Contents
Overview 1
Introduction to Public Folders 2
Configuring Public Folder Permissions 15
Managing Public Folder Replication 24
Introducing the Public Folder Replication
Process 32
Setting Public Folder Policies 40
Demonstration: Creating Public Folder
Policies 41
Lab A: Creating and Configuring
Public Folders 42
Lab B: Public Folder Replication 48
Review 54

Module 6: Creating and
Managing Public
Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Information in this document is subject to change without notice. The names of companies,
products, people, characters, and/or data mentioned herein are fictitious and are in no way intended
to represent any real individual, company, product, or event, unless otherwise noted. Complying
with all applicable copyright laws is the responsibility of the user. No part of this document may
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of Microsoft Corporation. If, however, your only

means of access is electronic, permission to print one copy is hereby granted.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

 2000 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, BackOffice, Jscript, NetMeeting, Outlook, Windows, and Windows
NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or
other countries.

Other product and company names mentioned herein may be the trademarks of their respective
owners.

Program Manager: Steve Thues
Product Manager: Megan Camp
Instructional Designers: Bill Higgins (Volt Technical), Jennifer Morrison, Priya Santhanam
(NIIT (USA) Inc), Samantha Smith, Alan Smithee
Instructional Software Design Engineers: Scott Serna
Subject Matter Experts: Krista Anders, Megan Camp, Chris Gould (Global Logic Ltd),
Janice Howd, Elizabeth Molony, Steve Schwartz (Implement.Com), Bill Wade (Wadeware LLC)
Technical Contributors: Karim Batthish, Paul Bowden, Kevin Kaufman, Barry Steinglass,
Jeff Wilkes
Graphic Artist: Kimberly Jackson (Independent Contractor)
Editing Manager: Lynette Skinner
Editor: Kelly Baker
Production Manager: Miracle Davis
Build Manager: Julie Challenger

Production Support: Marlene Lambert (Online Training Solutions, Inc)
Test Manager: Eric Myers
Courseware Testing: Robertson Lee (Volt)
Creative Director, Media/Sim Services: David Mahlmann
Web Development Lead: Lisa Pease
CD Build Specialist: Julie Challenger
Localization Manager: Rick Terek
Operations Coordinator: John Williams
Manufacturing Support: Laura King; Kathy Hershey
Lead Product Manager, Release Management: Bo Galford
Lead Product Manager, Messaging: Dave Phillips
Group Manager, Courseware Infrastructure: David Bramble
Group Product Manager, Content Development: Dean Murray
General Manager: Robert Stewart


Module 6: Creating and Managing Public Folders iii

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Instructor Notes
This module provides students with the information necessary to create and
manage public folders in Microsoft
®
Exchange 2000.
After completing this module, students will be able to:
!
Describe the features of public folders and the advantages of multiple public
folder trees, and create and configure public folders and public stores.
!

Configure public folder permissions for the parent folder and describe how
permissions are propagated to subfolders.
!
Create and monitor a public folder replica, and enable a public folder
referral.
!
Use message state information to determine whether a public folder is
synchronized, to identify information stores maintaining replicas, and to
resolve content conflicts.
!
Apply public folder policies to the information store and explain conditions
under which multiple policies can be applied.

Materials and Preparation
This section provides the materials and preparation tasks that you need to teach
this module.
Required Materials
To teach this module, you need the following:
• Microsoft PowerPoint
®
file 1572A_06.ppt

Preparation Tasks
To prepare for this module, you should:
!
Read all of the materials for this module.
!
Complete the labs.
!
Practice the demonstrations.

!
Practice using the PowerPoint presentation.

Presentation:
60 Minutes

Lab:
60 Minutes
iv Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Module Strategy
Use the following strategy to present this module:
!
Introduction to Public Folders
In this section, the module begins by introducing the features of public
folders in Exchange 2000, as well as how to create and configure public
folders. You will discuss the advantages of Exchange 2000 support of
multiple public folder trees and how students can support this feature. You
will then discuss configuring public stores when creating multiple public
folder trees, as well as setting up public folders in the Active Directory
™

directory service.
!
Configuring Public Folder Permissions
In this section, you will present the principles that Exchange 2000 uses in
the new security model, as well as how to grant permission to an entire
public folder tree. You will then examine the four categories of permissions

and the differences between item and property permissions.
!
Managing Public Folder Replication
In this section, you will assist students in defining public folder replication
and examine the process of replication. You will examine the process of
creating a public folder replica through discussion and online
demonstration. You will then discuss how to monitor the public folders
replicated to ensure that the replication process is functioning properly.
!
Introducing the Public Folder Replication Process
In this section, you will discuss the various processes involved in the
replication of public folders, as well as how to deal with content conflicts.
!
Setting Public Folder Policies
In this section, you will discuss the advantages of using policies and the
types of settings for which policies can be established.

Module 6: Creating and Managing Public Folders v

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.

The labs in this module are also dependent on the classroom
configuration that is specified in the Customization Information section at the
end of the Classroom Setup Guide for course 1572A, Implementing and

Managing Microsoft Exchange 2000.

Lab Setup
The following list describes the setup requirements for the labs in this module.
Setup Requirement 1
The labs in this module require Exchange 2000 and a custom MMC. To prepare
student computers to meet this requirement, perform one of the following
actions:
!
Complete the labs for Module 2, “Installing Microsoft Exchange 2000,” in
course 1572A, Implementing and Managing Microsoft Exchange 2000.
!
Install Exchange 2000 at D:\Program Files\Exchsrvr on each server into an
organization named Northwind Traders. Components installed are Microsoft
Exchange Messaging and Collaboration Services, Microsoft Exchange
System Management Tools, and Microsoft Exchange Instant Messaging
Service. Have the students create a custom MMC in the C:\Documents and
Settings\All Users\Desktop that is saved as your_firstname Console. The
MMC contains the Active Directory Users and Computers snap-in and the
Exchange System snap-in.

Setup Requirement 2
The labs in this module require a custom OU, a user account for each student, a
mailbox for each student, an Outlook profile, and for the Domain Admins group
to be delegated full control of the organization. To prepare student computers to
meet this requirement, perform one of the following actions::
!
Complete the labs for Module 3, “Administering Microsoft Exchange
2000,” in course 1572A, Implementing and Managing Microsoft Exchange
2000.

!
Create an organizational unit in Active Directory that is named
your_servernameOU for each server in the classroom. Create a user account
in each server’s OU for each student. The account is a member of the
Domain Admins group and has a mailbox on the student’s Exchange server.
Create an Outlook profile for each student on their own server that opens
their mailbox. Delegate the full administrator role on the Northwind Traders
organization

Importan
t

vi Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Lab Results
Performing the labs in this module introduces the following configuration
changes:
!
A public folder named your_servername Folder is created by each student
with permissions assigned to allow a partner to review it but does not allow
anonymous or default access.
!
A distribution group is created by each student, and the public folder is
added as a member.
!
A public folder named your_servername HR Folder is created by each
student and is replicated with a partner.
!

A public folder tree named your_servername Folder Tree containing a
folder named Sales Information is created by each student.
!
A public folder store named 2
nd
Public Folder Store is created by each
student.
!
The M:\ drive of each student machine is shared as IFS and a drive is
mapped to the share.

Module 6: Creating and Managing Public Folders 1

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Overview
!
Introduction to Public Folders
!
Configuring Public Folder Permissions
!
Managing Public Folder Replication
!
Introducing the Public Folder Replication Process
!
Setting Public Folder Policies


Public folders are an integral part of most messaging systems. Understanding
the features and architectural elements of public folders in Microsoft

®
Exchange
2000, in addition to how to create and manage public folders, enables you to
develop an environment in which users can access and use data efficiently and
productively.
After completing this module, you will be able to:
!
Describe the features of public folders and the advantages of multiple public
folder trees, and create and configure public folders and public stores.
!
Configure public folder permissions for the parent folder and describe how
permissions are propagated to subfolders.
!
Create and monitor a public folder replica, and enable a public folder
referral.
!
Use message state information to determine whether a public folder is
synchronized, to identify information stores maintaining replicas, and to
resolve content conflicts.
!
Apply public folder policies to the information store and explain conditions
under which multiple policies can be applied.

Topic Objective
To provide an overview of
the module topics and
objectives.
Lead-in
In this module you will learn
about public folders as an

integral part of most
messaging systems.
2 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

#
##
# Introduction to Public Folders
!
Exchange 2000 Public Folder Features
!
Creating Public Folders
!
Configuring Public Folders
!
Supporting Multiple Public Folder Trees
!
Configuring Public Stores
!
Public Folders in Active Directory


A public folder is a repository for many different types of information that can
be shared among users in an Exchange organization. When a public folder is
used in combination with customized forms, it becomes the basis for
collaboration applications such as bulletin boards, discussion groups, customer
tracking systems, and so on. You create and manage public folders by using
either client software, like Outlook 2000, or the Exchange System Manager.
The client provides for basic configuration, while Exchange System Manager

enables in-depth control over the behavior of the folder.
It is important to understand the use of public folders so you can mange your
information storage and retrieval effectively.
Topic Objective
To provide an overview of
public folder topics.
Lead-in
A public folder is a
repository for many different
types of information that can
be shared among users in
an Exchange organization.
Module 6: Creating and Managing Public Folders 3

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Exchange 2000 Public Folder Features
Exchange 2000
Mail Enabled
Mail Enabled
Multiple Public
Folder Trees
Multiple Public
Folder Trees
Enhanced
Security
Enhanced
Security
Accessible from
the Web

Accessible from
the Web
Accessible from
the File System
Accessible from
the File System
Full-Text
Indexing
Full-Text
Indexing
Referrals Enabled
by Default
Referrals Enabled
by Default
a….
b….
c….
….


Public folders provide a shared repository for Exchange 2000. Public folders in
Exchange 2000 provide the following features:
!
Mail-enabled
You can mail-enable public folders so that you can send messages to the
folder using the mail entries stored in the Active Directory
™
directory
service instead of having to post them directly.
!

Multiple public folder trees
Multiple public folder trees, also known as hierarchies, enable you to store
public folders in more than one tree.
!
Secure items in public folders
You have the ability to secure items in public folders through Exchange
Installable File System (EXIFS).
!
Accessibility from the Web
This feature enables you to use a Web browser to gain access to public
folders by specifying a URL to the folder.
!
Accessibility from the file system
This feature enables you to use EXIFS to share public folders.
!
Full-text indexing capabilities for public folders provided through
MSSearch
Microsoft Outlook
®
clients automatically use this index when performing a
Find or Advanced Find.
!
Referrals enabled by default
Public folder referrals enable clients to gain access to any folder in the
organization. Exchange 2000 enables referrals by default between routing
groups.

Topic Objective
To describe the feature of
public folders.

Lead-in
Public folders provide a
shared repository for
Exchange 2000.
Delivery Tip
Ask students to explain the
purpose of public folders.
4 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Creating Public Folders
C
r
e
a
t
e
C
r
e
a
t
e
C
r
e
a
t
e

Exchange System
Manager
Exchange System
Exchange System
Manager
Manager
Administrator
User
Sales
C
r
e
a
t
e
C
r
e
a
t
e
C
r
e
a
t
e
Microsoft Outlook
Microsoft Outlook
Microsoft Outlook

Marketing


Both administrators and users can create public folders. Administrators use
Exchange System Manager and users typically use a Messaging Application
Programming Interface (MAPI) client, such as Outlook, to create public folders.
Typically, the administrator establishes the base-level folders, sets permissions
and other usage parameters, and then enables users to add subfolders to the
hierarchy and provide the contents.
Creating a Public Folder by Using Exchange System
Manager
To create a public folder by using Exchange System Manager, you should
expand the Organization/Administrative Groups/Administrative
Group/Folders containers. Right-click Public Folders, select New, and then
select Public Folder. Enter a name in the Name text box.
Creating a Public Folder by Using Microsoft Outlook
To create a public folder by using Outlook, in the left pane, expand Public
Folders, and then click All Public Folders or any existing folder. On the File
menu, point to Folder, and then click New Folder. The resulting dialog box
prompts you for the folder name and a list presents options for the type of
folder (for example, Mail Items, Contact Items or Appointment Items).
Topic Objective
To create public folders
using both Exchange
System Manager and
Outlook.
Lead-in
You can use either the
Exchange System Manager
or a MAPI client to create

public folders.
Delivery Tip
Demonstrate creating public
folders using each method.
Open each tab and discuss
its usage and properties.
For Your Information
Previous versions of
Exchange did not allow for
the creation of a public
folder from within an
administrative tool and
relied on a MAPI client, such
as Outlook, to create the
public folder.
Module 6: Creating and Managing Public Folders 5

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Configuring Public Folders
Seattle
Sales
Training
Marketing
HR
Business
Internet Newsgroups
Public Folders
New Tree
Folders



You can configure public folders by using the Public Folder Properties dialog
box through Exchange System Manager.
Administering Public Folders
The Exchange System Manager enables you to administer public folders by:
!
Viewing all available public folder trees within an administrative group and
the folders contained in each tree.
!
Creating and configuring folders.
!
Mail-enabling a public folder that adds an e-mail proxy for the folder to
Active Directory.
!
Configuring the security settings for a public folder or public folder tree root
and propagating them down the hierarchy.

Topic Objective
To configure public folders.
Lead-in
You use the Public Folder
Properties dialog box to
configure public folders.
Delivery Tip
Demonstrate the Public
Folder Properties dialog
box in Exchange System
Manger that enables this
activity.

6 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Configuring a Public Folder
You can configure the settings that affect public folders by using the Public
Folder Properties dialog box. Remember that you can modify these items only
by using Exchange System Manager.
The following table describes the configuration options provided by the Public
Folders Properties dialog box.
Tab Description

General Specifies the description of the folder. Control how the folder name
will appear in the address list. Enable read/unread information to
speed up clients.
Replication Specifies which servers within the organization contain replicas.
Indicate the times at which this public folder is replicated to other
replicas of the folder that exist throughout the Exchange organization,
and establishe replication message priority.
Limits Specifies age/store limits and deleted item retention length.
Details Types an administrative description of the public folder.
Permissions Specifies who can access and administer the folder, as well as who can
administer the proxy object for the folder in Active Directory on a
mail-enabled folder.

Module 6: Creating and Managing Public Folders 7

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Supporting Multiple Public Folder Trees

MAPI
IMAP4
NNTP
HTTP
MAPI
IMAP4
NNTP
HTTP
Web/NNTP
Web/NNTP
All Public Folders
Business
HR
Marketing
Training
All Public Folders
Business
HR
Marketing
Training
All Public Folders
Business
HR
Marketing
Training
Sales
Seattle
Public Folders
Business
HR

Public Folders
Business
HR
Sales London
Public Folders
Business
HR


With Exchange 2000, you can use multiple public folder trees to enhance
productivity.
Exchange 2000 provides increased administrative control and flexibility by
supporting multiple public folder trees, also referred to as top-level hierarchies.
For example, you can create a separate public folder tree to collaborate with
external users and keep that content separate from the default public folder tree.
You can also create an additional tree at a remote location so that the users at
that location can access data that is specifically relevant to them.
Each public folder tree stores its data in a single public folder store per server.
You can replicate specific folders in the tree to every server in the company that
has a public folder store associated with that public folder tree.
Client Support for Top-Level Hierarchies
The default public folder store contains the All Public Folders hierarchy. In
Exchange System Manager this is listed as Public Folders. This store is
associated with every mailbox store on a server to ensure that the All Public
Folders hierarchy is available to all MAPI, Internet Message Access Protocol
version 4 (IMAP4), Network News Transport Protocol (NNTP), and Hypertext
Transfer Protocol (HTTP) clients.
Any additional hierarchies that you create are considered General-purpose, top-
level hierarchies and are accessible from standard Microsoft Windows
®


applications, in which the folders in the hierarchies are mapped as network
drives using Installable File System (IFS), Web Distributed Authoring and
Versioning (WebDAV), and NNTP clients. They are not accessible to MAPI
clients, such as Outlook 2000 (unless viewed on a Web page hosted in Outlook
2000).
Topic Objective
To describe the support
available using multiple
public folder trees.
Lead-in
You can provide your
company with increased
administrative control and
flexibility by supporting
multiple public folder trees.
For Your Information
Exchange Server 5.5 and
earlier supported a single
public folder tree, All Public
Folders, which replicated to
all servers. For some
companies, this tree
became hard to manage
and navigate.
8 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

You can create and use these additional General-purpose public folder trees, or

hierarchies, as file repositories for departments, groups, or projects. You can
also use General-purpose public folder trees for collaboration with browsers
and applications, such as Office 2000, that can use HTTP to access the
Information Store. The following table describes the hierarchies.

Hierarchy type
Folder tree use
appears as

Access methods

Default MAPI clients MAPI clients (such as Outlook)
Applications (such as Microsoft Word and
Microsoft Excel)
Web browsers
IFS shares
Alternate General purpose Applications (such as Word and Excel)
Web browsers
IFS shares

Support Considerations
You should consider the following when planning to support multiple public
folder trees:
!
Because the default public folder tree is created on every public folder
server, and its list of folders is always replicated, additional public folder
trees only affect the servers on which they are configured. This means that
you can create a set of departmental or local folders on only one server or on
a subset of servers. You do not have to replicate these additional public
folder trees to every public folder server.

!
You can use additional public folder trees to minimize the overall size of the
default public folder tree (simplifying navigation) and to reduce the cost of
replicating the hierarchy of the default tree.
!
MAPI top-level hierarchy client permissions are the traditional MAPI
permission (Editor, Owner, etc). General-purpose, top-level hierarchy client
permissions are based on Microsoft Windows

2000.
!
There can only be one MAPI top-level hierarchy per organization. However,
you can have multiple General-purpose, top-level hierarchies per
organization.
!
MAPI top-level hierarchy does not support deep traversal searches, while
General purpose trees do support deep traversal searches.
!
In mixed mode, MAPI top-level hierarchy folders are mail enabled by
default, while General-purpose, top-level hierarchy folders are not. In native
mode, both types of folders are mail-disabled by default.

For Your Information
A deep traversal search is
the ability to search the
entire tree.
Module 6: Creating and Managing Public Folders 9

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY


Latency Issues
One Exchange 2000 Server service manages the replication of public folders. A
different Exchange 2000 Server service manages the listing of public folders in
the global address list. As a result, the following may occur:
!
When you administer the same public folder tree on two different servers,
you do not see the exact same list of folders, because changes to the public
folder hierarchy, such as a new, renamed, or deleted folder, have not yet
replicated among all servers.
!
Public folders appear in the hierarchy with the client, but cannot be seen in
the Address Book because the address list has not yet been regenerated after
the folder was mail-enabled.
!
The Public Folder Properties dialog box in Exchange System Manager
does not show the directory-specific pages because the replication of the
public folder hierarchy has taken place faster than the replication of the
newly created directory information, including the address information.

10 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Configuring Public Stores
Full-Text Indexing
Replication Status
Public Folders
Public Folder Instances
Logons
Public Folder Store (LONDON)



If you configure multiple public folder trees, you will need to configure
additional public stores on each server that hosts content from that tree, because
each public store contains the contents of one public folder tree. You cannot
split a public folder tree across multiple stores.
Public Store Properties Dialog Box
The Public Store Properties dialog box enables you to configure the settings
for a public store. These settings include replication schedule, age and storage
limits, and so on.

For more information about settings for a public store, see module 4,
“Creating and Managing Storage Groups and Stores,” in course 1572A,
Implementing and Managing Microsoft Exchange 2000.

Public Store Subcontainers
The public store provides subcontainers with information about:
!
Logons.
Logons provides information about who is logged on and using the public
folders.
!
Public Folder Instances.
The Public Folder Instances subcontainer enables you to view the folders in
the public store, configure the properties of a folder, and replicate a public
folder to a specific public store.
Topic Objective
To configure public stores
using the Properties dialog
box.

Lead-in
If you configure multiple
public folder trees, you will
need to configure additional
public stores on each server
that hosts content from that
tree.
Delivery Tip
Demonstrate the Public
Store Properties dialog box
and the settings it enables
you to configure.
Note
Delivery Tip
Demonstrate screens and
elements pertaining to
Public Folder subcontainers.
Module 6: Creating and Managing Public Folders 11

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

To replicate any public folder in the associated public folder tree to the
public store that you are administering, you should right-click the Public
Folder Instances object, select All Tasks, and then click Add replica.
Replicating public folder trees enables you to configure replication without
having to configure the replica server list in a folder’s replication properties.
You can remove a replica by clicking Public Folder Instances, right-
clicking the folder containing the replica that you want to remove, selecting
All Tasks, and then clicking Remove Replica.
!

Public Folders
The Public Folders subcontainer provides details, such as the name, path,
size, and number of items for all public folders in the store.
!
Replication Status
The Replication Status subcontainer lists each folder and the number of
servers containing a replica, the last time synchronization finished, and the
current replication state.
!
Full-Text Indexing
The Full-Text Indexing subcontainer displays the current state of indexing,
if it is enabled.

For Your Information
You can use the Replication
Status container to track the
replication process when
troubleshooting public folder
replication issues.
12 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Demonstration: Creating a Public Folder Tree


To administer Exchange 2000 public folders, perform the following steps:
1. Open Exchange System Manager.
2. Expand Your Organization\Administrative Groups\Your
Administrative Group, and then right-click Folders.

3. Click New, and then click Public Folder Tree.
You are prompted for the name of the tree. You will notice that the Folder
tree type field is automatically set as General purpose, which indicates that
the folder is available only for non-MAPI clients. The other setting for this
field is MAPI clients.
After creating the tree, create a public folder store on each server that will
host the tree and associate the store with the tree.
4. Open Exchange System Manager.
5. Expand Your Organization\Administrative Groups\Your
Administrative Group, and then right-click a storage group.
6. Click New, and then click Public Store.
7. Enter a name for the new store. Click Browse to select a public folder tree
to associate to your store.
After you configure and mount the store, you can add new folders to it.

Topic Objective
To demonstrate creation of
public folder trees.
Lead-in
In this demonstration, the
instructor will create a public
folder tree.
Module 6: Creating and Managing Public Folders 13

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Public Folders in Active Directory
Public Folder Store
Public Folder Store
Products

Personnel
Handbook
Forms
Address Book
(AB enabled items)
Address Book
(AB enabled items)
Products
Personnel
Handbook
Directory
(mail enabled items)
Directory
(mail enabled items)


You can set up every public folder in a public store to appear as a mail recipient
in Active Directory. To accomplish this, you need to mail-enable a public folder
by right-clicking it, selecting All Tasks, and clicking Mail Enable.
After you mail-enable a public folder, the following will result:
!
The System Attendant connects to Active Directory and creates an object
for the public folder in the Microsoft Exchange System Objects container.
!
A directory entry exists with a name of Folder Name. Users with access to
Active Directory can use the mail address properties of the object to send e-
mail to the public folder.
!
Additional property pages are available for the public folder in Exchange
System Manager. They are E-mail Addresses, Exchange General, and

Exchange Advanced.
!
You can configure the folder to appear in the global address list for clients,
such as Outlook.

Topic Objective
To describe what happens
after public folders are mail-
enabled.
Lead-in
Every public folder in a
public store can appear as a
mail recipient in Active
Directory.
Delivery Tip
Demonstrate the process of
mail-enabling a public folder
so that students will be able
to see how it works.
Explain the difference
between having a mail-
enabled object appear in the
directory (shown in Active
Directory Users and
Computers) and in the
Address List (controlled
from the Hide from
Exchange address lists
check box).
14 Module 6: Creating and Managing Public Folders


BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

The following table describes the differences between public folders in
Exchange 2000 mixed and native mode environments.
Top-level hierarchy Mixed mode Native mode

MAPI Top-Level
Hierarchy
Mail enabled by default.
Cannot be disabled.
Hidden from the global
address list by default.
Mail disabled by default. Can
be mail enabled.
If mail enabled, defaults to
visible in global address list.
General Purpose Top-
Level Hierarchy
Mail disabled by default.
Can be mail enabled.
If mail enabled, defaults to
visible in GAL.
Mail disabled by default. Can
be mail enabled.
If mail enabled, defaults to
visible in GAL.


In Exchange Server 5.5, public folders were placed in the directory by

default, but not displayed in the global address list. For backward compatibility,
MAPI public folders in an Exchange 2000 mixed mode environment are always
mail-enabled and cannot be mail-disabled.

Note
Module 6: Creating and Managing Public Folders 15

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

#
##
# Configuring Public Folder Permissions
!
Overview of Security in Exchange 2000
!
Inheritance of Permissions on Public Folder Objects
!
Types of Public Folder Permissions
!
Item and Property Permissions
!
Assigning Permissions with Outlook


When you create a public folder, Exchange 2000 assigns a set of permissions
that specify the individuals with the right to perform designated activity in that
folder. You can assign permissions to folders, items, and properties.
Permissions can be inherited from higher-level objects, such as the public folder
tree and administrative group.
If you configure public folder permissions by using Outlook, which displays the

legacy roles, Exchange 2000 automatically configures the corresponding
Windows 2000 permissions.
You need to understand this section to be able to control permissions to public
folders.
Topic Objective
To provide an overview of
the topics to be discussed
as part of configuring public
folder permissions.
Lead-in
You can assign permissions
to folders, items in a folder
and properties of a folder.
16 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Overview of Security in Exchange 2000
Active
Directory
Active
Directory
Exchange 2000
Exchange 2000


Exchange 2000 relies on Active Directory in Windows 2000 to enforce security
on Exchange 2000 resources. The operating system manages and enforces
permissions that are specific to Exchange 2000, such as the ability to create a
top-level public folder.

The security model in Exchange 2000 uses the following principles to
implement security:
!
You can apply access control to any resource, not just the folder.
Specifically, you apply security separately to folders, items in the folders,
and the properties of an item.
!
You apply the same type of permissions for a folder, or items in it, and
assign them to a user or security group in Windows 2000.
!
The access control list (ACL) uses security identifiers (SIDs) of Windows
2000 users and groups. Exchange 2000 assigns the Anonymous access
permissions to the special ANONYMOUS LOGON account and the Default
access permission to the Everyone group.
When evaluating access to a resource in Windows 2000, all of the entries in
the ACL are processed until:
• An entry denies permission.
• All of the requested permissions are granted.
• The end of the list is reached without all permissions granted.
!
Permissions can be denied. This feature can be used to exclude a user or
group from permissions granted to a larger group. Deny permissions are
processed first and take precedence over granted permissions.


Previous versions of Exchange used roles, such as Publishing Author,
Editor, and Owner to control access to folders by assigning entries from the
MAPI address book to the ACL for the folder.

Topic Objective

To identify the security
model in Exchange 2000.
Lead-in
Exchange 2000 uses a new
security structure that is
based on Windows 2000.
Delivery Tip
The graphic provides a high-
level overview of security.
Lead students through the
details outlined in the
bulleted lists.
Key Points
Emphasize that security for
Information Store in
Exchange 2000 is provided
through Active Directory,
while previous versions of
Exchange used objects in
the Exchange directory to
control access to folders.
Note
Module 6: Creating and Managing Public Folders 17

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Inheritance of Permissions on Public Folder Objects
!
Objects: Organization, Administrative Group, Public
Folder Tree

!
Public Folder Related Permissions
Create Public Folder
Create Top Level Public Folder
Modify Public Folder ACL and Admin ACL
Create Named Properties in the Information Store
Modify Public Folder Deleted Item Retention, Folder
Expiry, Folder Quotas, Folder Replica List
Administer/View Information Store


You can assign permission to higher level objects and then propagate them to
lower level objects.
Parent Folder
The top-level folder in a public folder tree is referred to as a parent folder. You
can assign permissions to a parent folder and then propagate the permissions to
all folders in that tree. You can configure permissions for a public folder tree by
opening the Properties dialog box for the tree, and then clicking Security.

The list of permissions in Exchange 2000 has been expanded from
previous versions of Exchange. Previously, administrators assigned Create,
Read, Edit, and Delete permissions to items and Create, Owner, and Contact
permissions to folders.

A parent folder will inherit permissions from folders above it in the
administrative hierarchy, including the administrative group permissions and
organization permissions.
Topic Objective
To assign permissions and
propagate them to lower

level objects.
Lead-in
You can assign permissions
to a public folder and then
propagate them to all folders
in that tree.
Note
18 Module 6: Creating and Managing Public Folders

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Inheritance Hierarchy
The following table describes the permissions that are available in
Exchange 2000 and their inheritance hierarchy.

Permission
Inheritance
Hierarchy

Description

Create Public Folder Organization,
administrative group,
public folder tree
Administrative permission to
create a public folder. Overrides
other permissions, such as Create
Container.
Create Top Level Public
Folder

Organization,
administrative group,
public folder tree
Specifies who can define top-
level folders, which in turn define
the tree structure.
Modify Public Folder
ACL
Public folder tree Specifies who can configure
permissions.
Modify Public Folder
Admin ACL
Organization,
administrative group,
public folder tree
Specifies who can configure
administrator rights.
Modify Public Folder
Deleted Item Retention
Public Folder Expiry
Public Folder Quotas
Administrative group,
public folder tree
Specifies who can change these
configuration properties.
Modify Public Folder
Replica List
Organization,
administrative group,
public folder tree

Specifies who can configure
where a public folder is
replicated.
Administer Information
Store
Organization,
administrative group,
public folder tree
Specifies who can manage the
public Information Store.
Create Named Properties
in the Information Store
Organization,
administrative group,
public folder tree
Specifies who can create named
properties. Use this to prevent
unauthorized properties from
being created (possibly by a
denial of service attempt).
View Information Store
Status
Organization,
administrative group,
public folder tree
Specifies who can view status on
the public Information Store.

Delivery Tip
Use one permission from

the Inheritance Hierarchy
table to illustrate which
object allows permissions to
be set and how those
permissions flow to lower
level objects.
Module 6: Creating and Managing Public Folders 19

BETA MATERIALS FOR MICROSOFT CERTIFIED TRAINER PREPARATION PURPOSES ONLY

Types of Public Folder Permissions
Control who can manipulate the Active
Directory object for a mail-enabled public
folder.
Active
Directory
Control permissions of users accessing the
public folder.
Folder
Control which users can access messages sent
to a mail-enabled public folder.
Message
Control the right that administrators have to a
public folder.
Administrator


Exchange 2000 enables you to control the details of public folder access and
administration.
Public Folder Categories

The permissions for public folders in Exchange 2000 are divided into four
separate categories.
!
Folder Rights
Enable you to control the permissions of users accessing the folder. For
example, you can control who has Read/Write permission on a public
folder.
!
Message Rights
Enable you to decide which users can gain access to messages sent to a
mail-enabled public folder.
!
Directory Rights
Mail-enabling a public folder creates an object in Active Directory.
Directory rights enable you to control which users can manipulate this
object.
!
Administrators Rights
Enable you to assign specific rights to specific administrators. For example,
there are ten administrators at Northwind Traders, but only three have been
granted permission to replicate certain sensitive public folders.

Topic Objective
To distinguish between the
four types of public folder
permissions.
Lead-in
The permissions for public
folders in Exchange 2000
have been divided into

several categories.
For Your Information
In the past, each
administrator had all of the
rights assigned to the
administrator group.