Changing Archiving from Microsoft Exchange Server to Microsoft 365
This article shows the changes required in MailStore Server when switching the email environment from a local Microsoft Exchange installation to Microsoft 365.
Our Tech Tip video provides an overview. Please note that the actual steps might deviate from those shown in the video based on the current configuration.
Notes and Considerations
As with any changes in a production environment, changing archiving in MailStore Server should be planned carefully in advance. Therefore, before implementing any changes, please take the following notes into consideration:
- It is strongly recommended to implement the modifications described in this article in a test environment first because the changes to your Exchange and MailStore Server installations may not be reverted without huge effort if at all.
- Please make sure that you have a current backup of your Exchange and MailStore Server installations before applying any modifications to your production environment. For the Service Provider Edition, refer to this Backup article.
- It is recommended to update MailStore Server to the latest version before applying any modifications. Please make sure that your Update and Support Service contract is valid (not relevant for Service Provider Edition) and take heed of the update notices (MailStore Server) / update notices (Service Provider Edition).
- It is assumed that MailStore Server currently runs in an Active Directory / Exchange Server environment according to the MailStore Implementation Guides for Microsoft Exchange Servers and shall run according to the MailStore Implementation Guide for Microsoft 365 (Modern Authentication) hereafter.
- The modifications to the configuration of MailStore Server should be applied in Safe Mode to avoid interference by background tasks or user interaction. For the Service Provider Edition, refer to Management Console, section "Safe Mode".
- Microsoft 365 does not support journal mailboxes hosted within Microsoft 365 itself. If you archive all incoming and outgoing emails with MailStore Server, you need a journal mailboxes that is hosted outside Microsoft 365. MailStore offers MailStore Gateway as a free solution that can provide journal mailboxes in your company intranet.
Changing User Synchronization
As a first step, you must change the directory services that MailStore Server synchronizes its users with from Active Directory to Microsoft 365 (Modern Authentication). This is necessary because Microsoft 365 uses Azure Active Directory instead of a local Active Directory as directory service.
Initially, please run a directory services synchronization in MailStore Server with the current configuration to make sure that all user data is complete and up-to-date.
User Name Format
The steps required for changing the directory service depend on the user name format that is currently being used in MailStore Server for user synchronization with the local Active Directory.
- If you are currently using the SAM Account Name or the User Principal Name (Local Part), i.e. a "flat" user name without domain part (e.g.
john.doe) as user name in MailStore Server, users and archive folders must be renamed in MailStore Server. In this case, please follow the steps in the next section.
- If you are already using the the full User Principal Name (UPN, e.g.
[email protected]) as user name in MailStore Server and
- exactly that UPN will be used to log on to Microsoft 365 in the future, you can leave the user names, archive folders and source folders in MailStore Server as is. Please continue directly with the section Changing Directory Service Synchronization to Microsoft 365.
- you want to change the naming scheme of the UPN (e.g. from
[email protected]or from
[email protected]) for logging on to Microsoft 365, user names, archive folders and source folders in MailStore Server need to be renamed. In this case, please follow the steps in the next section.
MailStore Migration Scripts
The modifications in the following sections rely on Windows PowerShell scripts which require Windows PowerShell 3.0 or higher.
- You can download the scripts for MailStore Server here; they can be found in the folder
migrationafter extraction. For the MailStore Service Provider Edition, please use these scripts instead.
- To use the scripts with MailStore Server, access to the MailStore Administration API in the MailStore Server Service Configuration must be enabled.
- In case of the MailStore Service Provider Edition, provider access to the respective instance must be enabled as well.
Renaming Users and Archives in MailStore Server
MailStore Server distinguishes users by user name only. For example,
[email protected] are two different users from a MailStore Server perspective, requiring two user licenses. Furthermore, a user's archive is also associated by user name alone, so that, for a user named
john.doe, MailStore always creates an archive (Archive) john.doe. However, once such an archive contains archived emails, it will retain its name even if the associated user name changes.
For these reasons, user names and archive folders in MailStore Server must be equal to the user names of the directory service that MailStore Server synchronizes its users with. Because Azure Active Directory uses the full User Principal Name (UPN, usually the primary email address) as user name, you must rename users and archive folders if you are currently using a different user name format or want to change the UPN.
For renaming users and archive folder, please proceed as follows (for the MailStore Service Provider Edition, the files have the prefix SPE_, but act the same way):
- Edit the scripts
MSS_2_update_users.ps1in the PowerShell ISE and adjust the values in the section Adjust these values according to your installation according to your MailStore Server installation.
- Run the script
MSS_1_prepare_users.ps1in the PowerShell ISE with F5.
- The file
mailstore-users.txtwill be created (in the folder
C:\Users\<Your user name>\by default). It contains the current MailStore Server user names.
- Edit this file in a text editor. Change the new user names after the "=", so that the entries look like this:
AD user name=Microsoft 365 user name
- Example (with changes highlighted)
- Please use only lower case for letters in user names. For user names that should not change (e.g. the default admin user), just leave the corresponding entries as is.
- Save the file
mailstore-users.txtthat now should contain the current and the future user names.
- Run the script
MSS_2_update_users.ps1in the PowerShell ISE with F5.
- The script now renames the users and their archive folder in MailStore Server and also updates the archive folder permissions accordingly.
- Log on as MailStore Server administrator with the MailStore Client and check the new user names and archive folders.
- If the local part of the users' email addresses (the part before the "@") has not changed, you can proceed directly with the steps in section Changing Directory Service Synchronization to Microsoft 365. Otherwise the source folders may need to be renamed as described in the next section.
Renaming Source Folders in MailStore Server
The folder level below the archive folders reflects the source from which MailStore Server has archived the emails. In case of Exchange archiving, the folder name consists of the prefix Exchange and the local part of the email address (the part before the "@"), so that for the email address
[email protected] the source folder name in MailStore Server would be Exchange [email protected].
Source folder names only need to be renamed if all of the following conditions and requirements are met. Otherwise you can proceed directly with the steps in section Changing Directory Service Synchronization to Microsoft 365.
- The local part of the email address shall be changed in course of migrating to Microsoft 365 (e.g. from
[email protected]) and
- both the emails that have been archived so far from the local Exchange Server and those that will be archived from Microsoft 365 henceforth should appear in the same folder structure on source level (e.g. so far in Exchange john.doe and in Exchange j.doe after).
For renaming the source folders, please proceed as follows:
- Enable access to user archives by administrators in MailStore Server; it is disabled by default. Changing this option is described in chapter Compliance General of the MailStore Server manual.
- Edit the scripts
MSS_4_update_folders.ps1in the PowerShell ISE and adjust the values in the section Adjust these values according to your installation according to your MailStore Server installation.
- Run the script
MSS_3_prepare_folders.ps1in the PowerShell ISE with F5.
- The file
mailstore-folders.txtwill be created (in the folder
C:\Users\<Your user name>\by default). It contains the full paths of the current source folders that consist of user names and the source folder names, separated by "/".
- Edit this file in a text editor. Change the new source folders after the "=", so that the entries look like this:
- Save the file
mailstore-folders.txtthat now should contain the current and the future source folders.
- Run the script
MSS_4_update_folders.ps1in the PowerShell ISE with F5.
- The script now renames the source folders in MailStore Server.
- Log on as MailStore Server administrator with the MailStore Client and check the new source folders.
Changing Directory Service Synchronization to Microsoft 365
To enable users to log on to MailStore Server with their Microsoft 365 credentials instead of their Active Directory, you must switch the directory service synchronization to Microsoft 365 (Modern Authentication). Please follow the steps in chapter Synchronizing User Accounts with Microsoft 365 (Modern Authentication) of the MailStore Server manual. Initially, just test the synchronization using the Test Settings button. Check the directory service synchronization results, migrated users should show as modified. You can also check that user authentication against Microsoft 365 works as expected.
Changing the Archiving Profiles
For archiving Microsoft 365 mailboxes, MailStore Server offers dedicated Microsoft 365 archiving profiles that support modern authentication. Existing Exchange archiving profiles cannot be used for archiving Microsoft 365 mailboxes because they only support basic authentication.
Deactivating Existing Profiles and Jobs
If you run MailStore Server in Safe Mode as recommended before, automatic execution of archiving profiles and by jobs is disabled (for the Service Provider Edition: Management Console, Safe Mode). To deactivate them permanently, please proceed as follows:
- Log on as MailStore Server administrator through the MailStore Client.
- Click on Archive E‑mail
- Below the profiles list, enable the option Show Profiles of All Users.
- Switch every Exchange archiving profile to Manual through the context menu.
- If you have configured Exchange export profiles, click on Export E‑mail in the menu tree and repeat the previous steps.
- If you have configured scheduled job for running Exchange profiles, click on Administrative Tools > Management API > Jobs and deactivate every job that run an Exchange profile through the context menu.
Creating new Microsoft 365 Profiles
Create new Microsoft 365 profiles and jobs according to the following articles. They should be set to manual initially to check their execution and results.
- For archiving Microsoft 365 mailboxes, follow the implementation guide Archiving Emails from Microsoft 365 (Modern Authentication).
- Creating Microsoft 365 export profiles is described in chapter Exporting Email of the MailStore Server manual.
- Once the profiles have been set up you can update existing jobs as described in chapter jobs of the MailStore Server manual.
Finalizing the Migration
To finalize the migration in MailStore Server, please proceed as follows:
- Close all MailStore Client sessions and restart the MailStore Server service.
- Log on as MailStore Server administrator again through the MailStore Client.
- In the main menu tree, go to Administrative Tools > Users and Archives > Archives and check the names of the archive folders.
- Switch to Archive E‑mail and run each Microsoft 365 archiving profile manually. If you are satisfied with the results, you can delete the old Exchange archiving profiles.
- If applicable, repeat the previous step for export profiles and jobs.
- If you have previously enabled access to user archives by administrators in MailStore Server as described in chapter Compliance General, revert that change.
- If you have enabled Single-Sign-On (SSO) by setting the server name of the MailStore Server computer and the authentication method to Windows Authentication through group policies for the MailStore Client or the for the MailStore Outlook Add-in, you must change the group policy setting Authentication to Standard Authentication.
- During login, the MailStore Web Access, MailStore Clients and Outlook Add-In call the default web browser to have the user log in through the Microsoft 365 login dialog; this communication is TLS-encrypted via HTTPS. Therefore, for a better user experience, it is recommended to configure an SSL certificate in MailStore Server that is trusted by the web browser. Further information can be found in the Using Your Own SSL Certificate article (for the Service provider Edition: Replace Self-Signed SSL Certificates).
After finishing these tasks successfully, the migration in MailStore Server is complete.