Designing Public Folder Architecture – Exchange 2010

Some organizations make little use of public folders, while others use them extensively and may have developed manual or automated business processes that require public folders. Because of the variation in public folder use, you should start your public folder design by analyzing your organization’s business requirements for public folders.

Information Required for Planning Public Folders

  • What versions of Office Outlook does your organization use? If you use Office Outlook 2003 or earlier versions, you still require public folders to store the offline address book and free/busy information.
  • How many public folders have your organization implemented, and how much data does each public folder store?
  • How often are public folders used? Calculate how frequently public folders are accessed, and the number of users who access them. Understanding public folder usage helps you plan the location and capacity of the public folder servers. For example, high public folder usage may require you to use a dedicated public folder server.
  • How are users of public folders distributed within the organization? Are the public folder users primarily in one location, or are they distributed across the organization’s locations? Do users from the Internet need access to public folders?
  • What function do the public folders serve? Some organizations use public folders only for basic functions such as storing company data, while other organizations use public folders for more advanced functions, such as creating customized applications.
  • Do the public folders support strategic business applications? Analyze the organization’s primary business applications, and decide whether they are using public folders as a front-end system for form-based and event-based applications.
  • What are the plans for sharing the types of information that may be stored in public folders?

Designing Mailbox Servers for Storing Public Folders

Public folders are stored in public folder databases on Exchange Server 2010 Mailbox servers. By default, if you specify that your organization includes Office Outlook 2003 or earlier clients when you install your organization’s first Mailbox server, a public folder database is created on this first Mailbox server. No other public folder databases are installed. However, you can create a public folder store on any other Mailbox server in the organization.

When designing storage space for the public folder database, consider the following factors:

  • Item retention and deletion.
  • Average and maximum size of physical messages.
  • Maximum item storage time configured for each public folder.
  • Default maximum item storage time for the public folder database.
  • Projected growth rate for public folder usage.

If your organization currently uses public folders, you can determine this information easily. If your organization would like to use public folders now, but has not used them previously, you might need to spend more time gathering the business requirements to determine how much space to dedicate to a public folder database.

The processor and memory requirements for servers hosting a public folders database are the same as for other Mailbox servers. If the server hosts both mailboxes and public folders, then each MAPI connection requires the same amount of resources, whether connecting to the mailbox database or the public folder database. If public folder data changes frequently, then the disk I/O, memory, and processing requirements increase.

Designing Public Folder Replication

Organizations that use public folders extensively also frequently use public folder replication to provide fault tolerance for the public folders, and better access to public folders for users in different locations. When you enable public folder replication, the data in a public folder is synchronized between two or more servers. If one server is unavailable, users can access the data from one of the remaining replicas. A public folder database can exist on a Mailbox server that is part of a database availability group (DAG), but the public folder database cannot be replicated by the DAG.

By default, Office Outlook clients always try to access a replica of a public folder in the same Active Directory site as the user mailbox. However, if a replica of the public folder does not exist in the site, users can connect to public folder replicas in another Active Directory site. This process is called public folder referral. By default, public folder referrals are enabled between Active Directory sites in Exchange Server 2010. If a public folder replica is located in more than one other site, the Exchange server refers the client to the replica site based on the lowest IP site link costs between the sites.

In general, you should configure public folder replication only for public folders that do not change frequently. Frequent changes generate replication traffic and can result in users seeing different versions of messages. Use public folder referrals for public folders that change frequently, and to which users must always have access to the latest content.

If you have Office Outlook 2003 or earlier MAPI clients, you should enable replication for the system folders that these clients require. These folders include the Schedule+ free/busy folders, and the offline address book folders. The offline address book folder includes up to three different versions of the offline address book.

Designing Client Access to Public Folders

When designing public folder deployment in your organization, you also should plan for client access. This includes two components: designing access to the public folder contents based on the messaging client that users utilize, and designing the public folder hierarchy to ensure that user access to public folders is as efficient as possible.

Internal clients typically use Outlook

In Exchange Server 2010, users can access public folders only using MAPI clients such as Office Outlook 2007, or earlier Office Outlook versions. In some earlier versions of Exchange Server, users could also access the public folders by using an IMAP4 or Network News Transfer Protocol (NNTP) client.

Use Outlook Anywhere for Internet clients

You can configure Outlook clients that connect from outside the network to use Outlook Anywhere. Outlook Anywhere uses Remote Procedure Call (RPC) over Hypertext Transfer Protocol Secure (HTTPS) to connect to the Exchange Server 2010 Client Access server.

Use Outlook Web App for Internet clients

You can provide access to the mailboxes and public folders through Outlook Web App. Earlier versions of Outlook Web Access opened a new window to view public folders. Outlook Web App in Exchange Server 2010 integrates public folders into the same interface as the mailbox.

Retain Exchange Server 2003 for IMAP and NNTP Clients

To provide access to public folders for IMAP4 and NNTP clients, you must leave the public folders on an earlier Exchange Server version. Next, you must configure the clients and the network infrastructure to enable the clients to connect to the Exchange Server hosting the public folder.

If users use IMAP4 and NNTP primarily to post messages to public folders, consider mail-enabling the public folder. When you mail-enable a public folder, this assigns an e-mail address to the public folder that enables users to send messages to the folder using any e-mail client.

Plan the public folder hierarchy

Typically, a public folder hierarchy is organized according to a company’s business model, so that each top-level folder represents one department within the company.

By assigning the appropriate permissions at the top level folders, you can allow users to perform tasks such as adding permissions or adding and removing folders within their department’s top level public folder.

Whenever possible, group public folders that require the same configuration under a top-level folder, so that you can apply the required settings to all of the folders in the hierarchy at the same time.

Designing Public Folder Permissions

To ensure the easy management of public folder infrastructure while providing users with effective use of public folders, you need to plan the public folder permissions. When planning public folder permissions, you need to consider administrative and client permissions.

Designing Administrative Permissions

The following table lists the guidelines that you must consider when designing administrative permissions for public folders. The following are guidelines for designing administrative permissions:

  • Identify a group of administrators who will administer public folders.
  • Plan to delegate administrative permissions for lower level folders.

Designing Client Permissions

You use roles to manage client permissions to access public folders. A role is a permissions template that grants clients the permissions they need to access folders and folder items. Use Office Outlook or the Exchange Management Shell to assign public folder roles.

You can apply client permissions to a user based on the following rules:

  • If the user is explicitly granted permission to the public folder, only those clients that have been granted permission are applied to the user.
  • If the user is a member of a distribution group that has permission to the public folder, the user’s permissions are the least restrictive of either the group permissions or the default permissions for the public folder.
  • If the user is a member of multiple distribution groups, the user’s permissions are the least restrictive of any distribution group or the default permissions for the public folder.

Guidelines when designing client permissions:

  • Create mail-enabled universal security groups to enable public folder permissions. You can grant access to public folders for individual users, but managing groups is more efficient than managing individual users. Start by determining the users who require access to public folders, which folders they require access to, and the level of access required to the public folders. Then create groups for each unique set of permissions, assign permission roles to the groups, and add users to the groups.
  • Plan for default permissions. Default permissions are assigned to all authenticated users. In Exchange Server 2010, the default group is assigned the Author permission role. This means that all users can view the folder contents, and create new items in the folder. If you have public folders containing confidential information, you must modify the default permission.
  • Plan for anonymous permissions. Anonymous permissions are assigned to unauthenticated users, including those without a mailbox, and those who are not custom recipients in the organization. However, an anonymous user is restricted to accessing public folder content that has been granted anonymous permissions. Because all Office Outlook clients must be authenticated in order to access a user mailbox, you rarely allow anonymous access to public folders in Exchange Server 2010.
  • Limit permissions at higher levels of the hierarchy. When a new public folder is created, it inherits the permissions from the parent public folder. Limiting permissions in the parent folder ensures that unnecessary permissions are not given to lower-level folders.


This entry was posted in Exchange Servers. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s