InterOrg Public Folder Replication: Exchange 2007 to Exchange 2010

By Ed Bratter
Posted in Infrastructure
On October 19, 2012

If you are involved in an InterOrg Exchange migration, you are going to have to migrate your Public Folder infrastructure from the source Exchange organization to the destination organization. Exchange does not offer a native tool to do this. This means you will either have to invest in a third-party utility like the Quest Exchange migration tool or use a free tool from Microsoft called the InterOrg Replication tool (IORepl). As you might expect, the third-party tools are far superior to IORepl, but are also far more costly. For smaller migrations, though, IORepl will get the job done.

IORepl has been around since the early days of Exchange. With Microsoft trying to get away from Public Folders, the tool has not been updated since Exchange 2003. Almost all the documentation available addresses Exchange 2003 to Exchange 2003 migrations, or Exchange 2003 to Exchange 2007 or Exchange 2010 migrations. The documentation does not address Exchange 2007 to Exchange 2010 (or some combination thereof) migrations. In fact, the definitive MS article for IORepl ( specifically states: “Although replication may work among pure Exchange 2010 or Exchange 2007 organizations, this configuration has not been tested. Therefore, it is an unsupported configuration.”

Given this statement, one may assume that the only way to do this type of migration is writing a check for a third-party solution. The good news is that IORepl can be used on the later versions of Exchange. I have successfully used it to do Exchange 2007 to Exchange 2010, and Exchange 2010 to Exchange 2010 migrations.

This article focus on setting up IORepl for this type of migration and is meant to fill in the gaps that the Knowledge Base article does not specify for these migration types. As such, if you are not familiar with this tool, then read the KB article.

IORepl must be installed on a Windows 2003 Server as W2K8 is not supported. The Exchange 2003 Exchange System Manager must also be installed even if neither Exchange org is running Exchange 2003. Additionally, NetBIOS name resolution is required between the various Exchange organizations. These requirements may seem odd if your migration involves only Exchange 2007 or 2010 since it is very likely that none of them are currently deployed in either Exchange organization. However, I have learned the hard way that to successfully install and configure the tool, you need to follow this course of action.

To begin, build a Windows 2003 server that will host IORepl and install the following components:

  • IIS Services Snap-in
  • The Windows Server 2003 AdminPak
  • SMTP Service component
  • NNTP Service component

Note: A single server running IORepl can replicate folders in both directions. In other words, it can be both the publisher and subscriber.

To configure the infrastructure for IORepl, perform the following:

1. Create a service account in both organizations that the tool will use to access the Public Folder infrastructure

2. Mail-enable both accounts

3. Grant the service account admin permissions to the IORepl server

4. Apply owner permissions to the Public Folders to be replicated

  • Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:Owner -Identity "\<Top-Level Public Folder>"
  • Get-PublicFolder -Recurse | Add-PublicFolderclientPermission -User <ServiceAccount> -AccessRights:Owner

5. Create the required Public Folder for the publisher (the source Exchange server):

  • New-PublicFolder -Name "ExchsyncSecurityFolder"
  • Add-PublicFolderClientPermission -User PFRepl -AccessRights:FolderVisible -Identity "\ExchsyncSecurityFolder"
  • Remove-PublicFolderClientPermission -User Default  -AccessRights:Author -Identity "\ExchsyncSecurityFolder"
  • Remove-PublicFolderClientPermission -User Anonymous -AccessRights:CreateItems  -Identity "\ExchsyncSecurityFolder"

6. Create the required Public Folders for the subscriber (the destination Exchange server):

  • New-PublicFolder -Name <name of the root folder that will host the replicated folders from the other Exchange org>
  • Add-PublicFolderClientPermission -User <ServiceAccount>  -AccessRights:PublishingEditor -Identity "<name of folder above>"
  • New-PublicFolder -Name "ExchsyncSecurityFolder"
  • Add-PublicFolderClientPermission -User <ServiceAccount>  -AccessRights:FolderVisible -Identity "\ExchsyncSecurityFolder"
  • Remove-PublicFolderClientPermission -User Default  -AccessRights:Author -Identity "\ExchsyncSecurityFolder"
  • Remove-PublicFolderClientPermission -User Anonymous -AccessRights:CreateItems  -Identity "\ExchsyncSecurityFolder”

Note: To set up two-way replication, the above steps need to be performed in both organizations.

7. Install Exchange 2003 management tools and IORepl.

8. Follow the instructions in to set up replication using IORepl.

Ed Bratter

Ed Bratter

Ed has over 15 years’ experience in the IT industry as a Systems Consultant, Systems Engineer, and Technology Specialist. He architects, designs, and manages Active Directory, Exchange, Citrix, VMware, and RSA SecurID solutions for Gotham’s clients, and provides technical expertise for Active Directory, Exchange, and Citrix.