Exchange Server 2010 : Setting Up Public Folders (part 1) - Creating Public Folders & Configuring Public Folder Permissions

Exchange allows for two public folder trees: the Default Public Folders tree and the System Public Folders tree. These folder trees host the following folder types:

• Default Public Folders (IPM_Subtree) The folders in this tree are commonly accessed by users through applications such as Outlook. Administrators create folders under this public folder tree.

• System Public Folders (Non_IPM_Subtree) The folders in this tree are accessed indirectly by users, such as clients using older versions of Outlook accessing the OAB. System folders hosted in this tree include EFORMS REGISTRY, OFFLINE ADDRESS BOOK, and SCHEDULE+ FREE BUSY, as shown in Figure 1.

When designing a public folder hierarchy that will host a large number of public folders, you should aim toward a deep hierarchy rather than a wide hierarchy. A deep hierarchy is one that has many vertically nested folders. A wide hierarchy has many high-level folders but few subfolders nested under each folder. You should favor deep hierarchies over wide hierarchies, as deep hierarchies provide better performance during replication.

1. Creating Public Folders

You use the Public Folder Management Console, which is located in the Toolbox node of the EMC, to create and manage public folders. To create a public folder in the EMC, perform the following general steps:

To create a new public folder using the EMS, use the New-PublicFolder cmdlet. For example, to create a new public folder named Child-Folder under the ExamplePublicFolder on server van-ex2.adatum.com, execute the following command:

New-PublicFolder -Name 'Child-Folder' -Path '\ExamplePublicFolder' -Server 'van-ex2
.adatum.com'

					  

Note:

CREATING PUBLIC FOLDERS

To learn more about creating public folders, consult the following article on TechNet: http://technet.microsoft.com/en-us/library/bb691104.aspx.

2. Configuring Public Folder Permissions

You assign permissions to public folders by assigning roles. The Exchange 2010 predefined public folder roles are Owner, PublishingEditor, Editor, PublishingAuthor, Author, Non-EditingAuthor, Reviewer, and Contributor. These predefined public folder roles are collections of client user access rights. The Owner role includes all client user access rights, whereas the Contributor role includes only two. The following is a list of client user access rights and the roles that hold them:

• ReadItems The user can read items in the public folder. The Owner, PublishingEditor, Editor, PublishingAuthor, Author, Non-EditingAuthor, and Reviewer roles have this right.

• CreateItems The user can post items to the public folder. The user can send email messages to the public folder if the public folder is mail-enabled. The Owner, PublishingEditor, Editor, Publishing Author, Author, Non-EditingAuthor, and Contributor roles have this right.

• EditOwnedItems The user can edit items he or she owns in the public folder. The Owner, PublishingEditor, Editor, Publishing Author, and Author roles have this right.

• DeleteOwnedItems The user can delete items he or she owns in the public folder. The Owner, PublishingEditor, Editor, Publishing Author, and Author roles have this right.

• EditAllItems The user can edit any items in the public folder. The Owner, PublishingEditor, and Editor roles have this right.

• DeleteAllItems The user can delete any items in the public folder. The Owner, PublishingEditor, Editor, and PublishingAuthor roles have this right.

• CreateSubfolders The user can create subfolders in the public folder. The Owner, PublishingEditor, and PublishingAuthor roles have this right.

• FolderOwner The user can view and move the folder, create subfolders, and configure permissions. This access right does not allow the user to read, edit, delete, or create items. Only the Owner role has this right.

• FolderContact The user is the contact for the public folder. Only the Owner role has this right.

• FolderVisible The user can view the public folder but does not have read or edit rights for items in the folder. All roles have this right.

You view and assign permissions to public folders using the EMS. You cannot use the EMC to view information about or assign permissions to public folders. Depending on the type of permission you are viewing, there are two different cmdlets you can use to view public folder permissions. To view administrative permissions settings, use the Get-PublicFolderAdministrativePermission cmdlet. To view client permissions settings, use the Get-PublicFolderClientPermission cmdlet. For example, to view administrative access rights for the Research public folder, issue the following command:

Get-PublicFolderAdministrativePermission -Identity "\Research" | Format-List

					  

Get-PublicFolderClientPermission -Identity "\Research" | Format-List

To assign client permissions to a public folder, use the Add-PublicFolderClientPermission cmdlet. For example, to configure Rooslan with the Publishing Editor permission to the Research folder, issue the following command:

Add-PublicFolderClientPermission -Identity "\Research" -AccessRights PublishingEditor
-User Rooslan

					  

Add-RoleGroupMember -Identity "Public Folder Management" -Member Oksana

You can use the Add-PublicFolderAdministrativePermission cmdlet to assign more detailed permissions than those provided through role group membership. For example, to add the AllExtendedRights permission to Ian for the public folder Development and all folders under it in the public folder hierarchy, issue the following command:

Add-PublicFolderAdministrativePermission -Identity "\Development" -User "Ian"
-AccessRights AllExtendedRights -InheritanceType SelfAndChildren

					  

Note:

MANAGING PUBLIC FOLDER PERMISSIONS

To learn more about configuring permissions for public folders, consult the following article on TechNet: http://technet.microsoft.com/en-us/library/bb310789.aspx.