Create Backup Set

Key:

Field Description
Name The name of the backup set.
Backup set type The backup set type, e.g. MS Exchange Mail Level Backup
Version Version of the Exchange server.
Host Hostname of the Exchange server (for standalone backup option) or DAG Member Server (for DAG backup option). This will only be visible if the version selected is 2013 or later.
Username Username of the Windows user account used for backup of the Exchange server. This will only be visible if the version selected is 2013 or later.
Password Password of the Windows user account used for backup of the Exchange server, cannot be edited. This will only be visible if the version selected is 2013 or later.
Access the Internet through Proxy Checkbox will be ticked if proxy will be used to access the internet, cannot be edited. This will only be visible if the version selected is 2013 or later.

Overview

Mail Level Backup must be utilized in conjunction with full Information Store Backup as Mail Level backup for Microsoft Exchange Server is not designed to fully protect an Exchange Server, but to facilitate easy backup and fast restoration of individual emails, contacts, calendars or public folder, etc.

%edition_name% supports standalone backup option and Database Availability Group (DAG) backup option for Exchange server mail level backup.

Advisory on Supported Protocol for Microsoft Exchange 2013

This advisory will explain the supported protocol for the Microsoft Exchange Server 2013. It will also discuss the difference of the old and new protocol to allow users to understand more effectively.

Microsoft Exchange Server 2013 mail level backups which uses the protocol Messaging Application Programming Interface (MAPI) will no longer be supported as of MS Exchange 2013 Cumulative Update 23 and later due to limitations and functionality issues with MAPI, instead this will be replaced by EWS API.

What is the difference between MAPI and EWS API?

MAPI is a client protocol that lets users access their mailbox by using Outlook or other MAPI email clients originally designed by Microsoft in 1987.

EWS API is a newer protocol that allows programmers to access Microsoft Exchange items such as calendars, contacts, and email.

Both are protocols introduced by Microsoft intended for client applications to access information stored in MS Exchange. However, due to limitations with MAPI, it will be replaced by the EWS API.

Exchange Server 2013/2016/2019 (EWS API)

Requirements:

You are strongly recommended to configure or check all the settings below to confirm all the requirements are met before you proceed with the Exchange Mail Level backup and restoration:

  1. %edition_name% v8.1.0.0 or later must be installed either on the Exchange Server 2016/ 2019 hosting the database or on the remote backup machine.
  2. %edition_name% v8.3.0.96 or later must be installed either on the Exchange Server 2013 hosting the database or on the remote backup machine.
  3. Make sure the Microsoft Exchange Mailbox feature has been enabled as an add-on module in your %edition_name% user account and there is sufficient Microsoft Exchange Mailbox license quota to cover the backup of your mailboxes.
  4. To avoid unexpected java crash, if the Windows machine is a guest VM hosted on a VMware Host then it is highly recommended that the VMware tools version installed on the guest VM must be 10.0.5 or later.
  5. As %edition_name% licenses are calculated on a per device basis:
  6. Make sure that your %edition_name% user account has sufficient storage quota assigned to accommodate the storage of additional Exchange mailbox and public folder items for the new mail level backup set and retention policy.
  7. The Continuous backup add-on module is required if would like to enable the continuous backup feature.
  8. The default Java heap size setting of %edition_name% is 2048MB. For Exchange 2013/2016/2019 mail level backup, it is highly recommended to increase the Java heap size setting to be at least 4096MB to improve backup and restore performance. The actual heap size is dependent on amount of free memory available on your Exchange 2013/2016/2019 server.
  9. Temporary Directory folder is used by %edition_name% for storing backup set index files and any incremental or differential delta files generated during a backup job. To ensure optimal backup/restoration performance, it is recommended that the temporary directory folder is located on a local drive with sufficient free disk space.
  10. Scheduled backup is required if you choose to back up in DAG option on Exchange server as %edition_name% on all DAG members will base on the scheduled backup time to start backup on all the individual DAG member at the same time. However, scheduled backup is not required for backup and restore on the remote backup machine as the operation for single node can be done either manually or automatically.
  11. Ensure all the nodes have mailbox role by accessing the Exchange Admin Center (EAC).
  12. For %edition_name% installed on the Exchange Server 2013/2016/2019, the operating system must be Windows Server 2012/ 2012 R2/ 2016 or later. For %edition_name% installed on the remote backup machine, the operating system must be Windows 7/ 8/ 8.1/ 10 or Windows Server 2008/ 2008 R2/ 2012/ 2012 R2/ 2016 or later.
  13. One Microsoft Exchange Mailbox license is required for the backup of each user mailbox. No license is required for public folder.
  14. Supported Exchange Server 2013/2016/2019 Version:
  15. Windows User account used for the backup must be a member of the following security groups.
  16. Windows user account must have an Exchange Server mailbox. Refer to the URL below for more information: http://support.microsoft.com/kb/275636/en-us
  17. Ensure that the “Hide from address lists” option is unchecked for all mailboxes to be selected for backup. Mailbox hidden from the address list will not be shown in the backup source selection menu.
  18. As Exchange Server 2013/2016/2019 uses EWS API, please ensure port 443 is configured to allow communication between %edition_name% and Exchange Server 2013/2016/2019.
  19. Ensure that all MS Exchange related services have been started, particularly the MS Exchange Information Store.
  20. Ensure the MS Exchange Mailbox and Public Folder databases are mounted.
  21. Windows PowerShell
  22. .Net Framework
  23. For MS Exchange Server 2013, the Remote Exchange Management Shell must be enabled for the operating system account used for the backup.

  24. Supported Backup Source

    Below is the supported backup source for mail level backup and restore of Exchange Server 2016.

    1. Mailbox Level: User mailbox, Public Folder mailbox, Public Folder, Room Mailbox, Equipment Mailbox, Shared Mailbox.
    2. Folder Level: Inbox, Drafts, Sent Items, Deleted Items, Archive, Clutter, Junk Email, RSS Feeds, Trash, Tasks, Calendar, Contacts, Notes.

    Limitation

    1. For restore of Exchange 2013/2016/2019 Mail Level backup set to alternate location, there is some limitation:
      • If you are trying to restore item(s) from one mailbox to an alternate location mailbox, %edition_name% will restore the item(s) to their respective destination folder(s) with the same name of the original folder(s).
        Example: Item from “Inbox” folder of Mailbox-A will be restored to the “Inbox” folder of the alternate location Mailbox-B; Item from “Drafts” folder of Mailbox-A will be restored to the “Drafts” folder of the alternate location Mailbox-B.
      • If you are trying to restore item(s) form several mailboxes to an alternate location mailbox, %edition_name% will restore the item(s) to their respective destination folder(s) with the same name of the original folder(s).
        Example: Item from “Inbox” folder of Mailbox-A and Mailbox-B will be restored to the “Inbox” folder of the alternate location Mailbox-C.
      • Restore of public folder item(s) to an alternate location mailbox is not supported.
        Example: Restore of public folder items from Mailbox-A to alternate location Mailbox-B is not supported.
    2. Restore of mailbox items or public folder items is only supported if the according mailbox or public folder exists.
    3. Only Alternate Location is supported for restoring mailbox items to another domain.
    4. If you are trying to restore the mailbox item to a destination mailbox which has a different language setting than the original mailbox, %edition_name% will restore mailbox item(s) to their respective destination folder based on the translation listed below. For folders such as ‘Calendar’ or ‘Notes’, a new folder ‘Calendar’ or ‘Notes’ will be created.
      Backup source (English) Action Destination mailbox with Chinese as default language settings
      Inbox Merge 收件箱
      Outbox Merge 寄件匣
      Sent Items Merge 寄件備份
      Deleted Items Merge 刪除的郵件
      Drafts Merge 草稿
      Junk E-Mail Merge 垃圾電郵
      Calendar Create new folder Calendar
      Notes Create new folder Notes

    Best Practice and Recommendation

    The following are some best practices or recommendations we strongly recommend you to follow before you start any Exchange Server 2013/2016/2019 Mail Level backup and restore:

    1. Mail Level Backup must be utilized in conjunction with Database Level Backup to fully protect an Exchange Server.
    2. Active Directory server should be protected by regular full Windows System Backup at least once every two weeks.
    3. For %edition_name% installed on Exchange Server, enable scheduled backup jobs when system activity is low to achieve the best possible performance.
    4. The remote backup machine should be on the same LAN as the MS Exchange server for optimal backup and restore performance.
    5. To provide maximum data protection and flexible restore options, it is recommended to configure:
      • At least one offsite or cloud destination
      • At least one local destination for fast recovery
    6. Perform test restores periodically to ensure your backup is set up and performed properly. Performing recovery test can also help identify potential issues or gaps in your recovery plan. It's important that you do not try to make the test easier, as the objective of a successful test is not to demonstrate that everything is flawless. There might be flaws identified in the plan throughout the test and it is important to identify those flaws.
    7. For backup of multiple or mass backup sets, to achieve better backup performance and to minimize any unnecessary loading on the Exchange server, please consider deploying %edition_name% on remote backup machines as distributed backup solution instead of on the MS Exchange server.
    8. For backup of a large number of mailboxes, it is recommended to divide all mailboxes into multiple backup sets.

    Setup example for DAG:

    Assumption:

    1. There are 3 nodes in the DAG setup, in the following example, we called it node1, node2 and node3.
    2. All the 3 nodes are located in the same timezone.
    3. They can connect to the same backup location, eg: a local shared destination with the same access permission.

    Note:

    1. As the same backup set setting is needed to apply on all the machines when
      • the backup set is created or
      • any changes is applied to the backup set,
        eg:
        • change backup schedule
        • backup source selection
        • backup destination
        It is required to export the settings from the node with the last changes and then import to all other nodes. Otherwise, the backup set settings are not synchronized.
        eg:
        If the backup schedule is changed on node1, if the backup set is not synchronized, other nodes will keep running on an old backup schedule and may cause the backup job does not reflect to the actual servers status at the backup moment.
    2. When the settings is imported from other nodes, all the backup set settings on the node will be overwritten.

    Steps:

    1. Create/modify Exchange Mail Level DAG backup set in node1, make sure the schedule backup is turned on.
    2. Export settings from node1 in [Utilities] > [Ex/Import Settings]
    3. Import the node1 settings into node2 in [Utilities] > [Ex/Import Settings]
    4. Enable the Schedule backup in node2.
    5. Export settings from node2 in [Utilities] > [Ex/Import Settings]
    6. Import the node2 settings into node3 in [Utilities] > [Ex/Import Settings]
    7. Enable the Schedule backup in node3.
    8. Export settings from node3 in [Utilities] > [Ex/Import Settings]
    9. Import the node3 settings into node1 and node2 in [Utilities] > [Ex/Import Settings]


    To create a backup set for standalone backup option:

    1. Type in a meaningful backup set name.
    2. Enter correct backup type, eg: MS Exchange Mail Level Backup.
    3. Enter the version of Exchange server if %edition_name% installed on remote backup machine, eg: Microsoft Exchange Server 2013/2016/2019. If installed on the Exchange Server, %edition_name% will detect the version of Exchange server automatically.
    4. Enter the hostname of the Exchange server.
    5. Enter the username of the Windows user account used for backup of the Exchange server.
    6. Enter the password of the Windows user account used for backup of the Exchange server.
    7. Check the box "Access the Internet through proxy" if required.
    8. Click [Next] button to continue.

    To create a backup set for DAG backup option:

    1. Type in a meaningful backup set name.
    2. Enter correct backup type, eg: MS Exchange Mail Level Backup.
    3. Enter the version of Exchange server if %edition_name% installed on remote backup machine, eg: Microsoft Exchange Server 2013/2016/2019 (DAG). If installed on the Exchange Server, %edition_name% will detect the version of Exchange server automatically.
    4. Add the hostname of all the DAG Member Server.
    5. Enter the username of the Windows user account used for backup of the Exchange server.
    6. Enter the password of the Windows user account used for backup of the Exchange server.
    7. Check the box "Access the Internet through proxy" if required.
    8. Click [Next] button to continue.



    Exchange Server 2007/2010/2013 (MAPI)

    Requirements

    Please ensure that following requirements are met by the MS Exchange server / DAG:

    1. %edition_name% is installed on the MS Exchange node with Mailbox role.
    2. If you are using Exchange server 2013 on Windows server 2012, please install ".Net Framework 3.5 Features" under Server Manager > Dashboard > Add Roles and Features Wizard > Feature Page.
    3. PowerShell 2.0 Engine is installed.
    4. LAN Manager authentication level is set to 3 or later. If the LAN Manager authentication level is not set to 3 or later, the error message will be prompted and %edition_name% will ask for the reconfiguration. Server restart is required.
      To check on the setting, refer to this KB article from Microsoft..
    5. Microsoft Messaging Application Programming Interface (MAPI) is installed on the MS Exchange server. (Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 (version 6.5.8320.0 or later) is installed)
    6. The operating system account to be running the Mail Level backup (e.g. administrator) must have a mailbox and is not hidden from the Global Mailbox List.
      Scheduled backup is performed using the operating system account configured in the "User Authentication for Windows" field.
      If such setting is not configured, the scheduled backup would proceed with the default Local System account (default log on account for %edition_name% scheduler).
      In this case, the backup will most likely fail with permission denied error.

    Granting Privileges:

    Mail Level backup requires "Full Mailbox Access" permission for the user running %edition_name%.

    Please refer to the following instruction for granting permission to the operating system account to be running the Mail Level backup:

    For one specific mailbox

    Use the following procedure to grant access to Exchange 2007 mailbox:

    1. Start the [Active Directory Users and Computers] applet.
    2. On the [View] menu, ensure that the [Advanced Features] option is selected.
    3. Right click the user whose mailbox you want to give permissions to and choose [Properties].
    4. On the [Exchange] Advanced tab, click [Mailbox Rights].
    5. Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
    6. Click [Add], click the user or group who you want to have access to this mailbox, and then click [OK].
    7. Ensure that the user or group is selected in the Name box.
    8. In the [Permissions] list, click [Allow] next to [Full Mailbox Access], and then click [OK].
    9. Click [OK] all the way out.
    10. Restart the [Microsoft Exchange Information Store] service.

    For mailboxes located within a specific mailbox store

    Use the following procedure to grant access to Exchange 2007 mailbox found on a specific mail store:

    1. Start the [Exchange System Manager] applet.
    2. Navigate to the server object within the appropriate Administrative Group.
    3. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right click it and choose [Properties].
    4. In the [Properties] window, go to the [Security] tab.
    5. Click [Add], click the user or group who you want to have access to the mailboxes, and then click [OK].
    6. Be sure that the user or group is selected in the Name box.
    7. In the [Permission] list, check [Allow] next to [Full Control], and then click [OK].
    8. Click [Apply] and [OK].
    9. Restart the [Microsoft Exchange Information Store] service.

    For Exchange 2007, please refer to the following instructions:

    1. Add an operating system account to the Exchange 2007 server.

      This account must be a member of the following groups:

      • Local Administrators (Built in)
      • Domain Admins group
      • Enterprise Admins group

    2. Enter the following command in Exchange Management Shell:

      Get-MailboxServer | Add-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

      Example, to grant the permission for local account "system"

      Get-MailboxServer | Add-ADPermission -User "system" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

      To show added permission for an AD account

      Get-MailboxServer | Get-ADPermission -User "%USER%"

      Example, to show added permission for local account "system"

      Get-MailboxServer | Get-ADPermission -User "system"

      To remove permission from an AD account

      Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

      Example, to remove permission from local account "system"

      Get-MailboxServer | Get-ADPermission -User "system"

      To remove permission from an AD account

      Get-MailboxServer | Remove-ADPermission -User "%USER%" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

      Example, to remove permission from local account "system"

      Get-MailboxServer | Remove-ADPermission -User "minimal" -AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    For Exchange Server 2010 and 2013, please refer to the following instructions:

    1. Add an operating system account to the Exchange 2010/2013 server.

      This account must be a member of the following security groups:

      • Microsoft Exchange Security\Organization Management
      • Users\Administrator
      • Users\Domain Admins
      • Users\Enterprise Admins

    2. For Exchange 2010, ensure that Update Rollup 3 for Exchange Server 2010 (KB981401) is installed.

      Please refer to the following article for more details: http://www.microsoft.com/download/en/details.aspx?displayLang=en&id=415 .

    3. Enter the following command in Exchange Management Shell:

      Get-Mailbox | Add-MailboxPermission -User "%OS_USERNAME%" -AccessRights FullAccess

      Example:

      Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess

      Other useful commands:

      Remove permission from an AD account

      Get-Mailbox | Remove-MailboxPermission -User "%OS_USERNAME%" -AccessRights FullAccess

      Example:

      Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess

      To view the mailbox permission of a user

      Get-Mailbox | Get-MailboxPermission -User "%OS_USERNAME%"

      Example:

      Get-Mailbox | Get-MailboxPermission -User "SYSTEM"

    Setup example for DAG:

    Assumption:

    1. There are 3 nodes in the DAG setup, in the following example, we called it node1, node2 and node3.
    2. All the 3 nodes are located in the same timezone.
    3. They can connect to the same backup location, eg: a local shared destination with the same access permission.

    Note:

    1. As the same backup set setting is needed to apply on all the machines when
      • the backup set is created or
      • any changes is applied to the backup set,
        eg:
        • change backup schedule
        • backup source selection
        • backup destination
        It is required to export the settings from the node with the last changes and then import to all other nodes. Otherwise, the backup set settings are not synchronized.
        eg:
        If the backup schedule is changed on node1, if the backup set is not synchronized, other nodes will keep running on an old backup schedule and may cause the backup job does not reflect to the actual servers status at the backup moment.
    2. When the settings is imported from other nodes, all the backup set settings on the node will be overwritten.

    Steps:

    1. Create/modify Exchange Mail Level DAG backup set in node1, make sure the schedule backup is turned on.
    2. Export settings from node1 in [Utilities] > [Ex/Import Settings]
    3. Import the node1 settings into node2 in [Utilities] > [Ex/Import Settings]
    4. Enable the Schedule backup in node2.
    5. Export settings from node2 in [Utilities] > [Ex/Import Settings]
    6. Import the node2 settings into node3 in [Utilities] > [Ex/Import Settings]
    7. Enable the Schedule backup in node3.
    8. Export settings from node3 in [Utilities] > [Ex/Import Settings]
    9. Import the node3 settings into node1 and node2 in [Utilities] > [Ex/Import Settings]


    To create a backup set:

    1. Type in a meaningful backup set name.
    2. Select the backup set type.
    3. Enter the version of Exchange server.
    4. Enter the host, only for Microsoft Exchange Server 2013 or later.
    5. Enter the username, only for Microsoft Enchange Server 2013 or later.
    6. Enter the password, only for Microsoft Enchange Server 2013 or later.
    7. Option: Check the 'Access the Internet through proxy' check box if you need to access the internet by proxy server, only for Microsoft Enchange Server 2013 or later.
    8. Option: Click on [Test] button to check the connection. Message will be prompted about the connection status. If the connection has failed, check on the host, username and password that you typed and try the connection again. Only for Microsoft Enchange Server 2013 or later
    9. Click the [Next] button to continue.