E2003–2010 Cross-Forest Public Folder Part1 – IORepl

-


E2003 <—> E2010 SP1 – Use IORepl to replcate content of Public Folder (* without Permission)

Inter-Organization Replication Tool (*****)
http://technet.microsoft.com/en-us/library/ee307369(EXCHG.80).aspx#Security

This topic describes the Inter-Organization Replication tool, which was first released as part of Microsoft Exchange Server 5.5 Service Pack 3 (SP3), with an updated version for Microsoft Exchange 2003. The tool is also compatible with Exchange Server 2007 and with Microsoft Exchange Server 2010 Service Pack 1 (SP1).

The Inter-Organization Replication tool is used to replicate free/busy information and public folder content between Exchange organizations. It enables the coordination of meetings, appointments, contacts, and public folder information between disjointed Exchange organizations.

The tool consists of two programs: the Replication Configuration program (Exscfg.exe) and the Replication service (Exssrv.exe). The Replication Configuration program creates a configuration file for setting the replication frequency, logging options, folders to be replicated, and accounts to be used. The Replication service uses a configuration file that is created by the Replication Configuration program to continuously update information from one server (designated as the Publisher) to one or more Exchange servers (designated as Subscribers).

Schedule+ free/busy information is replicated from Publisher to Subscriber only. Because of this, you must have two free/busy sessions to bidirectionally update free/busy information. Public folders can be replicated bidirectionally between Publisher and Subscriber. You can configure the replication frequency, the logging of message and folder replication, and how much processing power you want devoted to the replication process.

Preparing the Publisher Server

The first step to prepare an Exchange server to be a Publisher. The Publisher server collects information from an Exchange organization and packages it. Then, the Publisher sends the information to the Subscriber Exchange servers outside the Exchange organization based on a schedule that you create. The Publisher can be considered the source server from which the information is being replicated.

To prepare the Publisher server, you must create a service account and mailbox account for the Inter-Organization Replication tool to use during the replication process. The mailbox should reside on the Publisher server. You must also assign the appropriate permissions to the service account and the mailbox and create a public folder for the tool to use during replication.

clip_image001Important:

The service account and mailbox account that you create must be listed as owners of each public folder and subfolder that you want to replicate, on either the Publisher or the Subscriber.
clip_image002
clip_image003
This lets the Inter-Organization Replication tool replicate anonymous and default permissions from one organization to the other. You can use Microsoft Office Outlook or Exchange System Manager to change the ownership and permissions of public folders. For free/busy replication, you will have editor permissions on the free/busy folder. This is sufficient to prepare the Publisher for this scenario.

To prepare the Publisher server for inter-organization replication in Exchange 2003 organizations

  1. Create a Windows NT account and an associated Exchange mailbox for the tool to use as a MAPI service account. Create the mailbox on a mailbox store on the Publisher server. Make sure that the Display Name is unique in the Active Directory forest.
  2. For every public folder and every schedule+free/busy system folder that is to be replicated between organizations, use Exchange System Manager to make sure that a replica exists on the Publisher server.
  3. You can use Outlook or Exchange System Manager to add the service account mailbox that you created as an owner for every top-level public folder and subfolder you want to replicate. You do not have to change the default permissions on the Schedule+ Free/Busy folders.
    clip_image004
  4. You can use Exchange System Manager to create a public folder named ExchsyncSecurityFolder in the root public folder and to grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers.
    clip_image006
  5. You can use Outlook to log on to the MAPI service account to initialize the mailbox on the server. This step verifies that your permissions and access are correct.
    clip_image007

Preparing the Subscriber Server

A Subscriber is an Exchange server to which you want to replicate information by using the Inter-Organization Replication tool. To configure a Subscriber, you must create a Windows NT account and an associated Exchange mailbox that the tool can use as a service account. Additionally, you must create the top-level public folders that the tool needs for the replication process. A replica of every free/busy folder in the subscriber organization should exist on the Subscriber server if you are replicating free/busy data.

For Exchange 2010 or Exchange 2007, management is performed by using either the Exchange Management Console or the Exchange Management Shell. Use either management tool to perform the following steps. Outlook and Public Folder DAV-Based Administration (PFDavAdmin) may also be used to create public folders and configure permissions on public folders.

To prepare the Subscriber server for inter-organization replication in Exchange 2007 or Exchange 2010 organizations

  1. Create a Windows account and an associated Exchange mailbox for the Inter-Organization Replication tool to use as a service account. Make sure that the Display Name is unique in the Active Directory forest. For more information, see New-Mailbox.
    clip_image008
  2. Create a new public folder database on the Subscriber server if a public folder store does not already exist.

New-PublicFolderDatabase -name "<Public Folder Database Name>" -storagegroup "<Storage Group Name>"

For more information, see New-PublicFolderDatabase.

3. You can use Outlook to log on to the MAPI service account and initialize the mailbox on the server to verify that your permissions and access are correct.
clip_image009

4. Create a top-level folder for every part of the folder hierarchy that you are replicating. You do not have to create subfolders on the Subscriber server. The tool will create subfolders automatically.

New-PublicFolder -Name <Top-Level Folder>

For more information, see New-PublicFolder.
clip_image010

5. If you are replicating free/busy data, add a replica of each free/busy folder in the Subscriber organization to the Subscriber server.

For more information, see Set-PublicFolder.

6. Grant Publishing Editor permission for each top-level folder to the service account mailbox that you created.

Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:PublishingEditor -Identity "\<Top-Level Folder>"

For more information, see Add-PublicFolderClientPermission.
clip_image011

7. Create a public folder named ExchsyncSecurityFolder in the root public folder and grant Folder Visiblepermissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers. To create a new top-level public folder named ExchsyncSecurityFolder, use the following Management Shell cmdlet:

New-PublicFolder -Name "ExchsyncSecurityFolder"

For more information, see New-PublicFolder.

8. To set the appropriate permissions on the ExchsyncSecurityFolder, use the following Management Shell cmdlets:

9. Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:FolderVisible -Identity "\ExchsyncSecurityFolder"

10. Remove-PublicFolderClientPermission -User Default -AccessRights:Author -Identity "\ExchsyncSecurityFolder"

Remove-PublicFolderClientPermission -User Anonymous -AccessRights:CreateItems -Identity "\ExchsyncSecurityFolder"

For more information, see Add-PublicFolderClientPermission and Remove-PublicFolderClientPermission.
clip_image012

11. Using Outlook, log on to the MAPI service account to initialize the mailbox on the server and to verify that your permissions and access are correct.

clip_image013Note:

A server can be both a Publisher and a Subscriber if you are replicating both ways.

Installation and Configuration Phase

There are several installation requirements that you must meet before deploying the Inter-Organization Replication tool. A common misconception is that each Exchange organization that acts as a Publisher should host its own running instance of the Inter-Organization Replication tool. Although this may be an acceptable configuration, only one running instance of the tool is required.

clip_image014 System Requirements

Computers that will host the Inter-Organization Replication Configuration tool and the Replication service should be joined to a Windows domain and must meet the following operating system requirements:

  • Microsoft Windows 2000 Server Service Pack 3 or a 32-bit version of Windows Server 2003 with any service pack.
  • Windows Server 2008 is not supported.

Additionally, Exchange Server or the Exchange Management Tools must be installed.

For example, you can install the Inter-Organization Replication Configuration tool on the following configurations:

  • On a server that is running Exchange Server 2003 with Service Pack 2
  • On a non-Exchange server that has the Exchange 2003 System Management Tools

Also, note the following:

  • Installation of this Inter-Organization Replication tool on a computer that is hosting an Exchange 2007 server role is not supported.
  • Installation of the Inter-Organization Replication tool on a computer that has the MAPI/CDO library is not supported.
  • You should not install the Inter-Organization Replication tool on any computer that has ever had any version of Outlook installed.
  • A trust relationship is not required between the participating Exchange organizations.
  • If you are replicating information to a server that is running Exchange 2010 Service Pack 1 (SP1), the Exchange 2010 SP1 server must have at least the Mailbox role and the CAS role installed.
  • One of the replication endpoints must be an Exchange 2003-based public folder server.

clip_image013[1]Note:

Although replication may work among pure Exchange 2010 or Exchange 2007 organizations, this configuration has not been tested. Therefore, it is an unsupported configuration.

clip_image002

clip_image004

clip_image006[5]

clip_image008

clip_image010
clip_image012
clip_image014
clip_image016
clip_image018

Comments

Post a Comment

Popular posts from this blog

E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

-
Image
  Exchange 2013 CU3 The naming context is in the process of being removed or is not replicated http://technet.microsoft.com/en-us/library/replication-error-8452-the-naming-context-is-in-the-process-of-being-removed-or-is-not-replicated-from-the-specified-server(v=ws.10).aspx   C:\> REPADMIN /SHOWREPS Root\RDC01 DSA Options: IS_GC Site Options: (none) DSA object GUID: f1694974-47c4-4555-a214-db3c86854aeb DSA invocationID: f1694974-47c4-4555-a214-db3c86854aeb ==== INBOUND NEIGHBORS ====================================== CN=Schema,CN=Configuration,DC=lab7,DC=root     TW\AD02 via RPC         DSA object GUID: bfcc1053-e1da-46fd-8b9d-179c79921331         Last attempt @ 2013-12-19 17:
Read more

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

-
Image
Released: January 2023 Exchange Server Security Updates https://techcommunity.microsoft.com/t5/exchange-team-blog/released-january-2023-exchange-server-security-updates/ba-p/3711808 https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ 1.  Update KB5022143 (Exchange SU) 2. Run latest HealthCherker 3.  PowerShell Serialization Payload Signing https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/SerializedDataSigningCheck/ Certificate signing of PowerShell serialization payload in Exchange Server https://support.microsoft.com/en-us/topic/certificate-signing-of-powershell-serialization-payload-in-exchange-server-90fbf219-b0dd-4b2c-8a68-9d73b3309eb1 4.  MonitorExchangeAuthCertificate    https://microsoft.github.io/CSS-Exchange/Admin/MonitorExchangeAuthCertificate/ 5.                 New-SettingOverride -Name "EnableSigningVerification" -Component Data -Section EnableSerializationDataSigning -Parameters @("Enabled=true&qu
Read more

E14–Bulk Create Mail Contact & Set-Contact

-
Image
  http://community.office365.com/en-us/w/exchange/579.aspx     Get-Contact | Export-Csv c:\temp\contact.csv Get-MailContact | Export-Csv c:\temp\Mailcontact.csv   [PS] Import-Csv .\Contact_Source.csv | % {New-MailContact -Name $_.Name -DisplayName $_.DisplayName -ExternalEmailAddress $_.ExternalEmailAddress -Alias $_.Alias -PrimarySmtpAddress $_.PrimarySMTPAddress -OrganizationalUnit "Contacts" -WhatIf }   [PS] >$Contacts = Import-Csv .\Contact_final.csv [PS] >$Contacts | foreach {Set-Contact $_.Name -Company $_.Company -Department $_.Department -Office $_.Office -Phone $_.Phone }
Read more