Requirements
Please ensure that following requirements are met by the MS Exchange server:
1. AhsayOBM is installed on the MS Exchange server.
- For the Exchange server 2010 with database availability group (DAG) backup, AhsayOBM version 6.11.0.0 or above is installed on each MS Exchange server.
2. Microsoft Messaging Application Programming Interface (MAPI) is installed on the MS Exchange server.
3. The built in administrator account is Umust be enabledU.
Important: For Windows Small Business Server (SBS) 2003 / 2008 / 2011, the built-in administrator account is disabled by default.
4. The operating system account to be running the Brick-Level backup (e.g. administrator) Umust haveU a mailbox and Uis not hiddenU from the Global Mailbox List.
For AhsayOBM version 6.5.4.0 or above, scheduled backup can be performed without changing the scheduler service's log on setting.
Scheduled backup is performed using the operating system account configured in the [User Authentication for Windows] field.
If such setting is not configured, the scheduled backup would precede with the default Local System account (default log on account for AhsayOBM scheduler).
In this case, the backup will most likely fail with permission denied error.
For AhsayOBM version 6.9.2.0 or above, mailbox items can be restored to a different Exchange Server on the same version or to a different Exchange Server on different version.
5. For the backup with DAG option, scheduled backup is required, as all the AhsayOBM on different Exchange servers will base on the scheduled backup time to activate all the backups at the same time, even all these Exchange servers are located at different timezones. When the backup on all Exchange servers are finished, a single email report will be generated.
Manual backup is not considered, as this will be considered as individual Exchange mail level backup not an Exchange mail level DAG backup.
Overview
Brick-Level backup for Microsoft Exchange Server is not designed to fully protect an Exchange Server, but to facilitate easy backup and fast restore of individual emails, contacts or calendars, etc. A Brick-Level restore cannot fully recover the Information Store after a disaster.
Important: If used, a Brick-Level Backup must be utilized in conjunction with full Information Store Backup, in order to fully protect the Exchange Server.
Granting Privileges
Brick-Level backup requires "Full Mailbox Access" permission for the user running AhsayOBM.
Please refer to the following instruction for granting permission to the operating system account to be running the Brick-Level backup:
For one specific mailbox
Use the following procedure to grant access to Exchange 2003 / 2007 mailbox:
1. Start the [Active Directory Users and Computers] applet.
2. On the [View] menu, ensure that the [Advanced Features] option is selected.
3. Right click the user whose mailbox you want to give permissions to and choose [Properties].
4. On the [Exchange] Advanced tab, click [Mailbox Rights].
5. Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
6. Click [Add], click the user or group who you want to have access to this mailbox, and then click [OK].
7. Ensure that the user or group is selected in the Name box.
8. In the [Permissions] list, click [Allow] next to [Full Mailbox Access], and then click [OK].
9. Click [OK] all the way out.
10. Restart the [Microsoft Exchange Information Store] service.
For mailboxes located within a specific mailbox store
Use the following procedure to grant access to Exchange 2003 / 2007 mailbox found on a specific mail store:
1. Start the [Exchange System Manager] applet.
2. Navigate to the server object within the appropriate Administrative Group.
3. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right click it and choose [Properties].
4. In the [Properties] window, go to the [Security] tab.
5. Click [Add], click the user or group who you want to have access to the mailboxes, and then click [OK].
6. Be sure that the user or group is selected in the Name box.
7. In the [Permission] list, check [Allow] next to [Full Control], and then click [OK].
8. Click [Apply] and [OK].
9. Restart the [Microsoft Exchange Information Store] service.
For mailboxes located within a specific server
For Exchange 2003, please refer to the following instructions:
1. Add an operating system account to the Add an operating system account to the Exchange 2003 server.
This account must be a member of the following groups in the Active Directory:
Ÿ Domain Users group
Ÿ Administrators group
2. Right click [Exchange System Manager] > [Domain Name] > [Server] > [Exchange Server Name], select [Properties].
3. Choose the [Security] tab.
4. Add the newly created user to the list, and then check the [Full Control] checkbox for this user.
5. Click [OK] all the way out.
6. Reboot the server or restart the [Microsoft Exchange Information Store] service, wait for at least 15 minutes for the changes to be applied to the Exchange server.
For Exchange 2007, please refer to the following instructions:
1. Add an operating system account to the Add an operating system account to the Exchange 2007 server.
This account must be a member of the following groups:
Ÿ Local Administrators (Built in)
Ÿ Domain Admins group
Ÿ Enterprise Admins group
2. Enter the following command in Exchange Management Shell:
Get-MailboxServer | Add-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
Example, to grant the permission for local account "system"
Get-MailboxServer | Add-ADPermission -User "system" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
To show added permission for an AD account
Get-MailboxServer | Get-ADPermission -User "%USER%"
Example, to show added permission for local account "system"
Get-MailboxServer | Get-ADPermission -User "system"
To remove permission from an AD account
Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
Example, to remove permission from local account "system"
Get-MailboxServer | Remove-ADPermission -User "minimal" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
For Exchange Server 2010/DAG, please refer to the following instructions:
1. Add an operating system account to the Exchange 2010 server. This account must be a member of the following groups:
Ÿ Local Administrators (Built In)
Ÿ Organization Management group (Exchange Security Groups)
Ÿ Domain Admins group
Ÿ Enterprise Admins group
2. Ensure that UUpdate Rollup 3 for Exchange Server 2010 (KB981401) is installed.
3. Enter the following command in Exchange Management Shell:
Get-Mailbox | Add-MailboxPermission -User "%USER%" -AccessRights FullAccess
Example:
Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess
Other useful commands:
Remove permission from an AD account
Get-Mailbox | Remove-MailboxPermission -User "%USER%" -AccessRights FullAccess
Example:
Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess
To view the mailbox permission of a user
Get-Mailbox | Get-MailboxPermission -User "%USER%"
Example:
Get-Mailbox | Get-MailboxPermission -User "SYSTEM"
How to perform Brick-Level backup
Refer to the following instructions to backup individual items within your Microsoft Exchange Server:
1. Login to the backup application's user interface.
For AhsayOBM installation on 64 bit machines, please start the backup application by running the RunOBC32.bat file found under the application installation bin directory:
${AhsayOBM-InstallHome}\bin\RunOBC32.bat
2. Select the [Backup Settings] button and the + button to start the New Backup Set Wizard.
3. Create a MS Exchange mail level backup set by selecting [MS Exchange Mail Level Backup] from the backup set type dropdown menu.
4. Enter the backup set name
5. Select [Next] to proceed.
6. Expand the Mailbox Store to select the corresponding mailboxes for backup.
7. Configure a backup schedule for unattended backups.
Note: Multiple backup schedules of different types can be configured for the same backup set.
8. Select an encryption setting for your backup set.
9. Press the [OK] button to complete the configuration of backup set.
10. Scheduled backup will run automatically at the configured schedule time.
11. Click [Backup] button on the left panel to perform a backup immediately.