Exchange 2000 Server makes several important changes to public folders. These changes include the following:
In Exchange 2000 Server, you can create multiple public folder trees for a variety of purposes. For instance, suppose that you have a project team composed of three internal LAN clients, two users in your company at remote locations, and three consultants outside your organization. You can create a public folder tree for these users that is separate from the default public folder tree (Figure 2-11).
Figure 2-11. Multiple public folder trees.
Each public folder tree stores its data in a single public folder store on a per-server basis. You can replicate specific folders in the tree to every server in your company that has a public folder store associated with that public folder tree. The default public folder tree is available via MAPI, IMAP4, Network News Transfer Protocol (NNTP), and HTTP. Additional public folder trees are available only to HTTP and NNTP clients but not to internal LAN clients unless they use HTTP or NNTP to connect to the public folder tree.
By default, when a public folder is created, only one copy of it exists within the organization. If you like, you can replicate this public folder to other servers for redundancy, accessibility, and fault tolerance. Figure 2-12 shows how to use the Replication tab on the folder's property sheet to specify folders that will receive a replica of your public folder. You can also configure the replication schedule and the priority of the replication messages.
Figure 2-12. Specifying replication for a public folder.
Exchange 2000 clients really don't care which replica of a public folder they connect to. However, we administrators do care, for a variety of reasons. It is worth noting that when a client attempts to connect to a replica of a public folder, it looks for the replica in the following sequence of locations:
If two or more remote routing groups have the same connector costs, the servers containing the public folder replica are pooled together and selected at random as if they were in the same routing group. You should consider carefully before configuring a mailbox store to use a server in a remote routing group as its default public folder store. If you have slow or unreliable WAN links between your routing groups, your users may very well saturate your bandwidth if they heavily access public folders across the WAN link. It is best to choose a default public folder server that is in the same Windows 2000 site and Exchange 2000 routing group as the client's home mailbox store. In addition, consider pulling in replicas from remote public folder servers for clients who access these folders heavily.
Figure 2-13. The default public store for a client.
Whereas previous version of Exchange used the security system embedded in the information store, Exchange 2000 Server uses the Windows 2000 Active Directory to enforce security. Hence, the new security model implements several important principles.
The first is that access control can be applied to any resource, not just the public folder. This capability enables you to apply security settings individually to items in the folder and to properties on the items. Second, Exchange 2000 Server no longer uses roles because the security system no longer emanates from the information store. Instead, permissions to administer Exchange 2000 Server are created in Active Directory. Third, as a further integration with Active Directory, the security identifiers (SIDs) for the user and group objects are used in the object's access control list (ACL). Anonymous access permissions are assigned to the special anonymous logon account, and default access permissions are assigned to the Everyone group. Finally, permissions can be denied on a per-user, per-object, or per-property basis. Deny permissions are processed first and take precedence over granted permissions.
NOTE
You can still use the Outlook client to assign permissions to a public folder. It will show the Exchange 5.5 style of roles and permissions, but Active Directory will not directly map these roles to Active Directory permissions.