Archiving Emails from Microsoft Exchange 2013

This tutorial only covers the specifics of archiving a Microsoft Exchange 2013 server. It is assumed that you already have a MailStore Server installation or test installation and are familiar with the fundamentals of MailStore Server. Please refer to the Quick Start Guide for more information.

MailStore Server offers several ways to archive emails from a Microsoft Exchange 2013 server, which are described below. If you are not sure which archiving method best suits your company, please refer to chapter Choosing the Right Archiving Strategy.

Synchronizing Users

As Microsoft Exchange requires the existence of an Active Directory, it is recommended to set up a synchronization as described in chapter Active Directory Integration of the MailStore Server manual.

Archiving Individual Mailboxes

By following the procedure described here, a single Exchange mailbox can be archived for a specific MailStore user. The archiving process can be executed manually or automatically according to a schedule.

Setting Up the Archiving Process

For each mailbox, please proceed as follows:

Unless the mailbox of the current user is to be archived into his or her own user archive, log on to MailStore Client as MailStore administrator. Only an administrator can archive emails for other users.
Click on Archive Email.
From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
A wizard opens to assist in specifying the archiving settings.
Select Single Mailbox.

Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.

Depending on the protocol chosen, there is the option to Ignore SSL Warnings. Generally, these warnings appear if an unofficial or selfsigned certificate is used on the server.

Under Host, enter the name of the Exchange server.

If it is a externally hosted mailbox you are about to archive and do not know the host name, you can find it out by using the MailStore Exchange Autodiscover Tool.

Under User Name, enter the Windows login name of the user whose emails are to be archived (e.g. [email protected] or [email protected]).

Alternatively, any user with the appropriate access permissions for the mailbox to be archived can be specified. In this case, it is imperative that this mailbox is specified under Mailbox (see below).

Under Password, enter the user’s password.
As long as the user’s email address matches that of the user’s Windows login name, the field Mailbox must be left blank. Otherwise, the user’s primary email address has to be entered here.
Click on Test to verify that MailStore can access the mailbox.
Click on Next.
If needed, adjust the settings for the List of Folders to be Archived, the filter and the Deletion Rules. By default, no emails will be deleted from the mailbox. The Timeout value only has to be adjusted in specific cases (e.g. with very slow servers).

Important notice

Did you specify IMAP as the protocol and have also defined a deletion rule? If so, empty folders (folders containing no emails, such as Deleted Items or Contacts) have to be added to the list of excluded folders manually. This is the only way to avoid these folders being archived and deleted according to the deletion rule specified. Please read more in chapter Archiving Specific Folders.

Click on Next to continue.
If logged on to MailStore Server as MailStore administrator, the Target Archive can be specified. Select the archive of the user for whom the selected mailbox is to be archived. If the user does not exist yet, click on Create a New User.

Click on Next.
In the last step, a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and can be run immediately, if desired.

More information on how to execute archiving profiles can be found under the topic Email Archiving with MailStore Basics

Archiving Multiple Exchange Mailboxes Centrally

With MailStore, some or all mailboxes of an Exchange server can be archived in a single step. All necessary preparations, such as creating MailStore users, can be made automatically. The archiving process can be executed manually or automatically according to a schedule.

Step 1: Setting up a central user for accessing mailboxes

Before the archiving process can be set up in MailStore, a user with access to all mailboxes to be archived has to be created. The corresponding method is called impersonation in Microsoft Exchange.

The following preconditions have to be met to be able to configure Exchange Impersonation:

Administrative access to the Microsoft Exchange 2007 system on which the Client Access Role is installed
Domain Administrator privileges
An installation of Remote PowerShell on the machine which is used to execute the commands or access to the Exchange 2013 Server via Remote Desktop.

The following commands are executed in the Microsoft Exchange Management Shell:

Add access privileges

New-ManagementRoleAssignment -Name:"MailStore Impersonation" `

-Role:ApplicationImpersonation -User:[email protected]

Information Title

[email protected] is the user account in UPN (User Principal Name) notation which you will use to access the mailboxes from MailStore. Please make sure that this user is not a member of any Exchange or Windows administrative group.

Check access privileges

Get-ManagementRoleAssignment -Role:ApplicationImpersonation -RoleAssigneeType:User `

| Format-List *

Get-ManagementRoleAssignment -Identity:"MailStore Impersonation" `

| Format-List *

Remove access privileges

The following command is only to be used, if you want to remove access privileges from [email protected]

Remove-ManagementRoleAssignment "MailStore Impersonation"

Step 2: Configuration of MailStore Server

Please proceed as follows:

Log on to MailStore Client as administrator.
Click on Archive Email.
From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
A wizard opens to assist in specifying the archiving settings.
Select Multiple Mailboxes.
In order to be able to archive multiple mailboxes, some MailStore users along with their email addresses have to exist in the MailStore user management. If this is not the case, MailStore will offer to set up and execute the Active Directory Synchronization at this point. Once completed, the wizard will resume. If Active Directory Synchronization is not desired, the process can be cancelled. In this case, users have to be created manually as described the in chapter User Management. Once finished, click on Archive Email and then on Microsoft Exchange.

Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.

Depending on the protocol chosen, there is the option to Ignore SSL Warnings. Generally, these warnings appear if an unofficial or selfsigned certificate is used on the server.

Under Host, enter the name of the Exchange server.

If it is externally hosted mailboxes you are about to archive and do not know the host name, you can find it out by using the MailStore Exchange Autodiscover Tool.

Under User Name and Password, enter the access data of a user who has access to all the Exchange mailboxes that are to be archived.
Click on Next to continue.

If needed, adjust the settings for the List of Folders to be Archived, the filter and the Deletion Rules. By default, no emails will be deleted from the mailbox. The Timeout value only has to be adjusted in specific cases (e.g. with very slow servers). Please keep in mind that these settings apply to all mailboxes to be archived, as specified at the next step.

Select the users whose mailboxes are to be archived. The following options are available:

All users with configured email address

Choose this option to archive the mailboxes of all users who are set up, along with their email addresses, in MailStore’s user management.

All users except the following

Choose this option to exclude individual users (and thereby their Exchange mailboxes) from the archiving process, using the list of users below.

Only the following users

Choose this option to include individual users (and thereby their Exchange mailboxes) in the archiving process, using the list of users below. Only the mailboxes of those users explicitly specified will be archived.

Synchronize with Active Directory before archiving

If selected, the MailStore user list will be synchronized with Active Directory before any archiving process is executed. This has the advantage that, for example, new employees will be created as MailStore users before archiving, so once the archiving process is executed, their Exchange mailbox is archived automatically as well. This option is especially recommended when the archiving process is to be executed regularly according to a schedule.

In the last step, a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and can be run immediately, if desired.

More information on how to execute archiving profiles can be found under the topic Email Archiving with Mailstore Basics

Archiving Incoming and Outgoing Emails Directly

With the support of the Exchange Server Journaling functionality, MailStore can archive the incoming and outgoing emails of all users automatically. This is the only way to ensure that all emails are archived in their entirety

Basic Functionality

Microsoft Exchange Server provides the option to take down all incoming, outgoing and internal email traffic. At the time of sending and receiving, a copy of the respective email is created and stored in a mailbox called Journal Mailbox. Additionally, the email is provided with a Journal report containing information about the actual senders and recipients.

MailStore can be configured to archive this Journal mailbox at regular intervals. During this process, the emails from the Journal mailbox will be assigned to their respective MailStore users (i.e. their user archives) automatically. This means that all users are able to view only their own emails.

Before the archiving process can be set up in MailStore, Journaling has to be set up for the Exchange Server. Please proceed as follows:

Step 1: Creating a Mailbox for Journaling

To set up a new Exchange user with a meaningful name, e.g. journal, please proceed as follows:

Start the Exchange admin center and click log on.
In the recipientsmailboxes section click on the plus sign (’New’).
Enter journal as Alias.
Select the option New user.
Enter the data as shown below:

Click on More options...
Click on Browse to select a mailbox database.
Click on save. The user journal is created.

Step 2: Configuring Exchange Journaling

Two types of journaling are available in Exchange 2013: standard and premium journaling. While standard journaling always includes all send and received emails of a mailbox database, premium journaling can be limited to particular recipients or distribution lists and the scope (internal, external, global) of the journal rule can be defined. Additionally premium journaling rules can be replicated throughout the whole Exchange organization.

Premium journaling requires Exchange Enterprise CALs.

Configure Standard Journaling

Log on to the Exchange admin center and select the databases tab in the servers section.

Doubleclick on the mailbox database for which you want to set up standard journaling and select the Maintenance tab.
Below Journal recipient: click on browse
Select the user from the recipient list that was created in step 1 and confirm with OK
The following screenshot shows an example of a standard journaling configuration:

To confirm the changes and active the journaling, click on OK.

Once the new configuration has come into effect, a copy of all incoming and outgoing emails is stored in the Journal mailbox (along with a report). MailStore can now be configured to archive the Journal mailbox in regular intervals as described below.

Configure Premium Journaling

Log on to the Exchange admin center and select the journal rules tab in the compliance management section.

Click on + (New)

The dialog window New Journal Rule opens:

Enter a name for the journal rule, e.g. Journaling.
In the If the message is sent to or received from... section select whether the rule should apply to all messages or to specific users or groups.
Under Journal the following messages..., choose whether to capture all messages, internally sent messages only, or only those messages with an external sender or recipient.
Enter the email address of the previously created journal user in the Send journal reports to: box.
Click on save to activate the rule. Please keep in mind that in complex Microsoft Exchange environments it may take several minutes until the new rule becomes effective.

Once the new configuration has come into effect, a copy of all incoming and outgoing emails that adhere to the rule’s parameters is stored in the Journal mailbox (along with a report called Envelope). MailStore can now be configured to archive the Journal mailbox in regular intervals as described below.

Step 3: Configuration of MailStore Server

Please proceed as follows:

Start MailStore Client on the computer that is to execute the archiving task regularly and according to a schedule. This can be the MailStore server machine or any user computer. Log on as administrator.
Click on Archive Email.
From the list in the upper area of the window, select Microsoft Exchange to create a new archiving profile.
A wizard opens to assist in specifying the archiving settings.
Select In- and Outbound Email Automatically.
In order to be able to archive emails immediately upon sending and receiving, some MailStore users along with their email addresses have to exist in the MailStore user management. If this is not the case, MailStore will offer at this point to set up and execute the Active Directory Synchronization. Once completed, the wizard will resume. If Active Directory Synchronization is not desired, the process can be canceled. In this case, users have to be created manually as described in chapter User Management. Once finished, click on Archive Email and then on Microsoft Exchange.

Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.

Depending on the protocol chosen, there is the option to Ignore SSL Warnings. Generally, these warnings appear if an unofficial or selfsigned certificate is used on the server.

Under Host, enter the name of the Exchange server.

If it is a externally hosted mailboxes you are about to archive and do not know the host name, you can find it out by using the MailStore Exchange Autodiscover Tool.

Under User Name and Password, enter the access data of a user who has access to the Exchange Journal mailbox (i.e. the user that has been created when setting up the Journal mailbox).
As long as the user’s email address matches that of the user’s Windows login name, the field Mailbox (opt.) can be left blank. Otherwise, the user’s email address has to be entered here.
Synchronize with Active Directory before archiving (recommended): If this option is selected, the MailStore user list will be synchronized with Active Directory before any archiving process is executed. This has the advantage that, for example, new employees will be created as MailStore users before archiving, so once the archiving process is executed, their Exchange mailbox is archived automatically as well.
Select the option Delete them in origin mailbox only if Exchange Journaling has been tested sufficiently. Even without this setting, MailStore will not archive any duplicate emails.
Click on Test to verify that MailStore can access the mailbox.
Click on Next to continue.

A Timeout value can be specified. Change this value only in case of definite need (e.g. with very slow servers).
Click on Next to continue.
At the last step, a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and can be run immediately, if desired.

More information on how to execute archiving profiles can be found under the topic Email Archiving with Mailstore Basics

Public Folders

MailStore Server can archive the emails from the public folders of Microsoft Exchange servers and make them available to some or all MailStore users. The archiving process can be executed manually or automatically according to a schedule.

Preparation

During archiving, emails are always assigned to individual users. Even when archiving a public folder, the user (or the user archive), for whom the emails are to be archived, has to be specified.

For this reason, first create a MailStore user for whom the public folder is to be archived. This user can be called publicfolder, for example. Next, all other users can be given access to the archive of the user publicfolder. This way, the archived content of the public folder is available to all MailStore users.

If MailStore users are not to have access to the archived public folder, skip this step and simply archive the emails to the user archive of the administrator (admin).

Information about how to create a new user in MailStore is available in the chapter User Management.

To be able to access all objects stored in all public folders without any problems, it is recommended to execute the following commands on the Exchange 2013 server hosting the respective public folders.

First, add the role Public Folder Management to a [email protected]

Add-Rolegroupmember -Identity "Public Folder Management" -Member serviceAccount

Next, use the PowerShell Script AddUsersToPfRecursive.ps1 to add "Editor" permissions for all public folders. Execute it within the Exchange Management Shell.

.AddUsersToPfRecursive.ps1 -TopPublicFolder "" -User [email protected] -Permission Editor

[email protected] is now able to read, write and delete all objects stored in public folders. Don’t forger to substitute [email protected] with the Windows Useraccount in UPN (User Principle name) notation you want to use for archiving.

Setting up the Archiving Process

Please proceed as follows:

Log on to MailStore Client as administrator.
Click on Archive Email.
From the Email Servers list in the Create Profile area of the window, select Microsoft Exchange to create a new archiving profile.
A wizard opens to assist in specifying the archiving settings.
Select Public Folders.

Under Access via, select the protocol to be used to access the Exchange server. Whenever possible, HTTPS should be used.

Depending on the protocol chosen, there is the option to Ignore SSL Warnings. Generally, these warnings appear if an unofficial or selfsigned certificate is used on the server.

Under Host, enter the name of the Exchange server.
Under User Name, enter the Windows login name of the user who has full access to the public folder (e.g. [email protected] or [email protected]).
As long as the user’s email address matches that of the user’s Windows login name, the field Mailbox (opt.) must be left blank. Otherwise, the user’s email address has to be entered here.
Under Password, enter the user’s password.
Change the preset value under Mailbox (opt.) only if needed.
Click on Test to verify that MailStore can access the mailbox.
Click on Next to continue.

If needed, adjust the settings for the List of Folders to be Archived, the filter and the Deletion Rules. By default, no emails will be deleted from the mailbox. The Timeout value only has to be adjusted in specific cases (e.g. with very slow servers).
Click on Next to continue.

At the next step, the Target Archive can be specified. Select the archive of the user for whom the selected mailbox is to be archived (see section "Preparation" above). If the user does not exist yet, please click on Create a New User, then click on Next.
At the last step, a name for the archiving profile can be specified. After clicking Finish, the archiving profile will be listed under Saved Profiles and can be run immediately, if desired.

More information on how to execute archiving profiles can be found under the topic Email Archiving with MailStore Basics

Shared Mailboxes

Shared mailboxes grant multiple users shared access to a mailbox, somewhat comparable to public folders.

Create a MailStore Server User for a Shared Mailbox

A shared mailbox is a special kind of mailbox thatm in contrast to a normal mailbox, is associated with a disabled Active Directory account. MailStore Server is able to create MailStore Server user entries for such mailboxes via Active Directory Synchronization. For this, you have to deactivate the option Synchronize enabled users only in the section User Database Synchronization.
After synchronization you can grant MailStore Server users access to the archive of the shared mailbox by assigning privileges.

Archiving Shared Mailboxes

In order to archive emails from a shared mailbox you must grant a user account full access to that mailbox (either by delegated access or impersonation) because the Active Directory user account associated with that mailbox is disabled. You can use the service account you created in Archiving Multiple Exchange Mailboxes Centrally for this purpose.

Once you have created the service account, setup a new Single Mailbox archiving profile. Enter the credentials of the service account and fill the optional Mailbox field with the primary e-mail address of your shared mailbox.

Further steps are analog to the archiving of individual Exchange mailboxes.

Throttling in Exchange 2013

Exchange 2013 supports throttling since the RTM version. With throttling you can control, on the server side, the speed as well as the amount of emails individual users can download from the server. For Exchange 2013 this is a standard feature.

Always enter the UPN (User Principal Name) of the Window user used for archiving as serviceaccount.

Determining the Throttling Policy Applied to the MailStore serviceaccount

You can use the following Powershell script to check if the serviceaccount that MailStore uses for archiving is slowed down by a throttling policy:

Param([Parameter(Mandatory=$True)][string]$serviceAccount)

$policy = (Get-ThrottlingPolicyAssociation -Identity $serviceAccount).ThrottlingPolicyId

$policy = switch($policy) {$null {Get-ThrottlingPolicy | Where ThrottlingPolicyScope -eq `

’Global’} default {$policy | Get-ThrottlingPolicy}}

$policy | format-list -property Name, ThrottlingPolicyScope, EWS*

To use the script, please copy the entire content into a text editor and save the script as policycheck.ps1 (on the desktop of the Exchange server, for example).

The script can now be executed from the Exchange Management Shell with the UPN (User Principal Name) of the Windows user who is used for archiving as parameter. Since, in the context of MailStore Server, only the EWS* values are of any interest, the following result may be displayed:

[PS] C:UsersAdministratorDesktop>.policycheck.ps1 [email protected]

Name : GlobalThrottlingPolicy_b4ef32cb-3677-44fd-be1a-ad784931f16f

ThrottlingPolicyScope : Global

EwsMaxConcurrency : 27

EwsMaxBurst : 300000

EwsRechargeRate : 900000

EwsCutoffBalance : 3000000

EwsMaxSubscriptions : 5000

In this case, no separate policy exists for the serviceaccount. Since the property ThrottlingPolicyScope has the value ’Global’, the global throttling policy of the system applies to the serviceaccount. If the value was ’Regular’, an individual policy would already have been applied to the serviceaccount whose name would be listed under Name.

Creating and Assigning an Individual Throttling Policy

To avoid interfering with the overall stability of the Exchange 2013 system by using a too liberal policy definition of the default throttling policy, it is advisable to create a separate policy for the serviceaccount. Only two lines are necessary to create a throttling policy for the serviceaccount which is customized for MailStore:

New-ThrottlingPolicy MailStoreServerPolicy -EWSMaxConcurrency Unlimited `

-EWSMaxSubscriptions Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited `

-EwsRechargeRate Unlimited -IsServiceAccount -ThrottlingPolicyScope Regular

Set-ThrottlingPolicyAssociation -Identity [email protected] `

-ThrottlingPolicy MailStoreServerPolicy

In line 1, a new throttling policy with the desired values is created, in line 2, this individual throttling policy is assigned to the serviceaccount. The result can be checked again with the script listed above:

[PS] C:UsersAdministratorDesktop>.policycheck.ps1 [email protected]

Name : MailStoreServerPolicy

ThrottlingPolicyScope : Regular

EwsMaxConcurrency : Unlimited

EwsMaxBurst : Unlimited

EwsRechargeRate : Unlimited

EwsCutoffBalance : Unlimited

EwsMaxSubscriptions : Unlimited

Removing and Deleting an Individual Throttling Policy

To delete an individual throttling policy from a mailbox or user account, execute the following command in the Exchange Management Shell:

Set-ThrottlingPolicyAssociation -Identity [email protected] -ThrottlingPolicy $null

This ends the assignment of a throttling policy. To delete the throttling policy from the Exchange system, execute the following command in the Exchange Management Shell:

Remove-ThrottlingPolicy MailStoreServerPolicy

Confirm this by entering "Y". The policy is now completely deleted from the system.