Due to Microsoft’s general move away from Public folders (maybe after Exchange 2010), and my companies investment in Enterprise Vault, it was decided to move away from Public Folders and use Shared Mailboxes.
First create the shared mailboxes:
1. Create shared mailboxes to match the mail enabled Public Folders:
$Mailbox = “Mailbox1”, “Mailbox2”, “Mailbox3”
Foreach ($item in $Mailbox){
New-mailbox –name “$item” –database “First Storage Group\Mailbox Database” -org “<OULoction>” –shared –UserPrincipalName $item@domain.com
}
To use this script, populate the $Mailbox variable with all the mailboxes you want to create, then specify your database and OU locations. The $item variable will be populated by entries in $Mailbox variable, i.e. the UPN for the first entry will be Mailbox1@domain.com (Obviously change the domain.com to your domain).
2. Create a global security group to be used for allocating access to the shared mailbox and then add the security group to the shared mailbox, giving Full Access rights:
Add-MailboxPermission <MailboxName> –User:’<securityGroup>’ –AccessRights:FullAccess
I didn’t script this because I only had about 20 and I would have had to create another variable which would take just as long as running the script 20 times!!
3. Add the AD Send-as permissions:
Foreach ($item in $Mailbox){
Add-ADPermission $mailbox –User “$mailbox_AccessGroup” –ExtendedRights:Send-As –AccessRights:ReadProperty, WriteProperty –Properties:’Personal Information’
}
This used the same $Mailbox variable as the first step.
The Shared Mailboxes are now setup. The key to creating a shared mailbox is in the first step using the -shared switch, this creates a disabled AD user with no password which is designed to boost security.
Once a migration plan and time line was worked out with the business, the actual migration was fairly easy and pain free.
1. In the ‘Public Folder Management Console’ rename the public folder email address to something like %emailAddress%_PF@domain.com, then go to the ‘Exchange Management Console’ and go to the ‘Mailbox’ section under the ‘Recipient Configuration’ section, select the Shared Mailbox and open the properties section and change the email address to match the old address of the public folder. That deals with mail redirection (in this environment anyway, I am sure there are a lot of more complicated environments that need to change gateways, but I am also sure you can figure that out!!)
2. Copy the mail from the public folder to the Shared Mailbox. We just used a straight copy form within Outlook because we were in the same Exchange server and there wasn’t too much to copy. In a previous migration where we were moving to a different Exchange environment, in a different site we merged the mail out to PST then copied the PST to the new site and merged the mail into the new mailbox.
3. Remove the permissions from the old Public Folder. Exchange comes with Powershell scripts for doing recursive changes to Public Folders. For some reason I could only get the scripts to work if I ran them from the directory they were located, so:
Cd “c:\Program Files\Microsoft\Exchange Server\Scripts”
Then if you want to remove the users:
.\RemoveUserFromPFRecursive.ps1 –TopPublicFolder <publicfolder> -User <user>
If you just want to remove the permissions (we selected this option so we could roll back easily):
.\ReplaceUserPermissionOnPFRecursive.ps1 –TopPublicFolder <PublicFolder> –User <User> -Permission none
And that should be that, it is a little bit fiddly and I am sure more of it could be scripted but as we were only migrating 20 Public Folders the time savings to script the process would not have been that great.
-Tim
