Create Backup Set

Overview

Brick-Level backup for Microsoft Exchange Server is not designed to fully protect an Exchange Server, but to facilitate easy backup and fast restore of individual emails, contacts or calendars, etc.

A Brick-Level restore cannot fully recover the Information Store after a disaster.

Important:
If used, a Brick-Level Backup must be utilized in conjunction with full Information Store Backup, in order to fully protect the Exchange Server.



Backup Requirements

Please ensure that following requirements are met by the MS Exchange server / DAG:

  1. %edition_name% is installed on the MS Exchange node with Mailbox role.
  2. If you are using Exchange server 2013 on Windows server 2012, please install ".Net Framework 3.5 Features" under Server Manager > Dashboard > Add Roles and Features Wizard > Feature Page
  3. PowerShell 2.0 Engine is installed.
  4. LAN Manager authentication level is set to 3 or above. If the LAN Manager authentication level is not set to 3 or above, the error message will be prompted and %edition_name% will ask for the reconfiguration. Server restart is required.
    To check on the setting, refer to this KB article from Microsoft..
  5. Microsoft Messaging Application Programming Interface (MAPI) is installed on the MS Exchange server. (Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 (version 6.5.8320.0 or above) is installed)
  6. The operating system account to be running the Brick-Level backup (e.g. administrator) must have a mailbox and is not hidden from the Global Mailbox List.
    Scheduled backup is performed using the operating system account configured in the "User Authentication for Windows" field.
    If such setting is not configured, the scheduled backup would precede with the default Local System account (default log on account for %edition_name% scheduler).
    In this case, the backup will most likely fail with permission denied error.


Granting Privileges:

Brick-Level backup requires "Full Mailbox Access" permission for the user running %edition_name%.

Please refer to the following instruction for granting permission to the operating system account to be running the Brick-Level backup:

For one specific mailbox

Use the following procedure to grant access to Exchange 2007 mailbox:

  1. Start the "Active Directory Users and Computers" applet.
  2. On the "View" menu, ensure that the "Advanced Features" option is selected.
  3. Right click the user whose mailbox you want to give permissions to and choose "Properties".
  4. On the "Exchange" Advanced tab, click "Mailbox Rights".
  5. Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
  6. Click "Add", click the user or group who you want to have access to this mailbox, and then click [OK].
  7. Ensure that the user or group is selected in the Name box.
  8. In the "Permissions" list, click "Allow" next to "Full Mailbox Access", and then click [OK].
  9. Click [OK] all the way out.
  10. Restart the "Microsoft Exchange Information Store" service.
For mailboxes located within a specific mailbox store

Use the following procedure to grant access to Exchange 2007 mailbox found on a specific mail store:

  1. Start the [Exchange System Manager] applet.
  2. Navigate to the server object within the appropriate Administrative Group.
  3. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right click it and choose [Properties].
  4. In the [Properties] window, go to the [Security] tab.
  5. Click [Add], click the user or group who you want to have access to the mailboxes, and then click [OK].
  6. Be sure that the user or group is selected in the Name box.
  7. In the [Permission] list, check [Allow] next to [Full Control], and then click [OK].
  8. Click [Apply] and [OK].
  9. Restart the [Microsoft Exchange Information Store] service.

For Exchange 2007, please refer to the following instructions:

  1. Add an operating system account to the Exchange 2007 server.

    This account must be a member of the following groups:


  2. Enter the following command in Exchange Management Shell:

    Get-MailboxServer | Add-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to grant the permission for local account "system"

    Get-MailboxServer | Add-ADPermission -User "system" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    To show added permission for an AD account

    Get-MailboxServer | Get-ADPermission -User "%USER%"

    Example, to show added permission for local account "system"

    Get-MailboxServer | Get-ADPermission -User "system"

    To remove permission from an AD account

    Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to remove permission from local account "system"

    Get-MailboxServer | Get-ADPermission -User "system"

    To remove permission from an AD account

    Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to remove permission from local account "system"

    Get-MailboxServer | Remove-ADPermission -User "minimal" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

For Exchange Server 2010 and 2013, please refer to the following instructions:

  1. Add an operating system account to the Exchange 2010/2013 server.

    This account must be a member of the following security groups:


  2. For Exchange 2010, ensure that Update Rollup 3 for Exchange Server 2010 (KB981401) is installed.

    Please refer to http://www.microsoft.com/download/en/details.aspx?displayLang=en&id=415 .

  3. Enter the following command in Exchange Management Shell:

    Get-Mailbox | Add-MailboxPermission -User "%OS_USERNAME%" -AccessRights FullAccess

    Example:

    Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess

    Other useful commands:

    Remove permission from an AD account

    Get-Mailbox | Remove-MailboxPermission -User "%OS_USERNAME%" -AccessRights FullAccess

    Example:

    Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess

    To view the mailbox permission of a user

    Get-Mailbox | Get-MailboxPermission -User "%OS_USERNAME%"

    Example:

    Get-Mailbox | Get-MailboxPermission -User "SYSTEM"


Setup example for DAG:

Assumption:

  1. There are 3 nodes in the DAG setup, in the following example, we called it node1, node2 and node3.
  2. All the 3 nodes are located in the same timezone.
  3. They can connect to the same backup location, eg: a local shared destination with the same access permission.

Note:

  1. As the same backup set setting is needed to apply on all the machines when
    • the backup set is created or
    • any changes is applied to the backup set,
      eg:
      • change backup schedule
      • backup source selection
      • backup destination
      It is required to export the settings from the node with the last changes and then import to all other nodes. Otherwise, the backup set settings are not synchronized.
      eg:
      If the backup schedule is changed on node1, if the backup set is not synchronized, other nodes will keep running on an old backup schedule and may cause the backup job does not reflect to the actual servers status at the backup moment.
  2. When the settings is imported from other nodes, all the backup set settings on the node will be overwritten.

Steps:

  1. Create/modify Exchange Mail Level DAG backup set in node1, make sure the schedule backup is turned on.
  2. Export settings from node1 in [Utilities] > [Ex/Import Settings]
  3. Import the node1 settings into node2 in [Utilities] > [Ex/Import Settings]
  4. Enable the Schedule backup in node2.
  5. Export settings from node2 in [Utilities] > [Ex/Import Settings]
  6. Import the node2 settings into node3 in [Utilities] > [Ex/Import Settings]
  7. Enable the Schedule backup in node3.
  8. Export settings from node3 in [Utilities] > [Ex/Import Settings]
  9. Import the node3 settings into node1 and node2 in [Utilities] > [Ex/Import Settings]


Set the name of the backup set

Name This is the name of the backup set. You can create a meaningful name for it.
Backup Type Enter the correct backup type from the drop down box.
Version Version of the Exchange server.

To create a backup set name:

  1. Type in a meaningful backup set name.
  2. Enter correct backup type, eg: MS Exchange Mail Level Backup.
  3. Enter the version of Exchange server.
  4. Click [Next] button to continue.
  5. Note: Click [Next] button again to start the verifying process