Sometimes we hear of issues where specific Exchange Online users are not able to view\access specific Exchange Online public folders using OWA or Outlook. The reason behind these issues is often related to the public folder mailbox that specific user is connected to, or permissions on public folders.
How do clients (Outlook or OWA) connect to public folders?
When users try to expand public folder information, the client connects to the assigned public folder mailbox for the signed-in user to access the required public folder information through a series of steps.
Outlook desktop client (Windows or MacOS):
Outlook on the web (OWA) client (and the new Outlook for Windows client):
Public folder access using OWA will work only if PublicFolderEnabled is set to Local and public folder deployment is active in Exchange Online.
For more information about the selection process logic for the public folder mailbox using Autodiscover service please check this article.
How does the service assign public folder mailboxes to users?
Depending on the value of PublicFoldersEnabled parameter on the Exchange Online organization configuration we can determine where public folders environment is located (on-premises or in the service). The following table describes possible values of PublicFoldersEnabled and what it means for clients accessing public folders.
PublicFoldersEnabled |
Description |
Local |
This is the default state, indicating the clients will access public folders in Exchange Online. |
Remote |
This state indicates that public folders are deployed on-premises or are in the process of migration. Only Outlook desktop clients can access public folders in this state, provided the public folders are configured for access in hybrid configuration. Check this article for more details. |
None |
No clients can access public folders in this state. |
Here are more details about each scenario:
Scenario 1: public folders are hosted in Exchange online (PublicFoldersEnabled: Local)
End-users using Outlook or OWA connect to cloud public folder mailboxes to access\view public folder information. There are two user mailbox properties that control the assignment of public folder mailboxes to users:
Tenant admins should be careful when overriding system assigned PF mailbox and should not overload a single PF mailbox with too many user sessions. The recommendation is to have up to 500-600 users configured with a single PF mailbox. Additionally, ensure that the public folder mailbox is healthy.
How are public folder mailboxes assigned to users?
Exchange Online uses fully synchronized public folder mailboxes that are not excluded from serving hierarchy, then starts to load balance and assign these mailboxes to users using the EffectivePublicFolderMailbox parameter to ensure that users are always retrieving consistent public folder information.
Scenario 2: Public folders are hosted on-premises (PublicFoldersEnabled: Remote)
When admin configured public folders for co-existence, following the article either for Legacy or Modern public folders, on-premises public folder/proxy mailboxes are synced to Exchange Online using Azure ADConnect tool as mail enabled users. These synced mail-enabled objects are stamped in RemotePublicFolderMailboxes parameter in the Exchange Online organization configuration. The service uses these mail-enabled objects on RemotePublicFolderMailboxes parameter to load balance and assign them to users using EffectivePublicFolderMailbox. Admins can bypass that service assignment by stamping requested mail-enabled object on user mailbox using DefaultPublicFolderMailbox parameter. Only Outlook desktop (Mac and Windows) client can connect to the remote public folder mailbox to retrieve public folder hierarchy. That is illustrated via the PublicFolderInformation field on the Autodiscover service initiated by Outlook to retrieve connection settings for the on-premises public folder mailbox.
How to quickly mitigate a problem of some users that are not able to access\view specific public folder?
Admin could retrieve the EffectivePublicFolderMailbox/DefaultPublicFolderMailbox stamped on a working user and override the same value stamped on the affected user. This can be achieved using the following commands:
Get-Mailbox “replace with working user email address” |fl DefaultPublicFolderMailbox, EffectivePublicFolderMailbox
Set-Mailbox “replace with affected user email address” -DefaultPublicFolderMailbox “replace with retrieved public folder mailbox”
Consider the following: it’s not recommended to use root/primary public folder mailbox to serve hierarchy or assign specific secondary public folder mailbox to many users. Avoid causing exhaustion for the assigned specific public folder mailbox. Read more about public folder deployment best practices here.
To troubleshoot and mitigate the problem over the affected public folder mailbox please check this article. Once you managed to solve the sync problem with that affected public folder mailbox, revert back the change done affected users to let the service control the assigning of public folder mailboxes again. The stamped value of DefaultPublicFolderMailbox parameter on previously affected users should be set to null and the system will start to assign a fully synchronized public folder mailbox that is not excluded from serving hierarchy using EffectivePublicFolderMailbox parameter on that specific mailbox. This can be achieved using the following command:
Set-Mailbox “replace with user email address” -DefaultPublicFolderMailbox $null
How to go about troubleshooting any public folder connectivity scenario?
Admins can leverage cannot access public folders diagnostic tool in Microsoft 365 admin center to assist them diagnose the issue properly for any public folder connectivity scenario.
Let’s clarify some troubleshooting steps to follow if a user can’t connect to public folders using Outlook:
Consider the following scenario: Exchange Online user is not able to access\view remote on-premises public folders using Outlook and is getting something like the generic “Cannot expand the folder” error.
<PublicFolderInformation><SmtpAddress>pf@domain.com</SmtpAddress></PublicFolderInformation>
Set-RemoteMailbox -identity User -EmailAddresses @{add=”X500:replace with cloud LegacyExchangeDN”}
Special thanks to Bhalchandra Atre and Nino Bilic who reviewed and contributed to this post.
Hazem Embaby
Support Escalation Engineer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.