New Tools Available for Public Folders and Mailbox Management, and for Mobility
Topic Last Modified: 2005-11-16
With the release of Microsoft® Exchange Server 2003 Service Pack 2 (SP2), you now have two new tools that can make your day-to-day operations tasks easier and more productive.
The Microsoft Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool, version 2.4, is a tool previously available for internal use only, but now is available publicly. This tool helps IT Administrators to manage various server tasks related to:
The Microsoft Exchange ActiveSync Mobile Administration Web tool is part of the overall new Mobility feature that was introduced with SP2. This tool enables IT Administrators to manage the process of remotely erasing or wiping lost, stolen, or otherwise compromised mobile devices.
For more information about downloading these tools, see Tools for Exchange Server 2003. Download these tools to start taking advantage of the many tasks they can perform both for public folder and mailbox administration, and for an enhanced administrator mobility experience.
The following sections describe the tools in more detail.
The Microsoft® Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool version 2.4 (PFDAVAdmin 2.4) is an Exchange 2000 and later tool that assists Exchange administrators in fulfilling various server management tasks. As the name of the tool implies, many of these tasks are related to public folder management, but this tool can be used with mailboxes, too.
Probably the most popular usage of PFDAVAdmin is permissions management of public folders. This tool is especially useful when correcting problems in permissions caused by M drive scanning or modifications made through a non-MAPI interface. Another common usage is to export or import folder permissions set on public folders and mailboxes.
The following examples show additional you can do with PFDAVAdmin.
- Content Report
Did you ever want to know how many items each public folder contains? Or do you want to know when the newest item was created in a folder? The Content Report menu is here to help you. Use this menu to create a report for all the public folders or any single folder (and its subfolders) with information such as the following:
Size of the folder
Largest item size in the folder
Most recent modification date of any item in the folder
- Item count
- Centralized Permission change
Did you ever want to assign certain permission to all the user mailboxes, such as reviewer permission on Calendar folders of all the users? You can use Propagate ACE to add the permission to all the folders named Calendar, or you can export or import permissions through text files.
Note: For Calendar folders, you must take an extra action. For more information, see Microsoft Knowledge Base article 237924, "PRB: ACL: Outlook 2000 Doesn't Properly Read ACL Settings."
- Permission Migrate
Do you need to migrate from an Exchange Server 5.5 organization to a new Exchange Server 2003 organization? If you do, you may also want to migrate the permissions of public folders rather than manually assigning the permissions on Exchange Server 2003. You can use PFInfo to export the permissions of Exchange Server 5.5 public folders and use PFDAVAdmin to import the file into Exchange Server 2003.
The following questions are frequently asked.
- Question Does PFDAVAdmin only work against public folders?
Answer No, in spite of its name, PFDAVAdmin works against mailboxes as well.
- Question Can you run PFDAVAdmin against Exchange Server 5.5?
Answer No, PFDAVAdmin works only with Exchange 2000 and later servers. However, PFDAVAdmin can work with the data you exported from Exchange Server 5.5 with tools such as PFInfo.
- Question Is it possible to run PFDAVAdmin from a command line?
Answer Yes. You can specify various switches to indicate what type of operations you want to perform, as well as the scope of the operations. To see what options are available, type pfdavadmin -? at a command prompt.
- Question Can you run PFDAVAdmin from a computer that is not a member of the forest where the target Exchange server resides?
Answer Yes. This feature is new with version 2.4. Also, you can use an account that is not a member of the Exchange forest if it has appropriate Exchange Administrator permissions (for example, in a resource forest scenario).
- Question What is the typical 'folders per hour' that PFDAVAdmin can process?
Answer This answer depends on many factors such as the hardware specifications of the server and client, and the types of operations (Export Permissions, Export Replica Lists, Content Report). generally, you can get a higher performance when you run PFDAVAdmin against Exchange Server 2003 than against Exchange 2000 Server. Also, for Exchange Server 2003, it is faster when installed on Microsoft Windows Server™ 2003. As a broad estimate, 20,000 to 50,000 folders per hour is a good benchmark. Do note, though, that the performance in version 2.4 is significantly improved over the previous versions.
The Microsoft Exchange ActiveSync Mobile Administration Web tool enables administrators to manage the process of remotely erasing lost, stolen, or otherwise compromised mobile devices.
By using the Exchange ActiveSync Mobile Administration Web tool, administrators can perform the following actions:
View a list of all devices that are being used by any enterprise user.
Select or cancel the selection of devices to be remotely erased.
View the status of pending remote erase requests for each device.
View a transaction log that indicates which administrators have issued remote erase commands, in addition to the devices that those commands pertained to.
To install the Exchange ActiveSync Mobile Administration Web tool on a front-end server that runs Exchange Server 2003 with Service Pack 2 (SP2), run the .msi package. The installation package creates the MobileAdmin virtual directory, through which the tool can be accessed.
When installed correctly, the Exchange ActiveSync Mobile Administration Web tool is available from any remote computer that has a browser that can access the virtual directory associated with the tool. However, to access the Exchange ActiveSync Mobile Administration Web tool from the same computer that it is installed on, you must use one of the following approaches:
Add the server name to the Local intranet list for Internet Explorer: In Internet Explorer, click Tools, click Internet Options, click Security, click Local intranet, and then click Sites.
Use localhost as the server name when specifying the mobileAdmin URL in the browser (for example, https://localhost/mobileAdmin).
By default, access to the Exchange ActiveSync Mobile Administration Web tool is restricted to Exchange administrators and local administrators. A user from either of these groups can enable additional users to access the tool by modifying the security settings on the MobileAdmin folder in the installation directory. You make this change by right-clicking the folder, and then selecting sharing & security, which displays the Insert Folder Security properties dialog box.
By using this user interface, an administrator can add a user or group by clicking Add and then entering the name of the user or group to which the administrator wants to grant access.
Similarly, a user or group can be removed by selecting that user or group and then clicking Remove.
The Welcome Screen presents the Administrator with a list of available administrative options. Select one of these options to start the associated Web page. The following options are displayed on the Welcome page.
- Remote Wipe Run a remote wipe command for a lost or stolen mobile device
- Transaction Log View a log of administrative actions, noting time/action/user
The Remote Device Wipe administrator console provides the following functions:
Issue a remote wipe command for a lost or stolen mobile device.
To issue a remote wipe command, search for a user’s mobile devices by specifying the user’s name. The tool displays the device ID, device type, and the time the device last synchronized with the server for each of the user's devices. Locate the desired device, and then click Wipe. The tool then displays the up-to-date status for the device, displaying when or if the device has been successfully wiped.
View the status on a pending remote wipe command.
When a Wipe action is specified for a device, it stays active until the administrator specifies otherwise. This means that, after the initial remote wipe has been completed, the server continues to send a remote wipe directive if the same device ever tries to reconnect.
Undo (cancel) a remote wipe command if a lost or stolen device is recovered.
If a lost device is recovered, the administrator can cancel this directive to enable the device to successfully connect again. You cancel the wipe by locating the mobile device that has the remote wipe action set, and then clicking Cancel Wipe.
Delete a device partnership.
The administrator can use the remote wipe console to delete a device partnership from the server. This action has the effect of cleaning up all state associated with a specified device on the server and is primarily useful for housekeeping purposes. If a device tries to connect after its partnership has been deleted, it will be forced to re-establish that partnership with the server through a recovery process that is transparent to both the IT administrator and the device user. This action is carried out by locating the mobile device, and then clicking Delete.
The transaction log displays the following information for all critical administrative actions performed with the Exchange ActiveSync Mobile Administration Web tool:
- Date Time Date and time when the action was executed
- User The user who executed the action
- Mailbox The mailbox that the action pertained to
- DeviceID The device that the action pertained to
- Type The type of device that the action pertained to
- Action The action taken by the administrator