My dad is a long-time woodworker, and he and I recently built a new bed for my 9-year-old son. This process was greatly simplified by the fact that my dad's woodshop has more equipment than the local Home Depot. For every step of the bedmaking process, he had just the right tool (being able to find the tool was another matter, alas). The same thing is true of Exchange Server: Having the right tools can make complex tasks much easier. So, for the next few weeks, I'm going to examine some lesser-known tools that are well suited for particular Exchange administration tasks. This week, I want to discuss PFDavAdmin, an ubertool for accessing and modifying various public folder properties by using the Web Distributed Authoring and Versioning (WebDAV) protocol instead of Messaging API (MAPI). Like my dad's table saw, PFDavAdmin is extremely useful, but you must use it carefully to avoid cutting off something important.
PFDavAdmin works by using WebDAV to view and set properties of the public folder trees in your Exchange organization. The tool supports multiple public folder top-level hierarchies (TLHs); MAPI tools support only the primary MAPI-based TLH because that's the only TLH that MAPI can access. (PFDavAdmin's primary use, though, is against the primary TLH because that's all most people use.)
Once you've installed PFDavAdmin (and the Microsoft .NET Framework, which the tool requires), you can start using it to work magic. One common use for the tool is fixing the Windows permissions error described in the Microsoft article "XADM: Error Message When You Set Permissions on Public Folders: Invalid Windows Handle ID No: 80040102 Exchange System Manager" ( http://support.microsoft.com/?kbid=313333). This infamous error happens when you use Windows Explorer instead of Exchange System Manager (ESM) to set folder permissions; Explorer mangles the discretionary ACL (DACL) so that Exchange can't read it. (Fortunately, most admins know by now not to use the M drive, so you might never need to use PFDavAdmin for this task.)
Apart from cleaning up DACLs, PFDavAdmin lets you selectively propagate individual ACL entries on a folder, the folder's hierarchy, or items within the folder--without overwriting the existing ACL. You can use this feature to add or remove access for a group or user without having to manually reset permissions on all the target's parent and child folders.
A more prosaic (but still valuable) use for the tool is documenting the contents of your public folder hierarchy. I'm always amazed when I see sites that have thousands of public folders--how do they keep up with which folders still exist and who has rights to them? PFDavAdmin can export the public folder hierarchy as a text file and can emit replica lists that show which folders are replicated where. This type of information is invaluable when troubleshooting replication problems and is also useful during disaster recovery, especially because you can use the data in conjunction with the trick described in the Microsoft article "XADM: How to Send Replication Status Request Messages in Exchange 2000 Server" ( http://support.microsoft.com/?kbid=321082 ) to force a server to update its local copy of the hierarchy.
