E2003–2010 Cross-Forest Public Folder Part2 – Migrating Permission

-

 

http://blogs.technet.com/b/exchange/archive/2011/03/28/iorepl-and-exchange-2010-sp1.aspx 

Migrating Permissions

Once the preparation, installation, configuration and testing phases are complete and you are successfully able to replicate public folders and free/busy content between Exchange organizations, the next phase is to export Public folder permissions. In order to do that, we need PFDAVAdmin to export permissions on Exchange 2003 side andExFolders to import permissions on Exchange 2010 side.

Note: It's important to retain public folder replicas on Exchange Server 2003 until all mailboxes have been migrated to Exchange Server 2010. This is to allow for access to public folders via Exchange 2003 OWA as well as Exchange 2010 Outlook Web App. It's assumed that you have already followed the steps to move mailboxes cross forest as explained in Exchange 2010 Cross Forest Mailbox Moves.

You can use either the legacyExchangeDN or the account name (Domain\User) while exporting Public Folder permissions using PFDAVAdmin. Since the PrepareMoveRequest script will update the source object'sproxyAddresses to include the target object's legacyDN as X500 address, it's straightforward to just use thelegacyExchangeDN. Otherwise, you'll need to edit the domain name in the exported "Account name" file to match the Exchange 2010 domain.

 

1. Microsoft Exchange Server Public Folder DAV-based Administration Tool
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22427

clip_image002

Exchange 2010 SP1 ExFolders

  • http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
    ExFolders must be run from an Exchange 2010 server - it cannot be run from a workstation as PFDAVAdmin could. It can connect to Exchange 2010 or Exchange 2007, but not older versions.
  • Remove Item-Level Permissions is gone, because there are no item-level permissions in Exchange 2007 or 2010.
  • DACL fix functionality is gone. With no WebDAV and no M: drive, non-canonical DACLs should be practically unheard of.
  • Permissions export format between PFDAVAdmin and ExFolders are compatible.

2.
clip_image004

3.
clip_image005

4.
clip_image006

5.

Microsoft Exchange Server Public Folder DAV-based Administration Tool

Updated   April 4, 2007

The Microsoft® Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool, version 2.8 (PFDAVAdmin 2.8) is an Exchange Server tool that you can use to perform several tasks related to public folder management. Tasks include the following:

· Modify folder permissions on folders in the MAPI tree by using an interface similar to Exchange System Manager (ESM).

· Propagate the addition, replacement, or removal of one or more access control entries (ACEs) in the public folder tree without overwriting the entire access control list (ACL).

· Fix non-canonical (does not follow standards) and otherwise damaged discretionary access control lists (DACLs) on folders in bulk.

· Export and import folder permissions on public folders and mailboxes.

· Export and import replica lists.

· Propagate changes to the replica list in the tree without overwriting.

· Look for and remove item-level permissions in bulk.

· Look for event registrations.

· Exceed the limits imposed by the ESM user interface for values on the Limits tab.

· Display and modify folder properties in bulk.

· Modify folder permissions in bulk selectively on folders by creating filters.

· Modify the permissions of the Calendar folder in bulk.

6.
If you select Public Folders, PFDAVAdmin tries to connect to the public store on the target Exchange server over Secure Sockets Lauer (SSL) port 443 port and to populate the navigation pane with the top-level folders. If this connection fails, PFDAVAdmin retries the connection using port 80 (non-SSL).

7.

System Requirements

PFDAVAdmin 2.8 must be run on a computer that has the following:

· .NET Framework 1.1

clip_image007Note:

You can run PFDAVAdmin if you also have .NET Framework 2.0 on your computer. However, you do not have to have version 2.0 on the computer, but you must have .NET Framework 1.1 installed.

· Microsoft Windows® 2000 Server, Windows XP, or Windows Server™ 2003, Windows™ Vista

· Exchange 2000 Server, Exchange Server 2003, or Exchange Server 2007

8.
clip_image008
clip_image009

9.
clip_image010
clip_image011

10.
http://social.technet.microsoft.com/Forums/en-US/exchangesvr3rdpartyapps/thread/abfc328c-00c1-48ee-8a45-e9b8d50779a3/
. I again use the InterOrg Replication Tool to achieve this. This allow single or bi-directional replication between Exchange Orgs. Note it is only support officially in Exchange 2010 SP1 and only then under these circumstances here: http://blogs.technet.com/b/exchange/archive/2011/03/28/iorepl-and-exchange-2010-sp1.aspx

To ensure you setup the relevant Public Folder permissions you use PFDavAdmin and ExFolders for SP1 to export and import Public Folder permission structures. I recommend exporting via LegacyExchangeDN – as this is capture during the Prepare-MoveRequest process and added to Target Forest users as an X500 address.

11.
clip_image012
clip_image013
clip_image014 clip_image015 clip_image017


Exchange 2010 SP1 ExFolders

ExFolders Tool Readme

12.

1. INSTALLATION:

- ExFolders must be run from an Exchange Server 2010 machine with the Microsoft Exchange Active Directory Topology service, which means it will not currently run on a tools-only install. This might change in the future.

- ExFolders.exe must be placed in the server's Exchange \bin folder. If you try to run it from anywhere else, it will simply crash.

- This build is not signed. In order to allow it to run, you can import the included .reg file on the server where you want to run the tool or run "sn -Vr ExFolders.exe" (using the 64 bit version of the SN tool) to allow it to launch. If you don't, it will crash. To read more about the SN tool, please go here: http://msdn.microsoft.com/en-us/library/k5b5tt23.aspx

2. VARIOUS TOOL NOTES:

- ExFolders can connect to stores on Exchange 2010 or 2007 only, both mailbox and public stores. Connection to Exchange 2003 and earlier is not possible (use PFDAVAdmin for that)

- ExFolders can now connect to more than one mailbox store at a time; just ctrl-click or shift-click to select multiple stores. This allows you to operate against multiple servers or every single mailbox in the org all at once if you need to do so.

- You'll notice the Tools menu now gives you the option to Export Item Properties, which allows you to export item properties to a tab-delimited file (just like the Export Folder Properties option). Item property imports are not implemented.

- Folder property imports are implemented. Tools -> Import, just like any other import. Note that the default property list in Export Folder Properties contains a lot of properties that are not writable, so if you turn around and try to import that same file, you will see a lot of errors. Any properties that are not writable (other than the Folder Path) should be removed from the file before importing.

- The old Property Editor has been changed to Bulk Property Editor, and a new Property Editor has been added, which is better-suited to editing properties on a single folder or item. Also note you can File -> Save to save the window contents to a file.

- The permissions interface, including the Folder Permissions GUI and exports/imports, supports the special Free/Busy rights on Calendar folders. Exports/Imports have two new keywords, FreeBusyDetails and FreeBusyBasic.

- The format of mailbox folder paths in imports/exports has changed, so mailbox exports from PFDAVAdmin cannot be imported with ExFolders, and vice-versa.

- Set Calendar Permissions will throw an error and not make any changes to a mailbox if it doesn't find the FreeBusy Data folder in the mailbox root, which means the user has never logged on to the mailbox. This is by design (because if we set rights on the Calendar folder and the FreeBusy Data folder later gets created, the permissions won't match).

- When you connect to mailboxes, some folders will appear in blue. These are search folders. They are ignored when you run Content Report.

- Set Calendar Permissions and Item Property Export are not currently exposed through Custom Bulk Operation.

image

Replce netbios of target domain.

image

Comments

  1. Jhon DrakeApril 1, 2015 at 7:06 PM

    This comment has been removed by the author.

    ReplyDelete
  2. james marshJune 18, 2018 at 1:37 AM

    Nice article, it describe that how to migrate cross forest public folder. It is very useful to public folder migration between two domain purpose, I found the automated migrator tool ( https://softcart.wordpress.com/exchange-server-migration/ ) which allows to migrate targeted content or chosen items between exchange server and allows to cross-forest and intra-forest migration.

    ReplyDelete

Post a Comment

Popular posts from this blog

E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

-
Image
  Exchange 2013 CU3 The naming context is in the process of being removed or is not replicated http://technet.microsoft.com/en-us/library/replication-error-8452-the-naming-context-is-in-the-process-of-being-removed-or-is-not-replicated-from-the-specified-server(v=ws.10).aspx   C:\> REPADMIN /SHOWREPS Root\RDC01 DSA Options: IS_GC Site Options: (none) DSA object GUID: f1694974-47c4-4555-a214-db3c86854aeb DSA invocationID: f1694974-47c4-4555-a214-db3c86854aeb ==== INBOUND NEIGHBORS ====================================== CN=Schema,CN=Configuration,DC=lab7,DC=root     TW\AD02 via RPC         DSA object GUID: bfcc1053-e1da-46fd-8b9d-179c79921331         Last attempt @ 2013-12-19 17:
Read more

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

-
Image
Released: January 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808 https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ 1.  Update KB5022143 (Exchange SU) 2. Run latest HealthCherker 3.  PowerShell Serialization Payload Signing https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ Certificate signing of PowerShell serialization payload in Exchange Server https://support.microsoft.com/en-us/topic/certificate-signing-of-powershell-serialization-payload-in-exchange-server-90fbf219-b0dd-4b2c-8a68-9d73b3309eb1 4.  MonitorExchangeAuthCertificate    https://microsoft.github.io/CSS-Exchange/Admin/MonitorExchangeAuthCertificate/ 5.                 New-SettingOverride -Name "EnableSigningVerification" -Component Data -Section EnableSerializationDataSigning -Parameters @("Enabled=true&qu
Read more

E14–Bulk Create Mail Contact & Set-Contact

-
Image
  http://community.office365.com/en-us/w/exchange/579.aspx     Get-Contact | Export-Csv c:\temp\contact.csv Get-MailContact | Export-Csv c:\temp\Mailcontact.csv   [PS] Import-Csv .\Contact_Source.csv | % {New-MailContact -Name $_.Name -DisplayName $_.DisplayName -ExternalEmailAddress $_.ExternalEmailAddress -Alias $_.Alias -PrimarySmtpAddress $_.PrimarySMTPAddress -OrganizationalUnit "Contacts" -WhatIf }   [PS] >$Contacts = Import-Csv .\Contact_final.csv [PS] >$Contacts | foreach {Set-Contact $_.Name -Company $_.Company -Department $_.Department -Office $_.Office -Phone $_.Phone }
Read more