Just can't get enough of IT

Public folders are one solution to provide a team collaboration tool for companies. Legacy public folders utilized a proprietary multi-master replication mechanism which was not planned to handle today's data volumes. Therefore, Exchange 2013 introduced modern public folders which utilize the robust DAG replication functionality. Due to the technology change between legacy public folders and modern public folders a migration is required.

You can migrate legacy public folders hosted on Exchange 2007 or Exchange 2010 to modern public folders hosted on Exchange 2013. Or you can migrate legacy public folders hosted on Exchange 2010 to modern public folders hosted on Exchange 2016. If a cloud migration is a viable option for your company, you are able to migrate legacy public folders hosted on Exchange 2007 or Exchange 2010 to modern public folders hosted in Exchange Online.

The requirements for legacy Exchange Servers are:

• Exchange Server 2007 SP3 with Update Rollup 15 or later
• Exchange Server 2010 SP3 with Update Rollup 8 or later
• Windows Server hosting Exchange Server 2007 must be upgraded to Windows PowerShell 2.0 and WinRM 2.0 for Windows Server 2008 x64

Since Exchange Server 2013 RTM the public folder migration scripts and the migration guidance have quite often been updated. The information provided at TechNet is very detailed for each migration option and there is no need to repeat each step in this blog post. Please see the link section for all hyperlinks.

Notes

Preparing a legacy public folder migration is pretty straight forward. The main issue companies are facing is the required downtime for finalizing the public folder migration batch. The required downtime cannot be determined exactly (not as exactly as requested by upper management). This means that you have to plan for scheduled maintenance during off-hours. In the past, a single migration request has been used to migrate legacy public folders. The new batch approach migrates public folder content using multiple requests within a single batch.

Estimated Number Of Concurrent Users

The Create-PublicFolderMailboxesForMigration.ps1 script uses the parameter EstimatedNumberOfConcurrentUsers to determine the overall number of public folder mailboxes serving the hierarchy. The TechNet articles explain this parameter as follows:

The estimated number of simultaneous user connections browsing a public folder hierarchy is usually less than the total number of users in an organization.

Exchange Server 2013 and Exchange Server 2016 currently support 2.000 concurrent connections to a single mailbox. This limit (2.000) is used by the Create-PublicFolderMailboxesForMigration.ps1 in conjunction with EstimatedNumberOfConcurrentUsers to determine the number of public folder mailboxes required to serve the public folder hierarchy. The current version of the script uses a coded limit of max 100 public folder mailboxes. This means that you can only serve 100 x 2.000 = 200.000 concurrent users accessing the public folder hierarchy.

Legacy Public Folder Store

Finalizing the migration request and setting the PublicFolderMigrationComplete attribute requires the legacy public folder information store to be restarted. Otherwise, the configuration change will not be picked up in the information store in a timely fashion. Remember to restart the information store service on all legacy public folder servers.

Interim Migration

If your current public folder infrastructure is based on Exchange 2007 and you want to get rid of that Exchange version, you might think of replicating all content to Exchange 2010. This is not the best approach. Due to known content conversion issues, you might encounter data loss when replicating public folder content between Exchange 2007 and Exchange 2010.

The recommended approach is to migrate Exchange 2007 legacy public folders to Exchange 2013 modern public folders directly.

Recommended Reading

A recommended reading on legacy public folder migration from Exchange 2010 to Exchange 2016 is Butch Waller’s blog post “Migration to Modern Public Folders – Notes from the Field”

The PowerShell script referenced in that blog post does not work with Exchange 2007. You can use my PowerShell script which utilizes UTF8 encoding and runs with Exchange 2007 and Exchange 2010: https://gallery.technet.microsoft.com/Exchange-2010-Public-315ea9aa

Remark
All limits mentioned in this post reflect the information available at the time of writing.

Links

• Limits for modern public folders – Exchange Server 2013, https://technet.microsoft.com/en-us/library/dn594582(v=exchg.150).aspx
• Limits for modern public folders – Exchange Server 2016, https://technet.microsoft.com/en-us/library/dn594582(v=exchg.160).aspx
• Limits for modern public folders – Exchange Online, https://technet.microsoft.com/library/exchange-online-limits(EXCHG.150).aspx
• Use batch migration to migrate public folders to Exchange 2013 from previous versions, https://technet.microsoft.com/EN-US/library/dn912663(v=exchg.150).aspx
• Use batch migration to migrate public folders to Exchange 2016 from previous versions, https://technet.microsoft.com/en-us/library/dn912663(v=exchg.160).aspx
• Use batch migration to migrate legacy public folders to Office 365 and Exchange Online, https://technet.microsoft.com/en-us/library/dn874017(v=exchg.150).aspx
• Legacy public folder migration PowerShell scripts, http://go.microsoft.com/fwlink/?LinkId=299838

Do you need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid with Office 365? Contact us at office365@granikos.eu or visit our website https://www.granikos.eu.

Description

When you want to migrate your modern public folders from Exchange 2013 or newer to modern public folders in Exchange Online, you must prepare the public folder names for migration.

Public folder names are not allowed to contain the following:

• A backslash "\"
• A forward slash "/"
• A semicolon ";"
• A comma ","
• A colon ":"
• Leading or trailing spaces

The script Fix-ModernPublicFolderNames.ps1 fixes the public folder names to prepare migration to modern public folders in Exchange Online.

Examples

# EXAMPLE 1
# Rename and trim public folders

.\Fix-ModernPublicFolderNames.ps1

# EXAMPLE 2
# Rename and trim public folders, export list of renamed 
# folders and folders with renaming errors as text files

.\Fix-ModernPublicFolderNames.ps1 -ExportFolderNames

Version History

• 1.0, Initial community release

Links

• Download and follow at Github: https://github.com/Apoc70/Fix-PublicFolderNames

Follow

• Twitter @stensitzki
• LinkedIn

Community

Are you located in Germany, Austria, or Switzerland? Join the Exchange User Group DACH to collaborate with other Exchange enthusiasts.
Follow us on Twitter @exusg, join on Meetup, or visit our website. 

Once upon a time at an Exchange Conference near you, a member of the Exchange Product Group (PG) announced that the very last Exchange Server will go away when having an active Exchange hybrid setup.

This was a hot topic for discussions at the Microsoft Exchange Conferences (MEC, @IamMEC) in 2012 and 2014, already. Since then the Exchange PG came up with a number of reasons why this is not possible. The question on when we will finally be able to remove the very last Exchange Server from the on-premises Exchange organization was asked every year at the Ignite Conference. 

Current Situation

Currently, the supported scenario for hybrid configurations between your on-premises Exchange organization and Exchange Online requires that you keep the last Exchange Server for creating, and managing Exchange related objects, even if those objects are located in Exchange Online. 

The following diagram illustrates the current requirements:

• Domain Controller Servers, with the most recent Active Directory Schema Update for a supported Exchange Server version, and stored Exchange-extended AD objects.
• DirSync Server, with AAD Connect, synchronizing Exchange-extended AD objects stored in on-premises Active Directory with Azure AD.
• Last Exchange Server, running a supported version of Exchange Server, managing the objects stored in on-premises Active Directory.

Interim solutions

In the past, there was communication on certain interim solutions that were supposed to support you in removing the last Exchange Server from your Exchange organization. Such interim solutions were:

• ADSI Edit
• Identity Management Solutions (IDM)
• PowerShell

At Ignite those solutions even made it into the official session catalog:

• Ignite 2018 - THR2145 - Why do we need to keep an Exchange Server on-premises when we move to the cloud?

All those interim solutions leave your on-premises Exchange organization and the Active Directory configuration in an uncomfortable twilight-zone. It was still something that worked somehow, but you knew it was officially not supported, and the secure and stable operation of the hybrid configuration was at risk.

But wait...

Removing the last Exchange Server is supported!

(at least when all components are released)

Solution

The new approach for managing your Exchange Online tenancy after migrating your on-premises Exchange organization to Exchange Online does not require an on-premises Exchange Server. 

The new mode of operation reduces your on-premises requirements to:

• Domain Controller Servers, running the most recent release Windows Server 2019 with the most recent Active Directory Schema Update for Exchange Server 2019 CU 5. This updates the Exchange-extended AD objects and the hybrid configuration object to support modern EXO management. Also, you must enable the Windows Feature "Exchange Online Remote Features" as described below.
   
• DirSync Server, with AAD Connect, synchronizing Exchange-extended AD objects stored in on-premises Active Directory with Azure AD. You must run the most recent release of Azure AD Connect (1.4.38.0) and have Exchange Hybrid enabled in AAD Connect.
  See release notes for Azure AD Connect. 
   
• Administrative PC, running the most recent version of the Exchange Online PowerShell v2 (aka ExchangeOnlineManagement)

The following diagram illustrates the new modern Exchange Online Management experience:

Simply you remove the requirement to use on-premises Exchange Server to write to your on-premises Active Directory. Instead, Azure AD Connect uses a new synchronization capability to handle the new Exchange Management experience in the AAD Connect MetaVerse. The on-premises AD-connector writes the changes to Active Directory which keeps the Active Directory up-to-date for all other on-premises solutions that require identities to have a proper state.

You execute all Exchange-related actions using the new Exchange Online Management PowerShell module, or, if needed, the new Modern Exchange Admin Center (EAC, which was announced at Ignite 2019.

Enable Modern Exchange Admin Experience (MEAE)

Before you uninstall the last Exchange Server from your on-premises Exchange organization, ensure that you

• Updated the Active Directory Schema Version to Exchange Server 2019 CU5
• Prepare the Active Directory and all domains in the Active Directory Forest that contain Exchange objects
• Ensure that there are not pre-Windows 2019 domain controller in use, and patch all domain controller to the March 2020 release
• Install the new EXORemote Windows Feature 

PS C:\> Get-WindowsFeature

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[ ] Active Directory Certificate Services               AD-Certificate                 Available
    [ ] Certification Authority                         ADCS-Cert-Authority            Available
    [ ] Certificate Enrollment Policy Web Service       ADCS-Enroll-Web-Pol            Available
    [ ] Certificate Enrollment Web Service              ADCS-Enroll-Web-Svc            Available
    [ ] Certification Authority Web Enrollment          ADCS-Web-Enrollment            Available
    [ ] Network Device Enrollment Service               ADCS-Device-Enrollment         Available
    [ ] Online Responder                                ADCS-Online-Cert               Available
[ ] Active Directory Domain Services                    AD-Domain-Services             Available
[ ] Active Directory Federation Services                ADFS-Federation                Available
[ ] Active Directory Lightweight Directory Services     ADLDS                          Available
[ ] Active Directory Rights Management Services         ADRMS                          Available
    [ ] Active Directory Rights Management Server       ADRMS-Server                   Available
    [ ] Identity Federation Support                     ADRMS-Identity                 Available
[ ] Device Health Attestation                           DeviceHealthAttestat...        Available
[ ] DHCP Server                                         DHCP                           Available
[ ] DNS Server                                          DNS                            Available
[ ] Exchange Online Remote Features                     EXORemote                      Available
[ ] Fax Server                                          Fax                            Available
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
[...]

PS C:\> Install-WindowsFeature -Name EXORemote

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[ ] Active Directory Certificate Services               AD-Certificate                 Available
    [ ] Certification Authority                         ADCS-Cert-Authority            Available
    [ ] Certificate Enrollment Policy Web Service       ADCS-Enroll-Web-Pol            Available
    [ ] Certificate Enrollment Web Service              ADCS-Enroll-Web-Svc            Available
    [ ] Certification Authority Web Enrollment          ADCS-Web-Enrollment            Available
    [ ] Network Device Enrollment Service               ADCS-Device-Enrollment         Available
    [ ] Online Responder                                ADCS-Online-Cert               Available
[ ] Active Directory Domain Services                    AD-Domain-Services             Available
[ ] Active Directory Federation Services                ADFS-Federation                Available
[ ] Active Directory Lightweight Directory Services     ADLDS                          Available
[ ] Active Directory Rights Management Services         ADRMS                          Available
    [ ] Active Directory Rights Management Server       ADRMS-Server                   Available
    [ ] Identity Federation Support                     ADRMS-Identity                 Available
[ ] Device Health Attestation                           DeviceHealthAttestat...        Available
[ ] DHCP Server                                         DHCP                           Available
[ ] DNS Server                                          DNS                            Available
[X] Exchange Online Remote Features                     EXORemote                      Installed
[ ] Fax Server                                          Fax                            Available
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
[...]

Even though not explicitly stated, you should restart the server after installing the Windows feature.

• Connect to the modern Exchange Online Admin Center as a Global Administrator or Exchange Services Administrator and add at least one of your on-premises domain controllers to the list of modern management servers.
  https://admin.exchange.microsoft.com/#/modernmanagement

As part of the next AAD Connect synchronization cycle, the magic happens.

• The added EXO modern management server is validated
  • You'll see an error sign in Modern Exchange Admin Center if the validation has failed
•  Azure AD removes the "on-premises"-lock from the Exchange related attributes, so you can start managing these attributes in EXO
• The Exchange hybrid configuration object is set to "Modern Coexistence", ensuring that a newly added on-premises Exchange Server will not interfere with the setup

Verify that you can edit the Exchange related attributes of synchronized Active Directory objects in Exchange Online or Azure AD before you remove your last Exchange Server. 

Whey ready to uninstall the last Exchange Server you must use the following command line parameters to remove the server as intended. Otherwise, you'll leave the Exchange organization in an inchoate state. Ensure that you use an administrative PowerShell session. 

./Setup.exe /mode:uninstall /SwitchToMEMA /IAcceptExchangeOnlineLicenseTerms

Normally, you do not have to accept license terms when uninstalling Exchange Server, but in this case, you have to accept the Exchange Online license terms.

Prerequisites

• Windows Server 2019 Desktop Experience Editon or Core Edition, March 2020 Update
  Core Edition recommended
• Azure AD Connect, release 1.4.38.0
• Exchange Server 2019 CU5, as the last Exchange Server

Links

• Exchange Online Management PowerShell Module v2
• Hybrid deployment prerequisites
• Exchange Server hybrid deployments
• Install-WindowsFeature
• You must follow the instructions given in the follow article:
  Final instructions for enabling this awesome new MEMA-experience

Enjoy the modern experience and management options of Exchange Online!

Exchange Conferences

• MEC 2014 - Austin
• MEC 2012 - Orlando

My guest post about Modern Attachments with OneDrive for Business was published in the ENow Exchange & Office 365 Solutions Engine Blog (ESE) yesterday.

Enjoy reading here: http://blog.enowsoftware.com/solutions-engine/modern-attachments-with-onedrive-for-business

On Saturday, May 11th, the SharePoint Saturday Cologne will take place at Microsoft Office.

My session covers the migration of legacy public folders to modern public folders in the cloud.

Migrating from legacy public folders to modern public folders in Exchange Online is an error-prone process. Especially for Exchange organizations using legacy public folders since the early days. Real world examples from the field will show you how to determine the right migration approach. Additional information will help you to avoid the most common errors when migrating to modern public folders to the cloud. But what about after migrating to the? There is more. Prepare for decommissioning Public Folders by moving content to Microsoft Teams.

Links

• SharePoint Saturday Cologne Website
• SPSCGN Agenda

See you in Cologne.

In Legacy Public Folder World with Exchange Server 2010 it was pretty easy to find the parent path of email enabled public folder:

(Get-MailPublicFolder MAILADRESS | Get-PublicFolder).ParentPath

Problem

When you try the same approach with modern public folders using Exchange Server 2013+ EMS, you receive an error.

Get-MailPublicFolder MSTeamsPF@varunagroup.de | Get-PublicFolder

Cannot process argument transformation on parameter 'Identity'. Cannot convert the "varunagroup.de/Microsoft 
Exchange System Objects/MSTeamsPF" value of type "Microsoft.Exchange.Data.Directory.ADObjectId" to type
"Microsoft.Exchange.Configuration.Tasks.PublicFolderIdParameter".
    + CategoryInfo          : InvalidData: (MSTEamsPF:PSObject) [Get-PublicFolder], ParameterBindinmationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-PublicFolder
    + PSComputerName        : P01.varunagroup.de

Solution

You need to use the EntryId paramater of the Get-MailPublicFolder result.

$pf = Get-MailPublicFolder MSTeamsPF@varunagroup.de

Get-PublicFolder -Identity $pf.EntryId

Name            Parent Path
----            ---------
MSTeamsPF       \Modern Collaboration

Get-PublicFolder does not take pipeline inputs.

Links

• Find parent path for email activated Public Folder

Enjoy modern public folders :-)