Need to recreate public folders due to broken permissions
When our exchange server (2007) was set up, an unknown third party utility was leveraged which caused the public folder permissions to work incorrectly. In addition, it appears to have removed several key components from ADSI such as the cn=public folder hierarchy. The result is I seem limited in what I can accomplish in ADSIedit and PFDAVAdmin will not connect to public folders (though it does work on the mailboxes). After much reading, it seems the best solution is to delete the public folder database and storage group and then recreate it allowing the system to replace all the broken parts and pieces with working ones. I think I understand the steps to do this and it should be eased by the fact that the folders where never populated with any valid information, but the problems are this: When I made my first attempt this AM, the first thing I was "told" was that I could not delete a public folder db associated with an OAB. I found that the offline address book was set to distribute through public folders. I get how to undo this (and did) with the result that many of the clients are now getting an object not found error when they send receive. I have put everything back the way that I found it, updated the OAB in the EMC and I suspect this will resolve within 24 hours ???????? Correct?????? My question is, how do I do remove these public folders without users receiving disturbing error messages? Also, how much time to I have to advise the users that the system will not be fully functional? We have only the one set of public folders in a separate storage group from the mailbox store. The clients are set to retrieve the OAB upon send/receive, so if this process is going to take up to 24 hours, is this "error" just one they will have to live with? If I uncheck distribute via public folders won't the clients then be completely lost when they attempt to sync/download the address book? We do run OWA and I see where I can set the OAB distribution point to be the default web site. Will this work for Outlook clients as well as OWA clients? The next problem I ran across was that I could not remove the DB because it "contained replicas" and I should move them to another server first. However, I do not have any other server, just one. I found a MS article (201664) with Shell commands to delete first the user folders (there aren't any) and then the system folders from the public DB continuing on error. Supposedly, I will then be able to remove the DB without issue. This is where I have to admit that I am not an exchange administrator, the shell and it's syntax are greek to me and am basicly terrified of inadvertantly deleting something that will kill the system. Is there any possibility that the Remove-PublicFolder cmdlt will affect anything else in the system? I guess my question is can someone give detailed step by step instructions for a novice Exchange admin to allow me to benignly remove and recreate the public folder database and it's storage group - preferably keeping it transparent to the users? I would be very grateful for any help !!!!!
October 14th, 2009 10:12pm

I assume that client version is outlook 2003, since only previous version of outlook than outlook 2007 need to use public folder to retrieve OAB. If client version is outlook 2003, and you are attempting to remove the only public folder database in the organization, users must receive error information when trying to download to OAB files (And retrieve Free/Busy data, which is also provided by public folder on previous version of outlook than outlook 2007). The KB 201664 you posted leaded me to a KB called OL2000: Custom Form Icon Does Not Display? “If you want to remove the last public folder database in your organization, you must first make sure that your organization does not contain any servers running Exchange Server 2003 or earlier. In addition, if you remove the last public folder database, only users running Microsoft Office Outlook 2007 or Outlook Web Access will be able to connect to your Exchange organization” ------------Refer to <Removing Public Folder Databases> So, per my knowledge, the disturbing won’t be avoided if you are trying to remove the current public folder database and create a new one, unless you manually repair the public folder entries in the configuration container. To recreate the database is the easier method, but it will make a lot impact to client experience. If you choose this method, please see this article. The consumed time is variable, determining on the time cost of the entire procedure Another method would be to fix the public folder entries in the configuration container, though it’s a long shot. You can try the answer in this thread Resources: How to Create a New Public Folder Database
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2009 10:03am

Another method would be to fix the public folder entries in the configuration container, though it’s a long shot. You can try the answer in this thread This could actually work. It did for us. Our problem on a CCR cluster was that the Public Folders could not be mail-enabled. We contacted Microsoft Product Support Services (which was a pleasure to use) and were presented with exactly the same recipe and the same error. There is no msExchclassContainer. It should be msExchContainer! Just follow the procedure slavish. Won't require more than 5 minutes or so. Restart the information store.Since Public folders are messed up in the first place, I would definitively opt for this procedure before you attempt to remove and recreate them. 5. Created the "Folder Hierarchies" under the Exchange Administrative Group: 1. Right click on Exchange Administrative Group 2. Select New Object 3. Select msExchclassContainer for the class and click Next 4. Enter the following for the value: Folder Hierarchies, click Next 5. Click Finish Jon-Alfred Smith MCTS: Messaging | MCSE: S+M
October 15th, 2009 10:39am

Thank you both for your replies. For some reason my alert did not alert me and I am just finding them now..... Anyway, in the meantime I decided to try another approach to the issue and I stumbled upon this solution (recreating the containers, etc. via ADSI edit). It sound great and I have high hopes. However, being as I am hesitant to do anything that might have crippling effects, I am a bit hesitant about making changes using this tool (dire warnings and all). But, I have found many people who have had this AD problem resulting a variety of symptoms and this seems to be a successful solution. Perhaps it can even get the MAPI permissions to work again in my PFs ??????? One question/concern - part of the process seems to be to restart the information store service (or is full reboot required?). If this is done, any guidance as to how long it is going to take for Exchange to have all it's parts and pieces functional again? In other words, what should be the extent of the impact on connected users? Again, I can't thank both of you enough, Andi
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2009 9:13pm

Basically I think you should test both methods on a virtual machine. I would have opted for ADSI Edit first. That is actually what I did: Installed Exchange on VMware Fusion of my MacBook Pro with identical forest / domain name. Took a snapshot. Recreated the errors in the configuration container. New snapshot. Tested the proposed solution. Saw that it worked. Went back and documented everything. I had two hours of planned downtime on our production system (CCR cluster). It took about ten minutes, working very slowly. It was only a matter of copy and paste from the documentation. Up front we took a new backup of the system state on one of the domain controllers, so in the event everything would blow, we would be able to perform an authoritative restore.Don't remember exactly if it really was necessary to restart the information store. I did for good measure (and fail-over/fail back on the CCR cluster), but I think it will suffice with dismounting and remounting the public folders. After that everything has been working without a hitch.I'm not sure if removing and reinstalling the public folders will solve your problem. Something might still be messed up in the Active Directory configuration partition. Don't know. But removing the only public folders with Outlook 2003 clients will lock them out. An external consultant who was to fix the issue, demonstrated this in a quite convincing way during work hours.Fail-over took under 30 seconds, the same with fail-back (which implies a restart of the information store). Deactivated VSAPI Antivirus beforehand. P.S. Microsoft Product Support Services told me to run this command before doing anything else:But you can specify a DC in the command and run it on an Exchange like: repadmin.exe /showmeta “CN=Public Folders,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=adr,DC=recgroup,DC=com” DC1DC1 is one of your domain controllers. This can provide some information on what has gone wrong with your public folders Jon-Alfred Smith MCTS: Messaging | MCSE: S+M
October 16th, 2009 12:04am

Thank you again. I am going to try this solution but will not be able to do so until at least the middle of next week. First and foremost I want to make sure that we have that System State backup and it seems that is configured to run only on a domain controller that has recently been demoted and no longer has a copy of the global catalog (guess you need a special license for this backup?). Obviously that needs to be rectified and then I will try this and let you know how it works. Andi
Free Windows Admin Tool Kit Click here and download it now
October 16th, 2009 5:20pm

Not yet. My CIO is fine with the plan but wants to discuss it at our department meeting first which has been pushed out until Thursday. The person in charge of system state backup has been in training all week. So, I am hoping that I might have something for the group by next Monday?
October 21st, 2009 3:16pm

Thanks to everyone for their patience. I finally got to implement the ADSI edit solution today and it worked like a charm!!!!! Public folders are now functioning.
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2009 11:56pm

Cool!!James Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com
December 2nd, 2009 4:01am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics