Difference between revisions of "Archiving Emails from Microsoft Exchange 2013"

[unchecked revision][checked revision]
(Created page with "'''Please note:''' This tutorial only covers the specifics of archiving a Microsoft Exchange 2013 server. It is assumed that you already have a MailStore Server installation o...")
 
 
(40 intermediate revisions by 4 users not shown)
Line 1: Line 1:
'''Please note:''' This tutorial only covers the specifics of archiving a Microsoft Exchange 2013 server. It is assumed that you already have a MailStore Server installation or [http://www.mailstore.com/en/lp/sendlicense.aspx test installation] and are familiar with the fundamentals of MailStore Server. Please refer to the [[MailStore_Help|Manual]] or the [[Quick Start Guide]] for more information.
+
{{Multiline_Notices|Heading=Important Notice|{{3rd_Party_Product_EOL_Notice|Exchange 2013|Microsoft}}}}
  
MailStore Server offers several ways to archive emails from a Microsoft Exchange 2013 server, which are described below. If you are not sure which archiving method best suits your company, please refer to chapter [[Choosing the Right Archiving Strategy]].
 
  
= Synchronizing Users =
+
{{Implementation Guide Preamble|Microsoft Exchange 2013}}
  
As Microsoft Exchange requires the existence of an Active Directory, it is recommended to set up a synchronization as described in chapter [[Active Directory Integration]] of the MailStore Server manual.
+
== Synchronizing Users ==
 +
{{Archiving Exchange Synchronizing Users|Microsoft Exchange 2013}}
 +
== Archiving Individual Mailboxes ==
 +
{{Archiving Single Mailbox Preamble|Microsoft Exchange 2013}}
 +
{{Archiving Exchange Single Mailbox}}
  
= Archiving Individual Mailboxes =
+
== Archiving Multiple Exchange Mailboxes Centrally ==
 +
{{Archiving Multiple Mailboxes Preamble|Microsoft Exchange 2013}}
  
{{:Includes:Archiving an Exchange Mailbox}}
+
=== Step 1: Setting up a service account for accessing mailboxes ===
 +
To archive multiple mailboxes at once, a service account with access access to all mailboxes to be archived needs to be created first. To be able to set up such an account, you must be a member of the ''Organization Management'' role group. There are two methods to configure the service account:
  
= Archiving Multiple Exchange Mailboxes Centrally =
+
==== Method 1: Setting up the service account through the ''Exchange admin center'' ====
With MailStore, some or all mailboxes of an Exchange server can be archived in a single step. All necessary preparations, such as creating MailStore users, can be made automatically. The archiving process can be executed manually or automatically according to a schedule.
 
  
== Step 1: Setting up a central user for accessing mailboxes ==
+
* Create an unprivileged domain user (e.g. ''MailStore Server'').
 +
* Log on to the ''Exchange admin center'' of your Microsoft Exchange environment.
 +
* Navigate to ''permissions''.
 +
* Under ''admin roles'' select ''+ (New)''.
 +
*: [[Image:Arch_exchange2013_multi_01.png|center|550px]]
 +
* Enter a meaningful name (e.g. ''MailStore Impersonation'') and description for the new role group.
 +
* Under ''Roles'' add the role ''ApplicationImpersonation''.
 +
* Under ''Members'' add the user you've created above.
 +
* Click on ''Save'' to create the new role group.
 +
* Continue with step 2.
  
Before the archiving process can be set up in MailStore, a user with access to all mailboxes to be archived has to be created. The corresponding method is called ''impersonation'' in Microsoft Exchange.
+
==== Method 2: Setting up the service account through the ''Exchange Management Shell'' ====
  
The following preconditions have to be met to be able to configure Exchange Impersonation:
+
* Create an unprivileged domain user (e.g. ''[email protected]'').
 
+
* Open a Microsoft Exchange Management Shell session on the Microsoft Exchange 2013 Server.
* Administrative access to the Microsoft Exchange 2007 system on which the Client Access Role is installed
+
* Enter the following command:
* Domain Administrator privileges
+
<div style="margin-left: 2.5em;">
* An installation of Remote PowerShell on the machine which is used to execute the commands or access to the Exchange 2013 Server via Remote Desktop.
+
<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
 
+
New-ManagementRoleAssignment -Name:"MailStore Impersonation" -Role:ApplicationImpersonation -User:mailstore@example.com
The following commands are executed in the Microsoft Exchange Management Shell:
+
</source>
 
+
</div>
'''Add access privileges'''
+
* ''Optional:'' Enter the following command to check the role assignment:
  New-ManagementRoleAssignment -Name:"MailStore Impersonation" `
+
<div style="margin-left: 2.5em;">
    -Role:ApplicationImpersonation -User:serviceaccount@domain.tld
+
<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
 
+
Get-ManagementRoleAssignment -Role:ApplicationImpersonation -RoleAssigneeType:User | Format-List *
<p class="msnote">'''Important notice:''' <tt>[email protected]</tt> is the user account in UPN (User Principal Name) notation which you will use to access the mailboxes from MailStore. Please make sure that this user is '''not''' a member of any Exchange or Windows administrative group.</p>
 
 
 
'''Check access privileges'''
 
 
 
  Get-ManagementRoleAssignment -Role:ApplicationImpersonation -RoleAssigneeType:User `
 
    | Format-List *
 
 
   
 
   
  Get-ManagementRoleAssignment -Identity:"MailStore Impersonation" `
+
Get-ManagementRoleAssignment -Identity:"MailStore Impersonation" | Format-List *
    | Format-List *
+
</source>
 
+
</div>
 
+
* ''Optional:'' Enter the following command to remove the role assignment:
'''Remove access privileges'''
+
<div style="margin-left: 2.5em;">
 
+
<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
The following command is only to be used, if you want to remove access privileges from '''''[email protected]'''''
+
Remove-ManagementRoleAssignment "MailStore Impersonation"
Remove-ManagementRoleAssignment "MailStore Impersonation"
+
</source>
 
+
</div>
== Step 2: Configuration of MailStore Server ==
 
 
 
{{:Includes:Centrally_Archiving_Multiple_Exchange_Mailboxes}}
 
 
 
= Archiving Incoming and Outgoing Emails Directly =
 
With the support of the Exchange Server Journaling functionality, MailStore can archive the incoming and outgoing emails of all users automatically. This is the only way to ensure that all emails are archived in their entirety
 
 
 
== Basic Functionality ==
 
Microsoft Exchange Server provides the option to take down all incoming, outgoing and internal email traffic. At the time of sending and receiving, a copy of the respective email is created and stored in a mailbox called Journal Mailbox. Additionally, the email is provided with a Journal report containing information about the actual senders and recipients.
 
 
 
MailStore can be configured to archive this Journal mailbox at regular intervals. During this process, the emails from the Journal mailbox will be assigned to their respective MailStore users (i.e. their user archives) automatically. This means that all users are able to view only their own emails.
 
 
 
Before the archiving process can be set up in MailStore, Journaling has to be set up for the Exchange Server. Please proceed as follows:
 
  
== Step 1: Creating a Mailbox for Journaling ==
+
=== Step 2: Configuration of MailStore Server ===
 +
{{Archiving Exchange Multiple Mailboxes}}
  
To set up a new Exchange user with a meaningful name, e.g. journal, please proceed as follows:
+
== Archiving Incoming and Outgoing Emails Directly ==
 +
{{Archiving Exchange Journal Mailbox Preamble|Microsoft Exchange 2013}}
  
* Start the Exchange Management Console and click on ''Recipient Configuration''.
+
=== Step 1:  Creating a Mailbox for Journaling ===
* Click on New Mailbox.
+
{{Archiving Exchange Create Journal Mailbox|2013}}
* Select ''User Mailbox'' and click on ''Next''.
+
=== Step 2: Configuring Exchange Journaling ===
* Select ''New User'' and click on ''Next''.
+
{{Configuring Exchange Journaling Preamble|Microsoft Exchange 2013}}
* Enter ''journal'' as user name (see screen shot below) and confirm by clicking on ''Next''.
+
==== Alternative 1: Configure Standard Journaling ====
[[File:Xchg_jour_2013_01_en.png|center|478px]]
+
* Log on to the ''Exchange admin center'' of your Microsoft Exchange environment.
* Click on ''Browse'' to select a mailbox database and click on Next.
+
* Select the ''servers'' menu item.
* Confirm the summary by clicking on ''New''. The user ''journal'' is created.
+
* On the ''databases'' tab, doubleclick on the mailbox database for which you want to set up journaling.
 +
* Select the ''maintenance'' tab.
 +
* Click on ''browse...'' next to the ''Journal recipient:'' box.
 +
* Select the user that was created in step 1 from the recipient list and confirm with ''OK''.
 +
*:[[File:Xchg_jour_2013_02a.png|center|480px]]
 +
* Click on ''save'' to confirm the changes.
  
== Step 2: Configuring Exchange Journaling ==
+
==== Alternative 2: Configure Premium Journaling ====
 
+
* Log on to the ''Exchange admin center'' of your Microsoft Exchange environment.
Two types of journaling are available in Exchange 2013: standard and premium journaling. While standard journaling always includes all send and received emails of a mailbox database, premium journaling can be limited to particular recipients or distribution lists and the scope (internal, external, global) of the journal rule can be defined. Additionally premium journaling rules can be replicated throughout the whole Exchange organization.
+
* Select the ''compliance management'' menu item.
 
+
* On the ''journal rules'' tab, click on ''+ (New)''.
<p class="msnote">'''Notice:''' Premium journaling requires Exchange Enterprise CALs.</p>
+
* The dialog window ''New Journal Rule'' opens:
 
+
*:[[File:Xchg_jour_2013_02b.png|center|480px]]
=== Configure Standard Journaling ===
 
 
 
Open the Exchange Management Console. In the tree structure, open ''Organization Configuration'' and then ''Mailbox''.
 
 
 
* Click on the ''Database Management'' tab.
 
* Right click on the mailbox database for which you want to set up standard journaling and select ''Properties'' and then select the ''Maintenance'' tab.
 
* Tick ''Journal Recipient'' and click on ''Browse''
 
* Select the user from the recipient list that was created in step 1 and confirm with ''OK''
 
* The following screenshot shows an example of a standard journaling configuration:
 
*:[[File:Xchg_jour_2013_02a_en.png|center]]
 
* To confirm the changes and active the journaling, click on ''OK''.
 
 
 
Once the new configuration has come into effect, a copy of all incoming and outgoing emails is stored in the Journal mailbox (along with a report). MailStore can now be configured to archive the Journal mailbox in regular intervals as described below.
 
 
 
===  Configure Premium Journaling ===
 
 
 
Open the Exchange Management Console. In the tree structure, open ''Organization Configuration'' and then ''Hub Transport''. Click on the ''Journal Rules'' tab and in the area on the right on ''New Journal Rule''.
 
 
 
The dialog window ''New Journal Rule'' opens:
 
 
 
[[File:Xchg_jour_2013_02b_en.png|center|478px]]
 
 
* Enter a name for the journal rule, e.g. ''Journaling''.
 
* Enter a name for the journal rule, e.g. ''Journaling''.
* Click on ''Browse'' and select the user "journal" created above.
+
* In the ''If the message is sent to or received from...'' section select whether the rule should apply to all messages or to specific users or groups.
* Under ''Scope'', choose ''Global'' to capture all messages, ''Internal'' to capture internally sent messages only, or ''External'' to capture only those message with an external sender or recipient.
+
* Under ''Journal the following messages...'', choose whether to capture all messages, internally sent messages only, or only those messages with an external sender or recipient.
* Make sure that the checkbox ''Enable Rule'' is activated.
+
* In the ''Send journal reports to:'' box, enter the email address of the user created in step 1.
* Click on ''New'' to activate the rule. Please keep in mind that in complex Microsoft Exchange environments it may take several minutes until the new rule becomes effective.
+
* Click on ''save'' to activate the rule. Please keep in mind that in complex Microsoft Exchange environments it may take several minutes until the new rule becomes effective.
 
 
Once the new configuration has come into effect, a copy of all incoming and outgoing emails is stored in the Journal mailbox (along with a report called ''Envelope''). MailStore can now be configured to archive the Journal mailbox in regular intervals as described below.
 
 
 
== Step 3: Configuration of MailStore Server ==
 
 
 
{{:Includes:Archiving_an_Exchange_Journal_Mailbox}}
 
 
 
= Public Folders =
 
 
 
MailStore Server can archive the emails from the public folders of Microsoft Exchange servers and make them available to some or all MailStore users. The archiving process can be executed manually or automatically according to a schedule.
 
 
 
== Preparation ==
 
 
 
During archiving, emails are always assigned to individual users. Even when archiving a public folder, the user (or the user archive), for whom the emails are to be archived, has to be specified.
 
 
 
For this reason, first create a MailStore user for whom the public folder is to be archived. This user can be called publicfolder, for example. Next, all other users can be given access to the archive of the user publicfolder. This way, the archived content of the public folder is available to all MailStore users.
 
 
 
If MailStore users are not to have access to the archived public folder, skip this step and simply archive the emails to the user archive of the administrator (admin).
 
 
 
Information about how to create a new user in MailStore is available in the chapter [[Users,_Folders_and_Settings#User_Management|User Management]].
 
 
 
To be able to access all objects stored in all public folders without any problems, it is recommended to execute the following commands on the Exchange 2013 server hosting the respective public folders.
 
 
 
* First, add the role ''Public Folder Management'' to a <tt>[email protected]</tt>
 
  Add-Rolegroupmember -Identity "Public Folder Management" -Member serviceAccount
 
 
 
* Next, use the PowerShell Script '''AddUsersToPfRecursive.ps1''' to add "Editor" permissions for all public folders. Execute it within the Exchange Management Shell.
 
  .\AddUsersToPfRecursive.ps1 -TopPublicFolder "\" -User [email protected] -Permission Editor
 
 
 
<tt>[email protected]</tt> is now able to read, write and delete all objects stored in public folders. Don't forger to substitute <tt>[email protected]</tt> with the Windows Useraccount in UPN (User Principle name) notation you want to use for archiving.
 
 
 
{{:Includes:Archiving_an_Exchange_Public_Folder}}
 
 
 
= Shared Mailboxes =
 
 
 
Shared mailboxes are not primarily associated with individual users and are generally configured to allow logon access for multiple users.
 
 
 
Although it is possible to grant additional users the logon rights to any mailbox type, shared mailboxes are dedicated for this functionality. The Active Directory user associated with a shared mailbox must be a disabled account. After you create a shared mailbox, you must grant permissions to all users that require access to the shared mailbox.
 
 
 
== Archiving Shared Mailboxes ==
 
 
 
As the active directory account of a shared mailbox is disabled, neither the ''Multiple Mailboxes'' nor the ''Single Mailbox'' archiving profiles can be used in MailStore.
 
 
 
In order to archive emails from a shared mailbox you must grant a user account full access to that mailbox (either by delegated access or impersonation). This can be the service account you created in [[Archiving_Emails_from_Microsoft_Exchange_2013#Archiving_Multiple_Exchange_Mailboxes_Centrally|Archiving Multiple Exchange Mailboxes Centrally]].
 
 
 
Once you have created the service account, setup a new ''Single Mailbox'' archiving profile. Enter the credentials of the service account and fill the optional ''Mailbox'' field with the e-mail address of your shared mailbox.
 
 
 
Further steps are analogue to the archiving of individual Exchange mailboxes, except that you have to point the target archive to a separate dummy user in order to grant other MailStore users access to that archive.
 
 
 
= Throttling in Exchange 2013 SP1 =
 
 
 
Exchange 2013 supports throttling since the RTM version. With throttling you can control, on the server side, the speed as well as the amount of emails individual users can download from the server. Since SP1 for Exchange 2013 this is a standard feature. When installing SP1 an experimental throttling policy may be activated which is unsuitable for productive operations.
 
<p class="msnote">'''Please note:''' Always enter the UPN (User Principal Name) of the Window user used for archiving as '''''serviceaccount'''''.</p>
 
 
 
== Determining the Throttling Policy Applied to the  MailStore '''''serviceaccount''''' ==
 
 
 
You can use the following Powershell script to check if the '''''serviceaccount''''' that MailStore uses for archiving is slowed down by a throttling policy:
 
 
 
  $policy = $null
 
  $policyLink = (Get-Mailbox '''''serviceaccount''''').ThrottlingPolicy
 
  if ($policyLink -eq $null)
 
  {
 
    $policy = Get-ThrottlingPolicy | where-object {$_.IsDefault -eq $true}
 
  }
 
  else
 
  {
 
    $policy = $policyLink | Get-ThrottlingPolicy
 
  }
 
 
 
  $result = $policy | format-list -property Name, IsDefault, EWS*
 
  $result
 
 
 
To use the script, please copy the entire content into a .TXT file, change '''''serviceaccount''''' to the UPN (User Principal Name) of the Windows user who is used for archiving, and save the script as '''policycheck.ps1''' (on the desktop of the Exchange server, for example).
 
 
 
The script can now be executed from the Exchange Management Shell. Since, in the context of MailStore Server, only the EWS* values are of any interest, the following result may be displayed:
 
 
 
  [PS] C:\users\Administrator\Desktop>.\policycheck.ps1
 
 
 
  Name                          : DefaultThrottlingPolicy_8c5771...
 
  IsDefault                    : True
 
  EWSMaxConcurrency            : 100
 
  EWSPercentTimeInAD            : 50
 
  EWSPercentTimeInCAS          : 90
 
  EWSPercentTimeInMailboxRPC    : 60
 
  EWSMaxSubscriptions          : 5000
 
  EWSFastSearchTimeoutInSeconds : 60
 
  EWSFindCountLimit            : 1000
 
 
 
In this case, no separate policy exists for the '''''serviceaccount'''''. Since the property ''IsDefault'' is true, the default throttling policy of the system applies to the '''''serviceaccount'''''. If the value was false, an individual policy would already have been applied to the '''''serviceaccount''''' whose name would be listed under ''Name''.
 
 
 
== Creating and Assigning an Individual Throttling Policy ==
 
 
 
To avoid interfering with the overall stability of the Exchange 2013 system by using a too liberal policy definition of the default throttling policy, it is advisable to create a separate policy for the '''''serviceaccount'''''. Only three lines are necessary to create a throttling policy for the '''''serviceaccount''''' which is customized for MailStore:
 
 
 
  New-ThrottlingPolicy MailStore
 
 
 
  Get-ThrottlingPolicy MailStore | Set-ThrottlingPolicy -EWSFindCountLimit 2500 '
 
  -EWSPercentTimeInAD 70 -EWSPercentTimeInCAS 120 -EWSPercentTimeInMailboxRPC 80
 
 
 
  Set-Mailbox "'''''servcieaccount'''''" -ThrottlingPolicy MailStore
 
In line 1, a new throttling policy is created, line 2 defines the desired values for the policy, and in line 3, the individual throttling policy is assigned to the '''''serviceaccount'''''.
 
 
 
<p class="msnote">'''Important:''' Please note that a mailbox must be set up for the '''''serviceaccount''''' in order to be able to assign a policy to it.</p>
 
  
== Removing and Deleting an Individual Throttling Policy ==
+
=== Step 3: Configuration of MailStore Server ===
 +
{{Archiving Exchange Journal Mailbox}}
  
To delete an individual throttling policy from a mailbox or user account, execute the following command in the Exchange Management Shell: 
+
== Public Folders ==
 +
{{Archiving Exchange Public Folders Preamble|Exchange 2013}}
 +
* Log on to the ''Exchange admin center'' of you Microsoft Exchange environment as an Exchange admin.
 +
* Navigate to ''public folders''.
 +
* Click on the ''Ellipsis (…)'' and select ''Root permissions''.
 +
*: [[File:Arch_exchange2013_pf_01.png|center|480px]]
 +
* A new browser window opens. Click on ''+ (Add)''.
 +
* Use ''Browse'' to choose the Exchange user you want to grant permissions.
 +
* Choose ''Custom'' as ''Permission level'' and grant ''Read items'' and ''Delete all'' permissions.
 +
*: [[File:Arch_office365_pf_02.png|center|347px]]
 +
* Click on ''Save''.
 +
* Enable the option ''Apply changes to this public folder and all its subfolders.''
 +
* Click on ''Save''.
 +
* Click on ''Close'' after saving has been completed successfully.
 +
=== Step 3: Setting up the Archiving Process ===
 +
{{Archiving Exchange Public Folder}}
  
  Set-Mailbox "'''''Serviceaccount'''''" -ThrottlingPolicy $null
+
== Shared Mailboxes ==
 +
{{Archiving Exchange Shared Mailbox|Archiving_Emails_from_Microsoft_Exchange_2013#Archiving_Multiple_Exchange_Mailboxes_Centrally}}
  
This ends the assignment of a throttling policy. To delete the throttling policy from the Exchange system, execute the following command in the Exchange Management Shell:
+
== Archive Mailboxes ==
  Remove-ThrottlingPolicy MailStore
+
{{Archiving Exchange Archive Mailboxes Preamble}}
Confirm this by entering "Y". The policy is now completely deleted from the system.
 
  
= Weblinks =
+
== Throttling in Exchange 2013 ==
* [http://www.mailstore.com/en/support.aspx MailStore Support]
+
{{Archiving Exchange Throttling|2013}}
  
 +
== Weblinks ==
 +
* {{MailStore Support}}
  
 
[[de:E-Mail-Archivierung von Microsoft Exchange 2013]]
 
[[de:E-Mail-Archivierung von Microsoft Exchange 2013]]
 +
[[en:Archiving_Emails_from_Microsoft_Exchange_2013]]

Latest revision as of 12:12, 31 August 2023

Important Notice: Exchange 2013 is no longer maintained by Microsoft. Therefore, we are only able to ensure limited compatibility and thus provide limited technical support for Exchange 2013. Information in this document regarding MailStore's capabilities towards Exchange 2013 is no longer maintained and may no longer be up-to-date. Furthermore, we reserve the right to partially as well as completely remove support for Exchange 2013 in a future MailStore update.


This implementation guide covers the specifics of archiving Microsoft Exchange 2013 mailboxes. It is assumed that you already have a MailStore Server installation or test installation and are familiar with the fundamentals of MailStore Server. Please refer to the Manual or the Quick Start Guide for more information.

MailStore Server offers several ways to archive emails from Microsoft Exchange 2013 mailboxes, which are described below. If you are not sure which archiving method best suits your company, please refer to the chapter Choosing the Right Archiving Strategy.


Synchronizing Users

As Microsoft Exchange 2013 requires the existence of an Active Directory, it is recommended to set up a synchronization as described in chapter Active Directory Integration of the MailStore Server manual.

Archiving Individual Mailboxes

In MailStore Server Microsoft Exchange 2013 archiving tasks are stored in archiving profiles. By following the procedure described here you can archive a single Microsoft Exchange 2013 mailbox for a specific MailStore user. The archiving process can be executed manually or automatically. You can find further information about executing archiving profiles in chapter Email Archiving with MailStore Basics.

For each mailbox, please proceed as follows:

  • Unless the mailbox of the current user is to be archived into his or her own user archive, log on to MailStore Client as MailStore administrator. Only an administrator can archive emails for other users.
  • Click on Archive Email.
  • From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
  • A wizard opens to assist in specifying the archiving settings.
  • Select Single Mailbox.
    Xchg mailbox 01.png
  • Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.
    Please note: If the certificate provided by the remote host cannot be verified (e.g. self-signed or signed by an unknown certificate authority), enable the option Accept all certificates to allow MailStore to establish a connection. As this option leads to an insecure configuration, warnings may appear in the summary and/or the dashboard.
  • Under Host, enter the name of your Exchange server.
  • Under User Name, enter the Windows login name of the user whose emails are to be archived (e.g. [email protected] or [email protected]).
    Please note: Alternatively, any user with the appropriate access permissions for the mailbox to be archived can be specified. In this case, it is imperative that this mailbox is specified under Mailbox (see below).
  • Under Password, enter the user's password.
  • The field Mailbox must be left blank if a user, whose Windows login name and password is being used, wants to archive his own mailbox. Otherwise, the primary email address of the user whose mailbox you want to archive has to be entered here.
  • Click on Test to verify that MailStore can access the mailbox.
  • Click on Next.
  • If needed, adjust the settings for the List of Folders to be Archived, the filter and the Deletion Rules. By default, no emails will be deleted from the mailbox. The Timeout value only has to be adjusted in specific cases (e.g. with very slow servers).
    Xchg mailbox 03.png

    Important notice: Did you specify IMAP as the protocol and have also defined a deletion rule? If so, folders containing no emails, such as Tasks, Calendar or Contacts have to be added to the list of excluded folders manually. This is the only way to avoid these folders being archived and deleted according to the deletion rule specified. Please read more in chapter Archiving Specific Folders.

  • Click on Next to continue.
  • If logged on to MailStore Server as MailStore administrator, the Target Archive can be specified. Select the archive of the user for whom the selected mailbox is to be archived. If the user does not exist yet, click on Create a New User.
    Xchg mailbox 02.png
  • Click on Next.
  • In the last step, a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and, if desired, can be run immediately or automatically.


Archiving Multiple Exchange Mailboxes Centrally

With MailStore, some or all Microsoft Exchange 2013 mailboxes can be archived in a single step.


Step 1: Setting up a service account for accessing mailboxes

To archive multiple mailboxes at once, a service account with access access to all mailboxes to be archived needs to be created first. To be able to set up such an account, you must be a member of the Organization Management role group. There are two methods to configure the service account:

Method 1: Setting up the service account through the Exchange admin center

  • Create an unprivileged domain user (e.g. MailStore Server).
  • Log on to the Exchange admin center of your Microsoft Exchange environment.
  • Navigate to permissions.
  • Under admin roles select + (New).
    Arch exchange2013 multi 01.png
  • Enter a meaningful name (e.g. MailStore Impersonation) and description for the new role group.
  • Under Roles add the role ApplicationImpersonation.
  • Under Members add the user you've created above.
  • Click on Save to create the new role group.
  • Continue with step 2.

Method 2: Setting up the service account through the Exchange Management Shell

  • Create an unprivileged domain user (e.g. [email protected]).
  • Open a Microsoft Exchange Management Shell session on the Microsoft Exchange 2013 Server.
  • Enter the following command:
New-ManagementRoleAssignment -Name:"MailStore Impersonation" -Role:ApplicationImpersonation -User:mailstore@example.com
  • Optional: Enter the following command to check the role assignment:
Get-ManagementRoleAssignment -Role:ApplicationImpersonation -RoleAssigneeType:User | Format-List *
 
Get-ManagementRoleAssignment -Identity:"MailStore Impersonation" | Format-List *
  • Optional: Enter the following command to remove the role assignment:
Remove-ManagementRoleAssignment "MailStore Impersonation"

Step 2: Configuration of MailStore Server

Please proceed as follows:

  • Log on to MailStore Client as MailStore administrator.
  • Click on Archive Email.
  • From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
  • A wizard opens to assist in specifying the archiving settings.
  • Select Multiple Mailboxes and click OK.
    Please note: To be able to archive multiple mailboxes, MailStore Server users along with their email addresses must exist in the MailStore Server user management. If this is not the case, MailStore Server will offer to set up and run the directory synchronization at this point. Once completed, the wizard will resume.
    Alternatively, you can cancel the wizard and create users manually as described the in chapter User Management.
    Xchg mailboxes 01.png
  • Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.
    Please note: If the certificate provided by the remote host cannot be verified (e.g. self-signed or signed by an unknown certificate authority), enable the option Accept all certificates to allow MailStore to establish a connection. As this option leads to an insecure configuration, warnings may appear in the summary and/or the dashboard.
  • Under Host, enter the name of your Exchange server.
  • Under User Name and Password, enter the access data of the service account that has access to all mailboxes to be archived.
  • Click on Next to continue.
    Xchg mailboxes 03.png
  • If needed, adjust the settings for the List of Folders to be Archived, the filter and the Deletion Rules. By default, no emails will be deleted from the mailbox. The Timeout value only has to be adjusted in specific cases (e.g. with very slow servers). Please keep in mind that these settings apply to all mailboxes to be archived, as specified in the next step.
  • Select the users whose mailboxes are to be archived.
    Xchg mailboxes 02.png
    The following options are available:
    • All users with configured email address
      Choose this option to archive the mailboxes of all users who are set up, along with their email addresses, in MailStore's user management.
    • All users except the following
      Choose this option to exclude individual users (and thereby their Exchange mailboxes) from the archiving process, using the list of users below.
    • Only the following users
      Choose this option to include individual users (and thereby their Exchange mailboxes) in the archiving process, using the list of users below. Only the mailboxes of those users explicitly specified will be archived.
    • Synchronize with Directory Services before archiving
      If selected, the MailStore user list will be synchronized with the configured directory service before any archiving process is executed. This has the advantage that, for example, new employees will be created as MailStore users before archiving, so once the archiving process is executed, their Exchange mailbox is archived automatically as well. This option is especially recommended when the archiving process is to be executed automatically.
  • Click on Next.
  • In the last step, a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and can be run immediately or automatically, if desired.


Archiving Incoming and Outgoing Emails Directly

Together with the Microsoft Exchange 2013 journal function, MailStore can archive the incoming and outgoing emails of all users automatically. This is the only way to ensure that all emails are archived entirely.

Basic Functionality

The Microsoft Exchange 2013 journal function makes it possible to record all incoming, outgoing and internal email traffic. At the time of sending and receiving, a copy of the respective email is created by Microsoft Exchange 2013. The copy is then attached to a so-called journal report and stored in a special journal mailbox. The journal report contains information about the actual senders and recipients; Microsoft Exchange 2013 also resolves BCC recipients and distribution lists.

With the corresponding archiving profile MailStore can archive the journal mailbox automatically. During this process, MailStore parses the information in the journal reports and assigns the emails to their respective MailStore archives. Therefore even with journal archiving all users have access to their own emails only.


Step 1: Creating a Mailbox for Journaling

To set up a new Exchange user with a meaningful name, e.g. journal, please proceed as follows:

  • Log on to the Exchange admin center of your Microsoft Exchange environment as an Exchange administrator.
  • Choose the recipients menu item.
  • In the mailboxes section, click on + (New) and choose User mailbox.
  • Enter a valid Alias (e.g. journal).
  • Select the option New user.
  • Enter the necessary data to create a new user.
Xchg jour 2013 01.png
  • Click on More options...
  • Click on Browse to select a mailbox database.
  • Click on save. The new user as well as the corresponding mailbox are created.

Step 2: Configuring Exchange Journaling

Two types of journaling are available in Microsoft Exchange 2013, standard and premium journaling:

  • Standard journaling is configured on mailbox database level and records all sent and received emails of that database.
  • Premium journaling allows to limit journaling to particular recipients or distribution lists through rules; furthermore, internal and external emails can be treated differently. Additionally, premium journaling rules are replicated throughout the whole Exchange organization.

Notice: Premium journaling requires Exchange Enterprise CALs.

Alternative 1: Configure Standard Journaling

  • Log on to the Exchange admin center of your Microsoft Exchange environment.
  • Select the servers menu item.
  • On the databases tab, doubleclick on the mailbox database for which you want to set up journaling.
  • Select the maintenance tab.
  • Click on browse... next to the Journal recipient: box.
  • Select the user that was created in step 1 from the recipient list and confirm with OK.
    Xchg jour 2013 02a.png
  • Click on save to confirm the changes.

Alternative 2: Configure Premium Journaling

  • Log on to the Exchange admin center of your Microsoft Exchange environment.
  • Select the compliance management menu item.
  • On the journal rules tab, click on + (New).
  • The dialog window New Journal Rule opens:
    Xchg jour 2013 02b.png
  • Enter a name for the journal rule, e.g. Journaling.
  • In the If the message is sent to or received from... section select whether the rule should apply to all messages or to specific users or groups.
  • Under Journal the following messages..., choose whether to capture all messages, internally sent messages only, or only those messages with an external sender or recipient.
  • In the Send journal reports to: box, enter the email address of the user created in step 1.
  • Click on save to activate the rule. Please keep in mind that in complex Microsoft Exchange environments it may take several minutes until the new rule becomes effective.

Step 3: Configuration of MailStore Server

Please proceed as follows:

  • Log on to MailStore Client as MailStore administrator.
  • Click on Archive Email.
  • From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
  • A wizard opens to assist in specifying the archiving settings.
  • Select In- and Outbound Email Automatically.
    Please note: To be able to archive from a journal mailbox, MailStore Server users along with their email addresses must exist in the MailStore Server user management. If this is not the case, MailStore Server will offer to set up and run the directory synchronization at this point. Once completed, the wizard will resume.
    Alternatively, you can cancel the wizard and create users manually as described the in chapter User Management.
    Xchg jour mailstore 01.png
  • Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.
    Please note: If the certificate provided by the remote host cannot be verified (e.g. self-signed or signed by an unknown certificate authority), enable the option Accept all certificates to allow MailStore to establish a connection. As this option leads to an insecure configuration, warnings may appear in the summary and/or the dashboard.
  • Under Host enter the name of the Exchange server.
  • Under User Name and Password enter the credentials for the Exchange journal mailbox.
  • If you want to access the journal mailbox through HTTP/HTTPS with credentials that are not those of the mailbox owner, you have to specify the primary email address of the journal mailbox in the field Mailbox (opt.).
  • Click on Test to verify that MailStore can access the mailbox.
  • Synchronize with Directory Services before archiving
    If this option is enabled, the MailStore user list will be synchronized with configured directory service before the archiving process actually runs. This has the advantage that, for example, new employees will be created as MailStore users before archiving which enables MailStore to sort their emails into the correct archives. This option is recommended if you want to have the journal archiving job run automatically.
  • Messages with unknown e-mail addresses
    In this section you can configure whether to archive messages that contain only email addresses which do not belong to any MailStore user. By default, such emails will be archived into a catchall folder but you can select another folder through the Ellipsis (…).
    Alternatively, you can opt not to archive these emails at all.
  • When e-mails are successfully archived
    Enabling the option Delete them in origin mailbox will delete emails automatically in the journal mailbox after they have been archived successfully by MailStore. The option has no effect whatsoever on the emails in the users' mailboxes.
  • Click on Next to continue.
  • A Timeout value can be specified. Change this value only in case of definite need (e.g. with very slow servers).
  • Click on Next to continue.
  • In the last, step a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and can be run immediately or automatically, if desired.


Public Folders

MailStore Server can archive the emails from the public folders of Exchange 2013 and make them available to some or all MailStore Server users. The archiving process can be executed manually or automatically.

Step 1: Creating a User Archive for Public Folders

Archived emails are always assigned to a particular user. You also need to specify a target archive when archiving a public folder.

As best practice, please create a dedicated MailStore Server user (e.g. publicfolder) whose archive acts as target for the public folder archiving profile. Through the user privileges you can grant access to the archive of the user publicfolder to other MailStore Server users. This way the archived emails of the public folder are made available to those MailStore Server users.

You can find more information on how to create a new user in MailStore Server in the chapter User Management.

Step 2: Granting permissions on public folders in Exchange 2013

Accessing public folders needs an Exchange 2013 user that has a mailbox because the necessary permissions are implemented on mailbox level. If the above mentioned MailStore service account should be used for public folder access also, a mailbox has to be created for that account first.

To grant the Exchange 2013 user the necessary permissions, please proceed as follows:

  • Log on to the Exchange admin center of you Microsoft Exchange environment as an Exchange admin.
  • Navigate to public folders.
  • Click on the Ellipsis (…) and select Root permissions.
    Arch exchange2013 pf 01.png
  • A new browser window opens. Click on + (Add).
  • Use Browse to choose the Exchange user you want to grant permissions.
  • Choose Custom as Permission level and grant Read items and Delete all permissions.
    Arch office365 pf 02.png
  • Click on Save.
  • Enable the option Apply changes to this public folder and all its subfolders.
  • Click on Save.
  • Click on Close after saving has been completed successfully.

Step 3: Setting up the Archiving Process

Please proceed as follows:

  • Log on to MailStore Client as administrator.
  • Click on Archive Email.
  • From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
  • A wizard opens to assist in specifying the archiving settings.
  • Select Public Folders.
    Xchg public 01.png
  • Under Access via, select HTTPS or HTTP.
    Please note if you choose HTTPS: If the certificate provided by the remote host cannot be verified (e.g. self-signed or signed by an unknown certificate authority), enable the option Accept all certificates to allow MailStore to establish a connection. As this option leads to an insecure configuration, warnings may appear in the summary and/or the dashboard.
  • Under Host, enter the name of your Exchange server.
  • Under User Name, enter the Windows login name of the user you have prepared in step 2 for public folder access.
  • Under Password, enter the user's password.
  • Click on Test to verify that MailStore can access the public folders.
  • Click on Next to continue.
    Xchg public 03.png
  • Adjust the settings for the List of Folders to be Archived. By default, all public folders that contain emails will be archived.
  • If needed, adjust the filter and the Deletion Rules. By default, no emails will be deleted from the public folders. The Timeout value only has to be adjusted in specific cases (e.g. with very slow servers).
  • Click on Next to continue.
    Xchg public 02.png
  • In the next step, select the archive of the user you have prepared in step 1.
  • In the last step, specify a name for the archiving profile. After clicking Finish the archiving profile will be listed under Saved Profiles and can be run immediately or automatically if desired.


Shared Mailboxes

Shared mailboxes grant multiple users shared access to a mailbox, somewhat comparable to public folders.

Step 1: Creating a MailStore Server User for a Shared Mailbox

A shared mailbox is a special kind of mailbox that, unlike a normal mailbox, is associated with a disabled Active Directory account. Like for normal mailboxes, MailStore Server is able to create user entries for shared mailboxes via Active Directory Synchronization. For this, you have to deactivate the option Synchronize enabled users only in the section User Database Synchronization.
After synchronization you can grant MailStore Server users access to the archive of the shared mailbox by assigning privileges.

Step 2: Setting up the Archiving Process

In order to archive emails from a shared mailbox you must grant a user account full access to that mailbox (either by delegated access or impersonation) because the Active Directory user account associated with that mailbox is disabled. You can use the service account you created to archive multiple mailboxes for this purpose.

Once you have created the service account, setup a new Single Mailbox archiving profile. Enter the credentials of the service account and fill the optional Mailbox field with the primary e-mail address of your shared mailbox.

Xchg sharedmbx 01.png

Further steps are analog to the archiving of individual Exchange mailboxes.


Archive Mailboxes

MailStore is not able to access Exchange archive mailboxes directly. To archive messages contained therein these have to be copied to a location that MailStore is able to read from. You can find more detailed information in this article.


Throttling in Exchange 2013

Exchange 2013 supports throttling since the RTM version. With throttling you can control on the Exchange side the speed and the amount of emails individual users can download from the Exchange server. This feature is enabled by default.

Determining the Throttling Policy Applied to the MailStore Service Account

You can use the following Powershell script to check which throttling policy is applied to the service account that MailStore uses for archiving:

Param([Parameter(Mandatory=$True)][string]$serviceAccount)
$policy = (Get-ThrottlingPolicyAssociation -Identity $serviceAccount).ThrottlingPolicyId
$policy = switch($policy) {$null {Get-ThrottlingPolicy | Where ThrottlingPolicyScope -eq 'Global'} default {$policy | Get-ThrottlingPolicy}}
$policy | format-list -property Name, ThrottlingPolicyScope, EWS*

To use the script, please copy the entire content into a text editor and save the script as policycheck.ps1, for example on the desktop of the Exchange server.

You can now run the script from the Exchange Management Shell with the UPN (User Principal Name) of the MailStore service account (e.g. [email protected]) as parameter. Since, in the context of MailStore Server, only the EWS values are of any interest, the following result may be displayed:

[PS] C:\Users\Administrator\Desktop>.\policycheck.ps1 mailstore@example.com
  
Name                  : GlobalThrottlingPolicy_b4ef32cb-3677-44fd-be1a-ad784931f16f
ThrottlingPolicyScope : Global
EwsMaxConcurrency     : 27
EwsMaxBurst           : 300000
EwsRechargeRate       : 900000
EwsCutoffBalance      : 3000000
EwsMaxSubscriptions   : 5000

In this case, no separate policy exists for the MailStore service account. The value 'Global' of the property ThrottlingPolicyScope indicates that the global throttling policy of the system applies to the MailStore service account [email protected] as well. Had the value been 'Regular', the individual policy Name would already have been applied to the MailStore service account.

Creating and Assigning an Individual Throttling Policy

Because MailStore regularly establishes many connections to the Exchange server and may have to download large amounts of emails through its service account, the account should be exempt from the restrictions of the global throttling policy. You can achieve this by creating a dedicated throttling policy for the MailStore service account:

New-ThrottlingPolicy MailStoreServerPolicy -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited -IsServiceAccount -ThrottlingPolicyScope Regular
  
Set-ThrottlingPolicyAssociation -Identity '[email protected]' -ThrottlingPolicy MailStoreServerPolicy

In line 1, a new throttling policy with the desired values is created, in line 2, this individual throttling policy is assigned to the MailStore service account. The result can be checked again with the script listed above:

[PS] C:\Users\Administrator\Desktop>.\policycheck.ps1 mailstore@example.com
  
Name                  : MailStoreServerPolicy
ThrottlingPolicyScope : Regular
EwsMaxConcurrency     : Unlimited
EwsMaxBurst           : Unlimited
EwsRechargeRate       : Unlimited
EwsCutoffBalance      : Unlimited
EwsMaxSubscriptions   : Unlimited

Removing and Deleting an Individual Throttling Policy

To delete an individual throttling policy from a mailbox or user account, execute the following command in the Exchange Management Shell:

  Set-ThrottlingPolicyAssociation -Identity '[email protected]' -ThrottlingPolicy $null

This removes the assignment of a throttling policy. To delete the throttling policy from the Exchange system, execute the following command in the Exchange Management Shell:

Remove-ThrottlingPolicy MailStoreServerPolicy

Confirm this by entering "Y". The policy is now deleted from the system.


Weblinks