Monday, March 27, 2017

Configure Legacy (on-premise) Public Folder Access for a Cloud Mailbox in Hybrid Deployment

While working on a project for on-premise Exchange 2010 SP3 to Exchange Online migration, I came to scenario where users whose mailboxes are migrated to Exchange online required access to Public folder which are homed on on-premise Exchange 2010 Server. An Office 365 user who is not represented by a Mail-user object on-premise AD, won't be able to access legacy on-premise public folder.

I referred to Microsoft TechNet article "Configure legacy on-premises public folders for a hybrid deployment" Article URL which cover all the prerequisites and task which need to be performed however my this blogs contain the step by step guide with detailed snapshots.

My environment-
  • Exchange Server 2010 Service Pack 3 RU 15.
  •  Hybrid with Office 365.
General Prerequisites for Public Folder migration-
  1. Outlook Anywhere should be enabled and functional on the on-premise Exchange 2010 Server.
  2. Exchange online organization is upgraded to latest version which is supported for Public Folder.
  3. Outlook Clients are upgraded to the latest update.
Step 1- Install CAS Server Role on Mailbox Server-
If public folders are on Exchange 2010 or later servers, then we need to install the Client Access Server role on all mailbox servers that have a public folder database. This allows the Microsoft Exchange RpcClientAccess service to be running, which allows for all clients to access public folders.

Step 2- Create empty mailbox database on each public folder server-
New-MailboxDatabase -Server PFServerwithCAS -Name PFMBDB -IsExcludedFromProvisioning $True

Confirm DB-

Step 3- Create Mailbox for Proxy-
Create a proxy mailbox within the new mailbox database and hide the mailbox from the address book. The SMTP of this mailbox will be returned by AutoDiscover as the DefaultPublicFolderMailbox SMTP, so that by resolving this SMTP the client can reach the legacy exchange server for public folder access.

New-Mailbox -Name PFMailbox1 -Database PFMBDB

Provide Password for this mailbox “P@ssw0rd”


Step 4- Hide the mailbox from Address List-

Set-Mailbox -Identity PFMailbox1 -HiddenFromAddressListsEnabled $true

Step 5- Enable Autodiscover to return the proxy public folder mailboxes

Set-MailboxDatabase PFMBDB -RpcClientAccessServer MaiboxServerName

Note- Repeat the preceding steps for every public folder server in your organization.

Step 6- Download Scripts
  • Sync-MailPublicFolders.ps1
  • SyncMailPublicFolders.strings.psd1
Save the files to the local computer on which you’ll be running PowerShell. For example, C:\PFScripts.

Step 7- Configure Directory synchronization-
The Directory Synchronization service doesn’t synchronize mail-enabled public folders. Running the following script will synchronize the mail-enabled public folders across premises. Special permissions assigned to mail-enabled public folders will need to be recreated in the cloud since cross-premise permission are not supported in Hybrid Deployment scenarios.
  • On the legacy Exchange server, run the following command to synchronize mail-enabled public folders from your local on-premises Active Directory to O365.
         Sync-MailPublicFolders.ps1 -Credential (Get-Credential) -CsvSummaryFile:sync_summary.csv

NOTE- Credential is your Office 365 user name and password, and CsvSummaryFile is the path to where you would like to log synchronization operations and errors, in .csv format.

Review the error on the log file to resolve the issue. For me the error was “Proxy addresses is already being used, please choose another proxy address.” I fixed this and everything went well.

Step 8- Configure Exchange Online users to access on-premises public folders
The final step in this procedure is to configure the Exchange Online organization and to allow access to the legacy on-premises public folders. Enable the exchange online organization to access the on-premises public folders. You will point to all the proxy public folder mailboxes that you created.

Connect to Exchange Online and Run below Command-

Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes PFMailbox1

We must wait until Active Directory synchronization has completed to see the changes. This process can take up to 3 hours to complete. However, we can always force directory synchronization at any time. 

Step 8- How do I know this worked?
Log on to Outlook for a user who is in Exchange Online and perform the following public folder tests:
  • View the hierarchy.
  • Check permissions
  • Create and delete public folders.
  • Post content to and delete content from a public folder.