Nomad_Soul - Fotolia


Access Exchange 2013 public folders in a hybrid setup

Organizations that have a hybrid setup with on-premises Exchange 2013 often need a way for users to access Public Folders with mailboxes in the cloud.

The Public Folders feature has been a part of Exchange for many years. And although Microsoft and IT admins might...

prefer they didn't exist, they are useful and end users love them.

In Exchange Server 2013 and Exchange Online, Microsoft removed many of the pains IT admins faced with modern Public Folders. These systems store Public Folder content inside special Public Folder mailboxes, allowing them to be stored within Mailbox Databases. Modern Public Folders use Database Availability Groups for high availability and replication.

Organizations that want to implement a hybrid coexistence with on-premises Exchange 2013 need to give end users, with mailboxes hosted in the cloud, access to Public Folders. However, Microsoft's documentation only covers legacy versions of Exchange. This tip shows how to configure Exchange 2013.

Putting it into practice

Goodman Industries is a hypothetical company with a pure Exchange Server 2013 environment that's installed and configured on-premises. It also has Office 365 Directory Sync and an Exchange hybrid configuration. The Exchange Admin Center shows the organization has two Public Folder mailboxes containing the public folder hierarchy and public folders for the organization (Figure 1).

Public Folder configuration
A Public Folder on-premises configuration

As hybrid Exchange is configured, mailboxes can move to the cloud and email flow is configured. Users who have their mailboxes migrated to Office 365 must be able to access on-premises Public Folders using Outlook.

Configure Public Folder co-existence

To set up access to Exchange 2013 Public Folders from Exchange Online, we'll need to perform the following tasks:

  • Verify AutoDiscover and Outlook Anywhere (or MAPI/HTTP) is configured and working externally.
  • Ensure Public Folder mailboxes are in-scope for Directory Synchronization.
  • Configure the Office 365 tenant so it knows Public Folders are located on-premises and enter the Public Folder mailbox names.
  • If mail-enabled Public Folders are in use, import mail-enabled Public Folder email addresses into Office 365 so they show in the Global Address List (GAL), or configure the on-premises domains as an internal relay domain.

When Outlook connects to Office 365, it uses Autodiscover to find the correct server names. This needs to work for clients for the initial setup with Office 365 in a hybrid environment and for discovery of Public Folders.

Once Public Folder coexistence is configured, the Outlook client will connect directly to Exchange 2013 servers rather than through Office 365. As part of the initial Autodiscover process, Office 365 will return the Public Folder mailbox address, which triggers the client to initiate a secondary Autodiscover process. In most scenarios, it then must connect using Outlook Anywhere (or MAPI/HTTP, if enabled) to the on-premises Exchange 2013.

Use the Microsoft Remote Connectivity Analyzer to test Outlook connectivity and ensure Outlook Anywhere works for external clients (Figure 2).

Remote Connectivity Analyzer for Outlook Anywhere
Use the RCA to test Outlook Anywhere.

Our next step is to ensure that the on-premises Public Folder mailboxes have Active Directory attributes copied to Office 365. This is so Exchange Online can return the right addresses as part of the Autodiscover response.

If your organization uses DirSync or Azure AD Sync Services and has filtering set up, open the FIM Console or Synchronization Service Manager. On the Connectors tab, open the AD connectors and choose Configure Directory Partitions. Ensure that the Containers containing the Public Folder mailboxes are within scope (Figure 3).

DirSync/Azure AD Sync scopes
Alter the DirSync/Azure AD Sync scope.

Run a full sync if any changes are made to the scope. With Azure AD Sync Services, this is triggered by navigating to the installation directory of Azure AD Sync and executing DirectorySyncClientCmd.exe with the initial parameter (Figure 4).

Azure AD Sync Services sync
Execute a full sync with Azure AD Sync Services.

After testing Autodiscover and ensuring the Public Folder mailboxes are synchronized to Office 365, the next step is to configure Public Folder access and mail flow for mail-enabled Public Folders. There are two ways to accomplish this.

First configuration method

If the visibility of mail-enabled Public Folders in the GAL isn't essential, configure the Exchange Online Organization Config. Start by connecting to Exchange Online using PowerShell then use the Set-OrganizationConfig cmdlet. Substitute the Public Folder Mailbox names with on-premises Public Folder Mailboxes:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Set-OrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes PFMailbox01,PFMailbox02

There are just a few steps to complete this configuration method and allow mail routing to on-premises mail-enabled Public Folders that aren't in the GAL. Configure the on-premises domain as Internal Relay in the Exchange Online Admin Center with Mail Flow Accepted Domains (Figure 5).

Internal relay domain configuration
Configure an internal relay domain.

Second configuration method

The second and most recommended approach is to configure the organizational configuration and create objects in Office 365 to represent mail-enabled Public Folders.

Scripts for legacy versions of Exchange are available to accomplish this, but you must use a custom script for Exchange 2013. The following script should be altered to list the on-premises Public Folder Mailbox names and executed from an Exchange Management Shell. This will connect to the on-premises Exchange 2013 Servers and Exchange Online. Because two sets of Exchange cmdlets are in use, Exchange Online cmdlets are prefixed with Cloud:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic –AllowRedirection

Import-PSSession $Session -Prefix Cloud

Set-CloudOrganizationConfig -PublicFoldersEnabled Remote -RemotePublicFolderMailboxes PFMailbox01,PFMailbox02


# Get On-Premises Exchange 2014 Mail-Enabled Public Folders

$MailPublicFolders = Get-MailPublicFolder

foreach ($MailPublicFolder in $MailPublicFolders)



    # Create equivalent sync folders in Office 365

    $EmailAddresses = @()

    foreach ($EmailAddress in $MailPublicFolders.EmailAddresses)




    $EmailAddresses+= "X500:$($MailPublicFolder.LegacyExchangeDN)"


    New-CloudSyncMailPublicFolder -Name $MailPublicFolder.Name -Alias $MailPublicFolder.Alias -EntryId $MailPublicFolder.EntryId -EmailAddresses:$EmailAddresses -HiddenFromAddressListsEnabled:$MailPublicFolders.HiddenFromAddressListsEnabled

    Set-CloudMailPublicFolder $MailPublicFolder.Name -DisplayName $MailPublicFolder.DisplayName -WindowsEmailAddress $MailPublicFolder.WindowsEmailAddress.ToString()





Test clients

After enabling access to on-premises Public Folders in Exchange Online, admins can access the on-premises Public Folder tree the next time an Outlook client launches. The user experience will be the same to an on-premises end user when accessing the Public Folder hierarchy (Figure 6).

Use Office 365 Mailboxes to access on-premises Public Folders
Access Public Folders on-premises with an Office 365 Mailbox.

This is configured as part of the AutoDiscover process, where Office 365 provides Outlook with the email address of a Public Folder mailbox. Outlook then discovers the on-premises servers and makes an additional connection.

The connection can be verified by opening the Outlook Connection Status window, available by holding down the CTRL key whilst right-clicking the Outlook icon in the Windows notification area (Figure 7).

Outlook Connection Status window

About the author:
Steve Goodman is an Exchange MVP and works as a technical architect for one of the U.K.'s leading Microsoft Gold partners. Goodman has worked extensively with Microsoft Exchange since version 5.5 and with Office 365 since its origins in Exchange Labs and [email protected]

Dig Deeper on Exchange Server setup and troubleshooting