Restoring mail-enabled public folders after accidental deletion

Sometimes, your entire public folder tree gets accidentally deleted. Luckily for you, this has happened to enough of our customers that the steps to do an authoritative restore of Public Folders is outlined in https://blogs.technet.com/b/exchange/archive/2012/02/06/recovering-public-folders-after-accidental-deletion-part-1-recovery-process.aspx. Sometimes, after doing an auth restore of your PF, some or all of your mail-enabled PF aren't mail-enabled anymore. You're forced to mail disable and then mail enable each previously mail-enabled PF. Not only this, but you need to set up the email addresses, mail forwarding, and all the other settings for each MPF again. Why is that? Let's take a quick dive into how mail-enabled public folders work.

When you mail enable a PF, an Active Directory (AD) object of objectClass publicFolder is created inside the Microsoft Exchange System Objects (MESO) container.

[PS] C:\>Get-MailPublicFolder | fl legacy*,emailAddresses,externalEmailAddress,organizationalUnit,*forward*

LegacyExchangeDN : /O=PULSARWINDS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=F8B6366B5B039A4590816BCB85ED7832-00000000000E
EmailAddresses : {smtp:myLittlePF@pulsarwinds.com, smtp:mahuynh1@PulsarWinds.mail.onmicrosoft.com, SMTP:mahuynh1@pulsarwinds.com}
ExternalEmailAddress : expf:F8B6366B5B039A4590816BCB85ED7832-00000000000E
OrganizationalUnit : pulsarwinds.com/Microsoft Exchange System Objects
DeliverToMailboxAndForward : True
ForwardingAddress : pulsarwinds.com/Users/Administrator

When you mail disable a PF, its corresponding AD object in the MESO container gets deleted and thus all settings are lost. When you mail re-enable a PF, various fields like LegacyExchangeDN and ExternalEmailAddress calculate to the same values but other fields like email addresses and mail forwarding (highlighted above) are not preserved. For example:

[PS] C:\>Get-PublicFolder \mahuynh | Disable-MailPublicFolder -Confirm:$false
[PS] C:\>Get-PublicFolder \mahuynh | Enable-MailPublicFolder
[PS] C:\>Get-MailPublicFolder | fl legacy*,emailAddresses,externalEmailAddress,organizationalUnit,*forward*

LegacyExchangeDN : /O=PULSARWINDS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=F8B6366B5B039A4590816BCB85ED7832-00000000000E
EmailAddresses : {smtp:mahuynh1@PulsarWinds.mail.onmicrosoft.com, SMTP:mahuynh1@pulsarwinds.com}
ExternalEmailAddress : expf:F8B6366B5B039A4590816BCB85ED7832-00000000000E
OrganizationalUnit : pulsarwinds.com/Microsoft Exchange System Objects
DeliverToMailboxAndForward : False
ForwardingAddress :

The easiest resolution here is to restore the deleted publicFolder AD objects. If your forest functional level is below 2008 R2, you'll have to do an auth restore of the MESO container to a backup taken before the PF tree deletion. Otherwise, you can use the AD recycle bin, which I will show you now.

First, ensure Active Directory module for Windows PowerShell is installed on your domain-joined computer. Launch a PowerShell window, load the AD module, and find your deleted PF objects.

Import-Module ActiveDirectory
cd AD:
$deletedMPF = Get-ADObject –SearchBase "CN=Deleted Objects,DC=pulsarwinds,DC=com" -Filter {lastKnownParent -eq 'CN=Microsoft Exchange System Objects,DC=pulsarwinds,DC=com' -and objectClass -eq 'publicFolder'} -IncludeDeletedObjects -Properties *

You can drill into the objects to selectively pick out which ones you want to restore. Let's say I wanted to identify only objects deleted since midnight and restore them.

PS AD:\> $recentlyDeletedMPF = $deletedMPF | ? {$_.whenChanged -gt "7/2/2015"}
PS AD:\> $recentlyDeletedMPF | sort whenChanged -desc | ft mail,whenChanged -auto

mail whenChanged
---- -----------
mahuynh1@pulsarwinds.com 7/2/2015 4:26:11 PM

PS AD:\> $recentlyDeletedMPF | Restore-ADObject

Pretty easy and nifty, eh? Now go find out who deleted your PF tree and discipline them!