As of September 1, 2007, Add2Exchange and FolderMatic has been installed and tested and approved in an Exchange 2007 environment and has gained acceptance. DidItBetter Software provides the following information on usage with Exchange 2007.
Tip: We have many customers who have adopted Exchange 2007 and have installed our products in that environment with total success. Our corporate policy has still been to wait since although Exchange 2007 has many improved features, it does not have at least the same features as 2003. Until Microsoft makes some functionality enhancements, It has been our recommendations that since 2003 is no longer available - we suggest users buy the licenses to Exchange 2007 and downgrade the media and install 2003. Talk to your software representative for more details.
Usage of the Add2Exchange and FolderMatic Console application with Exchange 2007 is unchanged. Exchange 2007 only affects the configuration of permissions due to the new Exchange security model and the new user interface of Exchange itself (Exchange Management Console and PowerShell). The following are considerations and known issues for Exchange 2007:
Issue |
Description |
Upgrading Existing Relationships |
This concern is not applicable. Once a relationship has been made and cloned to other users, it is available in Exchange 2000-2007. |
Exchange Server Moves |
The Exchange server on an existing FolderMatic installation cannot be changed to a new server. Contact your sales representative to coordinate DidItBetter Technical Support for assistance. |
Public Folder Support |
Public Folders are not necessarily installed on Exchange 2007 installations but can be if it is an in place upgrade or added separately. Public folders are not a concern and are not required for normal FolderMatic operation but are if the folders to be used as a template are Public Folders. |
Permissions |
As long as the proper Permissions were given as specified to the ServiceSecurityGroup, and those folder permissions are inherited, then permissions are not an issue unless someone has changed the permissions since then. Changing the permission in the 2007 security model require a combination of Exchange Management Console and Exchange Management Shell configuration. |
Exchange Server Moves
The following is a table of the appropriate installation scenarios with regard to upgrades of existing FolderMatic installations:
Location |
Exchange 2007 on New Server |
FolderMatic Does Not Change Location (Exchange Server or independent Cloning Server) |
Change the Netbios name of the old Exchange Server to the new Exchange Server in the registry under local machine, software, Open Door Software and FolderMatic. Otherwise Contact DidItBetter for support at 800-837-8636 |
FolderMatic on New Server or in new location (Exchange Server or independent Cloning Server) |
Once Add2Exchange is installed, it can not just be uninstalled and moved to a new location. Unlike Add2Exchange, FolderMatic can just be uninstalled and reinstall to a new location. If installed to a new server, just make sure the Service Account is added to the new machines local Administrators group. |
Public Folders Support
Exchange 2007 attempts to do away with the Public Folder infrastructure by default on a new install, while upgrades from older versions of Exchange maintain Public Folders. For this reason, you do not need to be concerned if you are upgrading Exchange from an older version. However, Outlook 2003 as well as Add2Exchange both require Public Folder infrastructure to operate. On a new install, you must respond affirmatively that you have Outlook 2003 clients when asked during the install in order for Public Folders to be installed, allowing Add2Exchange to operate. Since FolderMatic does not require Public folders but can utilize them as a source folder structure, the changing permissions of public folders does not matter to the proper operation of FolderMatic unless you are copying from Public folders.
Permissions
Important: Because of the nature of synchronization across multiple mailboxes and the security model of Exchange 2007, the Service Account must be given Organizational-level administration permissions. This level of permissions is very powerful, so take prudent security measures to protect this account and follow all Microsoft recommendations for security best practices.
Prior to Exchange 2007, the Service Account could not be a part of the official Exchange Active Directory groups. With 2007, the security model has changed so that the Service Account must now be given the Exchange Organization Administrators role. This is done through the Exchange Management Console. In addition, special permissions must be given to the Service Account through the Exchange Management Shell (PowerShell).
Integration with Active Directory Users and Computers
Exchange 2007 no longer installs an Active Directory Users and Computers link as did previous versions of Exchange. Exchange Management Console now performs many of the functions formerly performed in the Active Directory Users and Computers console, such as user account creation and display of Exchange configurations on user accounts. While you can still perform many of these functions from the existing Active Directory Users and Computers console, it is recommended that you use the Exchange Management Console as much as possible as this is the approach used in DidItBetter Software's documentation.
Configuration of Service Account Permissions
These steps presume you have already begun the step-by-step instructions for installing Add2Exchange. If you have not already created the Security Group, begin with the section Prerequisite 1: Create a Security Group. You will be directed to these instructions at the appropriate step.
If you are upgrading your Exchange infrastructure and have an existing Service Account, see the section Removing Old Service Account Permissions, then continue with these instructions from this point:
Giving the Service Account the Organizational Administrator Role.
| 1. | Log onto the Administrator account on a system with the Exchange Management Console. |
| 2. | Open Exchange Management Console. |
| 3. | Select the Recipient Configuration list item in the left-hand pane. |
Recipient Configuration in Exchange Management Console
|
| 4. | Click New Mailbox... |
New Mailbox Dialog
|
| 5. | Make sure User Mailbox is selected and click Next >. |
User Type Dialog
|
| 6. | Make sure New User is selected and click Next >. |
User Information Dialog
|
| 7. | If you need to select an Organizational Unit or Active Directory container other than the default Users, do so now. You may click Browse... to select the Active Directory Container from a list. |
User Information Dialog
|
| 8. | Enter the account information as shown, or choose your own name for the Service Account. The account will be a full Exchange Organizational Administrator, so you may want to use your standard administrative password for easy recollection. Click Next > when ready. |
Mailbox Settings Dialog
|
| 9. | Leave the Alias setting at the default and, if there are multiple storage groups or mailbox databases, choose the appropriate one. Click Next >. |
| 10. | At the New Mailbox dialog, click New. The account and mailbox are created. Click Finish. |
Active Directory Users and Computers in Administrative Tools
|
| 11. | Open the Active Directory Users and Computers console from the Administrative Tools menu. |
FolderMatic Security Group
|
| 12. | Double-click the Security Group. |
Security Group Members
|
| 13. | Click Add... and select the Service Account. Click OK and click OK again. |
Giving the Service Account the Organizational Administrator Role
| 14. | Return to the Exchange Management Console. |
Organization Configuration in Exchange Management Console
|
| 15. | Click Add Exchange Administrator. |
|
| 16. | Click Browse... and select the Service Account. |
| 17. | Make sure Exchange Organization Administrator role is selected and click Add. |
| 18. | Click Finish. |
| 19. | Open Exchange Management Shell from the Start Menu. |
Exchange Management Shell in Exchange Server 2007 Program Group
|
| 20. | At the Exchange Management Shell prompt, enter the following command (use the appropriate name for the Security Group if it differs from the one shown): |
get-exchangeserver | add-adpermission -user Add2ExchangeSecurityGroup -accessrights genericall
You should receive output similar to the following:
Identity User Deny Rights
-------- ---- ---- ------
TESTING-152 TSTG-152\Add2ExchangeSecur... False
TESTING-152 TSTG-152\Add2ExchangeSecur... False CreateChild, DeleteChild
TESTING-152 TSTG-152\Add2ExchangeSecur... False Self, ReadProperty, WritePro...
TESTING-152 TSTG-152\Add2ExchangeSecur... False DeleteTree, ListObject, Dele...
Enter the command exit and press Enter to close the Exchange Management Shell.
Exchange 2007 permissions settings are now configured correctly. Continue with the section Conditional Prerequisite: Mailbox Management through Outlook to continue configuration and installation of Add2Exchange.