Create Backup Set

Overview

Mail Level Backup must be utilized in conjunction with full Information Store Backup as Mail Level backup for Microsoft Exchange Server is not designed to fully protect an Exchange Server, but to facilitate easy backup and fast restoration of individual emails, contacts, calendars or public folder, etc.

%edition_name% supports standalone backup option and Database Availability Group (DAG) backup option for Exchange server mail level backup. From version 7.15.0.0 onwards, %edition_name% supports mail level backup and restore of Exchange Server 2016 by installing either on the Exchange server 2016 hosting the database or on the remote backup machine.

Exchange Server 2016

Requirements

You are strongly recommended to configure or check all the settings below to confirm all the requirements are met before you proceed with the Exchange Mail Level backup and restoration:

  1. %edition_name% v7.15.0.0 or above must be installed either on the Exchange Server 2016 hosting the database or on the remote backup machine.
  2. %edition_name% v3.3.0.0 or above must be installed either on the Exchange Server 2016 hosting the database or on the remote backup machine.
  3. Make sure the Microsoft Exchange Mailbox feature has been enabled as an add-on module in your %edition_name% user account and there is sufficient Microsoft Exchange Mailbox license quota to cover the backup of your mailboxes.
  4. As %edition_name% licenses are calculated on a per device basis:
  5. Make sure that your %edition_name% user account has sufficient storage quota assigned to accommodate the storage of additional Exchange mailbox and public folder items for the new mail level backup set and retention policy.
  6. The Continuous backup add-on module is required if would like to enable the continuous backup feature.
  7. The default Java heap size setting of %edition_name% is 2048MB. For Exchange 2016 mail level backup, it is highly recommended to increase the Java heap size setting to be at least 4096MB to improve backup and restore performance. The actual heap size is dependent on amount of free memory available on your Exchange 2016 server.
  8. Temporary Directory folder is used by %edition_name% for storing backup set index files and any incremental or differential delta files generated during a backup job. To ensure optimal backup/restoration performance, it is recommended that the temporary directory folder is located on a local drive with sufficient free disk space.
  9. Scheduled backup is required if you choose to back up in DAG option on Exchange server as %edition_name% on all DAG members will base on the scheduled backup time to start backup on all the individual DAG member at the same time. However, scheduled backup is not required for backup and restore on the remote backup machine as the operation for single node can be done either manually or automatically.
  10. Ensure all the nodes have mailbox role by accessing the Exchange Admin Center (EAC).
  11. For %edition_name% installed on the Exchange Server 2016, the operating system must be Windows Server 2012/ 2012 R2/ 2016 or above. For %edition_name% installed on the remote backup machine, the operating system must be Windows 7/ 8/ 8.1/ 10 or Windows Server 2008/ 2008 R2/ 2012/ 2012 R2/ 2016 or above.
  12. One Microsoft Exchange Mailbox license is required for the backup of each user mailbox. No license is required for public folder.
  13. MS Exchange Server 2016 Cumulative Update 4 (CU4) or above is supported.
  14. Windows User account used for the backup must be a member of the following security groups.
  15. Windows user account must have an Exchange Server mailbox. Refer to the URL below for more information: http://support.microsoft.com/kb/275636/en-us
  16. Ensure that the “Hide from address lists” option is unchecked for all mailboxes to be selected for backup. Mailbox hidden from the address list will not be shown in the backup source selection menu.
  17. As Exchange Server 2016 uses EWS API, please ensure port 443 is configured to allow communication between %edition_name% and Exchange Server 2016.
  18. Ensure that all MS Exchange related services have been started, particularly the MS Exchange Information Store.
  19. Ensure the MS Exchange Mailbox and Public Folder databases are mounted.
  20. Ensure the Windows PowerShell 5.1 Engine is installed.
  21. Ensure .Net Framework 4.6.2 Features is installed. Please refer to the following URL for detailed information: https://technet.microsoft.com/en-us/library/aa996719(v=exchg.160).aspx

Supported Backup Source

Below is the supported backup source for mail level backup and restore of Exchange Server 2016.

  1. Mailbox Level: User mailbox, Public Folder mailbox, Public Folder, Room Mailbox, Equipment Mailbox, Shared Mailbox.
  2. Folder Level: Inbox, Drafts, Sent Items, Deleted Items, Archive, Clutter, Junk Email, RSS Feeds, Trash, Tasks, Calendar, Contacts, Notes.

Limitation

  1. For restore of Exchange 2016 Mail Level backup set to alternate location, there is some limitation:
  2. Restore of mailbox items or public folder items is only supported if the according mailbox or public folder exists.
  3. Only Alternate Location is supported for restoring mailbox items to another domain.
  4. If you are trying to restore the mailbox item to a destination mailbox which has a different language setting than the original mailbox, %edition_name% will restore mailbox item(s) to their respective destination folder based on the translation listed below. For folders such as ‘Calendar’ or ‘Notes’, a new folder ‘Calendar’ or ‘Notes’ will be created.
    Backup source (English) Action Destination mailbox with Chinese as default language settings
    Inbox Merge 收件箱
    Outbox Merge 寄件匣
    Sent Items Merge 寄件備份
    Deleted Items Merge 刪除的郵件
    Drafts Merge 草稿
    Junk E-Mail Merge 垃圾電郵
    Calendar Create new folder Calendar
    Notes Create new folder Notes

Best Practice and Recommendation

The following are some best practices or recommendations we strongly recommend you to follow before you start any Exchange Server 2016 Mail Level backup and restore:

  1. Mail Level Backup must be utilized in conjunction with Database Level Backup to fully protect an Exchange Server.
  2. Active Directory server should be protected by regular full Windows System Backup at least once every two weeks.
  3. For %edition_name% installed on Exchange Server, enable scheduled backup jobs when system activity is low to achieve the best possible performance.
  4. The remote backup machine should be on the same LAN as the MS Exchange server for optimal backup and restore performance.
  5. To provide maximum data protection and flexible restore options, it is recommended to configure:
  6. Perform test restores periodically to ensure your backup is set up and performed properly. Performing recovery test can also help identify potential issues or gaps in your recovery plan. It's important that you do not try to make the test easier, as the objective of a successful test is not to demonstrate that everything is flawless. There might be flaws identified in the plan throughout the test and it is important to identify those flaws.
  7. For backup of multiple or mass backup sets, to achieve better backup performance and to minimize any unnecessary loading on the Exchange server, please consider deploying %edition_name% on remote backup machines as distributed backup solution instead of on the MS Exchange server.
  8. For backup of a large number of mailboxes, it is recommended to divide all mailboxes into multiple backup sets.

Setup example for DAG:

Assumption:

  1. There are 3 nodes in the DAG setup, in the following example, we called it node1, node2 and node3.
  2. All the 3 nodes are located in the same timezone.
  3. They can connect to the same backup location, eg: a local shared destination with the same access permission.

Note:

  1. As the same backup set setting is needed to apply on all the machines when
    • the backup set is created or
    • any changes is applied to the backup set,
      eg:
      • change backup schedule
      • backup source selection
      • backup destination
      It is required to export the settings from the node with the last changes and then import to all other nodes. Otherwise, the backup set settings are not synchronized.
      eg:
      If the backup schedule is changed on node1, if the backup set is not synchronized, other nodes will keep running on an old backup schedule and may cause the backup job does not reflect to the actual servers status at the backup moment.
  2. When the settings is imported from other nodes, all the backup set settings on the node will be overwritten.

Steps:

  1. Create/modify Exchange Mail Level DAG backup set in node1, make sure the schedule backup is turned on.
  2. Export settings from node1 in [Utilities] > [Ex/Import Settings]
  3. Import the node1 settings into node2 in [Utilities] > [Ex/Import Settings]
  4. Enable the Schedule backup in node2.
  5. Export settings from node2 in [Utilities] > [Ex/Import Settings]
  6. Import the node2 settings into node3 in [Utilities] > [Ex/Import Settings]
  7. Enable the Schedule backup in node3.
  8. Export settings from node3 in [Utilities] > [Ex/Import Settings]
  9. Import the node3 settings into node1 and node2 in [Utilities] > [Ex/Import Settings]


Create backup set

Field Description
Name This is the name of the backup set. You can create a meaningful name for it.
Backup set type Enter the correct backup type from the drop down box.
Version Enter the correct version of the Exchange server from the drop down box.
Host Hostname of the Exchange server. (for standalone backup option)
Host (DAG Member Server) Hostname of the DAG Member Server. (for DAG backup option)
Username Username of the Windows user account used for backup of the Exchange server.
Password Password of the Windows user account used for backup of the Exchange server.

To create a backup set for standalone backup option:

  1. Type in a meaningful backup set name.
  2. Enter correct backup type, eg: MS Exchange Mail Level Backup.
  3. Enter the version of Exchange server if %edition_name% installed on remote backup machine, eg: Microsoft Exchange Server 2016. If installed on the Exchange Server, %edition_name% will detect the version of Exchange server automatically.
  4. Enter the hostname of the Exchange server.
  5. Enter the username of the Windows user account used for backup of the Exchange server.
  6. Enter the password of the Windows user account used for backup of the Exchange server.
  7. Check the box "Access the Internet through proxy" if required.
  8. Click [Next] button to continue.

To create a backup set for DAG backup option:

  1. Type in a meaningful backup set name.
  2. Enter correct backup type, eg: MS Exchange Mail Level Backup.
  3. Enter the version of Exchange server if %edition_name% installed on remote backup machine, eg: Microsoft Exchange Server 2016 (DAG). If installed on the Exchange Server, %edition_name% will detect the version of Exchange server automatically.
  4. Add the hostname of all the DAG Member Server.
  5. Enter the username of the Windows user account used for backup of the Exchange server.
  6. Enter the password of the Windows user account used for backup of the Exchange server.
  7. Check the box "Access the Internet through proxy" if required.
  8. Click [Next] button to continue.


Exchange Server 2007/ 2010/ 2013

Requirements

Please ensure that following requirements are met by the MS Exchange server / DAG:

  1. %edition_name% is installed on the MS Exchange node with Mailbox role.
  2. If you are using Exchange server 2013 on Windows server 2012, please install ".Net Framework 3.5 Features" under Server Manager > Dashboard > Add Roles and Features Wizard > Feature Page.
  3. PowerShell 2.0 Engine is installed.
  4. LAN Manager authentication level is set to 3 or above. If the LAN Manager authentication level is not set to 3 or above, the error message will be prompted and %edition_name% will ask for the reconfiguration. Server restart is required.
    To check on the setting, refer to this KB article from Microsoft..
  5. Microsoft Messaging Application Programming Interface (MAPI) is installed on the MS Exchange server. (Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 (version 6.5.8320.0 or above) is installed)
  6. The operating system account to be running the Mail Level backup (e.g. administrator) must have a mailbox and is not hidden from the Global Mailbox List.
    Scheduled backup is performed using the operating system account configured in the "User Authentication for Windows" field.
    If such setting is not configured, the scheduled backup would precede with the default Local System account (default log on account for %edition_name% scheduler).
    In this case, the backup will most likely fail with permission denied error.

Granting Privileges:

Mail Level backup requires "Full Mailbox Access" permission for the user running %edition_name%.

Please refer to the following instruction for granting permission to the operating system account to be running the Mail Level backup:

For one specific mailbox

Use the following procedure to grant access to Exchange 2007 mailbox:

  1. Start the "Active Directory Users and Computers" applet.
  2. On the "View" menu, ensure that the "Advanced Features" option is selected.
  3. Right click the user whose mailbox you want to give permissions to and choose "Properties".
  4. On the "Exchange" Advanced tab, click "Mailbox Rights".
  5. Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
  6. Click "Add", click the user or group who you want to have access to this mailbox, and then click [OK].
  7. Ensure that the user or group is selected in the Name box.
  8. In the "Permissions" list, click "Allow" next to "Full Mailbox Access", and then click [OK].
  9. Click [OK] all the way out.
  10. Restart the "Microsoft Exchange Information Store" service.
For mailboxes located within a specific mailbox store

Use the following procedure to grant access to Exchange 2007 mailbox found on a specific mail store:

  1. Start the [Exchange System Manager] applet.
  2. Navigate to the server object within the appropriate Administrative Group.
  3. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right click it and choose [Properties].
  4. In the [Properties] window, go to the [Security] tab.
  5. Click [Add], click the user or group who you want to have access to the mailboxes, and then click [OK].
  6. Be sure that the user or group is selected in the Name box.
  7. In the [Permission] list, check [Allow] next to [Full Control], and then click [OK].
  8. Click [Apply] and [OK].
  9. Restart the [Microsoft Exchange Information Store] service.

For Exchange 2007, please refer to the following instructions:

  1. Add an operating system account to the Exchange 2007 server.

    This account must be a member of the following groups:


  2. Enter the following command in Exchange Management Shell:

    Get-MailboxServer | Add-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to grant the permission for local account "system"

    Get-MailboxServer | Add-ADPermission -User "system" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    To show added permission for an AD account

    Get-MailboxServer | Get-ADPermission -User "%USER%"

    Example, to show added permission for local account "system"

    Get-MailboxServer | Get-ADPermission -User "system"

    To remove permission from an AD account

    Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to remove permission from local account "system"

    Get-MailboxServer | Get-ADPermission -User "system"

    To remove permission from an AD account

    Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to remove permission from local account "system"

    Get-MailboxServer | Remove-ADPermission -User "minimal" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

For Exchange Server 2010 and 2013, please refer to the following instructions:

  1. Add an operating system account to the Exchange 2010/2013 server.

    This account must be a member of the following security groups:


  2. For Exchange 2010, ensure that Update Rollup 3 for Exchange Server 2010 (KB981401) is installed.

    Please refer to the following article for more details: http://www.microsoft.com/download/en/details.aspx?displayLang=en&id=415 .

  3. Enter the following command in Exchange Management Shell:

    Get-Mailbox | Add-MailboxPermission -User "%OS_USERNAME%" -AccessRights FullAccess

    Example:

    Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess

    Other useful commands:

    Remove permission from an AD account

    Get-Mailbox | Remove-MailboxPermission -User "%OS_USERNAME%" -AccessRights FullAccess

    Example:

    Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess

    To view the mailbox permission of a user

    Get-Mailbox | Get-MailboxPermission -User "%OS_USERNAME%"

    Example:

    Get-Mailbox | Get-MailboxPermission -User "SYSTEM"

Setup example for DAG:

Assumption:

  1. There are 3 nodes in the DAG setup, in the following example, we called it node1, node2 and node3.
  2. All the 3 nodes are located in the same timezone.
  3. They can connect to the same backup location, eg: a local shared destination with the same access permission.

Note:

  1. As the same backup set setting is needed to apply on all the machines when
    • the backup set is created or
    • any changes is applied to the backup set,
      eg:
      • change backup schedule
      • backup source selection
      • backup destination
      It is required to export the settings from the node with the last changes and then import to all other nodes. Otherwise, the backup set settings are not synchronized.
      eg:
      If the backup schedule is changed on node1, if the backup set is not synchronized, other nodes will keep running on an old backup schedule and may cause the backup job does not reflect to the actual servers status at the backup moment.
  2. When the settings is imported from other nodes, all the backup set settings on the node will be overwritten.

Steps:

  1. Create/modify Exchange Mail Level DAG backup set in node1, make sure the schedule backup is turned on.
  2. Export settings from node1 in [Utilities] > [Ex/Import Settings]
  3. Import the node1 settings into node2 in [Utilities] > [Ex/Import Settings]
  4. Enable the Schedule backup in node2.
  5. Export settings from node2 in [Utilities] > [Ex/Import Settings]
  6. Import the node2 settings into node3 in [Utilities] > [Ex/Import Settings]
  7. Enable the Schedule backup in node3.
  8. Export settings from node3 in [Utilities] > [Ex/Import Settings]
  9. Import the node3 settings into node1 and node2 in [Utilities] > [Ex/Import Settings]


Create backup set for Exchange Server 2007/ 2010/ 2013

Field Description
Name This is the name of the backup set. You can create a meaningful name for it.
Backup Type Enter the correct backup type from the drop down box.
Version Version of the Exchange server.

To create a backup set:

  1. Type in a meaningful backup set name.
  2. Enter correct backup type, eg: MS Exchange Mail Level Backup.
  3. Enter the version of Exchange server.
  4. Click [Next] button to continue.