Hi. we have an exchange 2003 org, with two admin groups, administered by different groups of admins. there is an incomplete replica of the public folder tree in each admin group - so each admin group shares some folders, but also has unique content. each admin group contains a number of public folder servers that have complete replicas of each admin groups content. it appears that users from one admin group are accessing the public folder servers in the other admin group, despite the "default public folder store" being set correctly on each mailbox store. what would be the best way to go about denying access to the public folder replicas to users from the other admin group?

Issue description: You want to disallow users to access the public folder server cross AGs Assuming that you are using exchange 2003, we shall set public folder referrals to accomplish this task, exchange uses it to control the public folder redirect process. Method 1: We shall base on the routing groups structure to configure the referrals, as the referrals can be restricted on the connectors How to Configure a Connector to Allow or Block Referrals from One Routing Group to Another Method 2: However, if your servers in the two AGs spread among different routing groups, then block the referrals on the connectors is not the option. We must configure servers to use specific list of servers and costs for referrals For exchange 2003 only: In ESM, Properties of server, public folder referrals tab, change the option from Use Routing Group to Use Custom List, and then add the server you want Additional: If you are using exchange 2007, the basic theory above still works, with different method to achieve References: Public Folder Referrals

Hi James, Thanks for this. i guess option 2 is the one for us. as i understand it, listing the local admin group servers will only work for content that is replicated to the localAG - if there is exclusive content in the other AG the users will still use the public folder servers in the other AG?

If there is exclusive content in the other AG the users will still use the public folder servers in the other AG? Your question is, would clients use public folder servers again in other AGs if the data they want only exists at there, after we applies method 2, right? No, users wont be able to redirect to other AGs after we set a custom list for users, itll control how the server redirect users among the public folder servers, the servers in the custom list is only the allowed If you need more info about this method, please download this document and review the customizing public folder referrals section