ... {ModifyPublicFolderDeleted ItemRetent ion} True False
\ OUR\Public Folder... {ModifyPublicFolderDeleted ItemRetent ion} True False
\ OUR\Exchange Publ... {ModifyPublicFolderDeleted ItemRetent ion} True False
\ OUR\Exchange Doma... {AllExtendedRights} True False
\ OUR\Exchange Servers {AllExtendedRights} True False
\ OUR\Exchange Doma... {AllExtendedRights} True False
\ NT AUTHORITY\SYSTEM {AllExtendedRights} True False
\ OUR\Organization ... {AllExtendedRights} True False
\ OUR\Exchange Serv... {AllExtendedRights} True False
\ OUR\Exchange Orga... {AllExtendedRights} True False
\ OUR\Exchange Trus... {AllExtendedRights} True False
\ OUR\Administrator {AllExtendedRights} True False
\ OUR\Enterprise Ad... {AllExtendedRights} True False
\ OUR\Domain Admins {AllExtendedRights} True False
[PS] C:\Windows\system32>
I did not see ALL Users
Thoughts
Thanks
Results of
[PS] C:\Windows\system32>get-pu
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
\ OUR\Organization ... {ViewInformationStore} True False
\ OUR\Public Folder... {ViewInformationStore} True False
\ OUR\Exchange View... {ViewInformationStore} True False
\ OUR\Exchange Publ... {ViewInformationStore} True False
\ OUR\Organization ... {AdministerInformationStor
\ OUR\Public Folder... {AdministerInformationStor
\ OUR\Exchange Publ... {AdministerInformationStor
\ OUR\Organization ... {ModifyPublicFolderACL} True False
\ OUR\Public Folder... {ModifyPublicFolderACL} True False
\ OUR\Exchange Publ... {ModifyPublicFolderACL} True False
\ OUR\Organization ... {MailEnablePublicFolder} True False
\ OUR\Public Folder... {MailEnablePublicFolder} True False
\ OUR\Organization ... {ModifyPublicFolderQuotas}
\ OUR\Public Folder... {ModifyPublicFolderQuotas}
\ OUR\Exchange Publ... {ModifyPublicFolderQuotas}
\ OUR\Organization ... {ModifyPublicFolderAdminAC
\ OUR\Public Folder... {ModifyPublicFolderAdminAC
\ OUR\Exchange Publ... {ModifyPublicFolderAdminAC
\ OUR\Organization ... {ModifyPublicFolderExpiry}
\ OUR\Public Folder... {ModifyPublicFolderExpiry}
\ OUR\Exchange Publ... {ModifyPublicFolderExpiry}
\ OUR\Organization ... {ModifyPublicFolderReplica
\ OUR\Public Folder... {ModifyPublicFolderReplica
\ OUR\Exchange Publ... {ModifyPublicFolderReplica
\ OUR\Organization ... {ModifyPublicFolderDeleted
\ OUR\Public Folder... {ModifyPublicFolderDeleted
\ OUR\Exchange Publ... {ModifyPublicFolderDeleted
\ OUR\Exchange Doma... {AllExtendedRights} True False
\ OUR\Exchange Servers {AllExtendedRights} True False
\ OUR\Exchange Doma... {AllExtendedRights} True False
\ NT AUTHORITY\SYSTEM {AllExtendedRights} True False
\ OUR\Organization ... {AllExtendedRights} True False
\ OUR\Exchange Serv... {AllExtendedRights} True False
\ OUR\Exchange Orga... {AllExtendedRights} True False
\ OUR\Exchange Trus... {AllExtendedRights} True False
\ OUR\Administrator {AllExtendedRights} True False
\ OUR\Enterprise Ad... {AllExtendedRights} True False
\ OUR\Domain Admins {AllExtendedRights} True False
[PS] C:\Windows\system32>
I did not see ALL Users
Thoughts
Have you also checked the permissions using adsiedit.msc for these public folders? I am wondering if these permissions are being applied (inherited on the active directory side).
Check all of your public folders in adsiedit, under the security tab and make sure that the permissions are correct.
Will.
Check all of your public folders in adsiedit, under the security tab and make sure that the permissions are correct.
Will.
ASKER
Will
Thanks
What folder are the public folders in using Adsiedit.msc I do not see anything that shows public folders
Thanks
What folder are the public folders in using Adsiedit.msc I do not see anything that shows public folders
They are listed under CN=Exchange Administrative Group (FYDIBOHF23SPDLT) > Databases >
You will then see all of your databases including your public folders.
Will.
You will then see all of your databases including your public folders.
Will.
ASKER
Will
Found it thanks
Now I just need to figure out what to change.
Has many groups in the list
I found EVERYONE
Has
READ
Create named properties in the information store
Special Permissions
Under advanced
Allow inheritable permissions from the parent to propagate to this object and all child objects . Include these with entries explicitly defined here.
This is checked
Thoughts
Found it thanks
Now I just need to figure out what to change.
Has many groups in the list
I found EVERYONE
Has
READ
Create named properties in the information store
Special Permissions
Under advanced
Allow inheritable permissions from the parent to propagate to this object and all child objects . Include these with entries explicitly defined here.
This is checked
Thoughts
Whatever Public Folder database you are using has correct permissions. I have just checked my public folder databases (clean install in my lab) and the permissions are same as what you are presenting.
Do you have any other public folders which might be from previous versions of Exchange?
Will.
Do you have any other public folders which might be from previous versions of Exchange?
Will.
ASKER
Will
NO
Only One Public folder Database is listed
NO
Only One Public folder Database is listed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will
That's it..
I was on the Public folders properties not the first organization
Now I see the same thing
I removed the check and I will run another BPA in a while after AD updates the network
That's it..
I was on the Public folders properties not the first organization
Now I see the same thing
I removed the check and I will run another BPA in a while after AD updates the network
ASKER
Will
That did it. Also I finally figured out how to get Public Folder to work on Exchange and in Outlook The BPA helps a lot as do you.
Just need to see how I can get public folders on my iphones etc.
If you get a change can you take a look at my 1033 message
https://www.experts-exchange.com/questions/28616876/Evernt-Id-1033-Windows-2008-Server-w-Exchange-2010.html
I have a thought on that
Thanks again for all your help
That did it. Also I finally figured out how to get Public Folder to work on Exchange and in Outlook The BPA helps a lot as do you.
Just need to see how I can get public folders on my iphones etc.
If you get a change can you take a look at my 1033 message
https://www.experts-exchange.com/questions/28616876/Evernt-Id-1033-Windows-2008-Server-w-Exchange-2010.html
I have a thought on that
Thanks again for all your help
The link below also describes exactly how to propagate permissions to child public folders (half way down in the link)
Also the link below provides examples of how to do this using Exchange Management Shell.
https://technet.microsoft.com/en-us/library/bb691327(v=exchg.141).aspx
Will.