How to move archive-enabled mailboxes from one Exchange server to another

Article:TECH48928  |  Created: 2010-01-15  |  Updated: 2014-09-17  |  Article URL http://www.symantec.com/docs/TECH48928
Article Type
Technical Solution

Product(s)

Issue



Enterprise Vault contains tools and features that allow an administrator to move mailboxes that are enabled for archiving from one Exchange server to another while preserving the association between the mailbox and the archive. This article will describe the procedure for performing such a move.


Environment



The instructions below generally assume an environment using Exchange 2007 or later (i.e., one where Powershell-based management of Exchange is available). Alternate instructions for Exchange 2003 environments are explicitly noted or linked where appropriate.

These instructions also apply for moving archived mailboxes to both Exchange 2010 and Exchange 2013 environments.


Solution



There are four major parts to adding a new Enterprise Vault (EV) archiving-enabled Exchange Server and moving users' mailboxes to it.

Watch a video explanation of all four parts:

 

Part I - EV's Permissions to Exchange

Part II - The EV System Mailbox

Part III - Target, Task, and SynchInMigrationMode

Part IV - Moving Users and Synching Hidden Messages

 

Part I - EV's Permissions to Exchange

Watch a video explanation of this section:

 

1.    Run the Enterprise Vault Deployment Scanner to determine whether EV has the required permissions to the new Exchange Server.

a.    Navigate to the EV installation directory and run the file Deployment_Scanner.exe.

b.    Click Next to skip the Welcome screen.

c.    On the second page, type the fully qualified domain name of the new Exchange Server into the Microsoft Exchange Server(s): field and click the Add button

d.    Click Next twice to advance through the remainder of the screens.

e.    The Deployment Scanner will test EV’s permissions on Exchange and other key resources. This can take a few minutes.

f.     If the Results screen shows , then EV has all the required permissions to Exchange. Skip to Part II.

g.    If the Results screen shows , then EV does not yet have all the required permissions to Exchange. Continue with these steps.

h.    Click Finish to close the Deployment Scanner.

2.    Set the required permissions for Enterprise Vault on Exchange.

a.    The instructions for Exchange 2003 can be found in this KB article.

b.    For environments in which Exchange 2007 or later is present, run the SetEVExchangePermissions.ps1 PowerShell script.

Note: If the target server is Exchange 2010, verify the server has been added correctly to the EV Admin Console (TECH165220).

                                          i.    Find the script in the PowerShellScripts folder in the EV installation directory or on the EV installation media.

                                        ii.    Copy the script to an Exchange Server.

                                       iii.    Run the script from the Exchange Management Shell.

1.    The command syntax is:
.\SetEVExchangePermissions.ps1 –user DOMAIN\Vault_Service_Account

2.    Replace the italicized section with the appropriate VSA information for the environment.

                                       iv.    The output of the command will show the permissions that have been modified.

                                        v.    A table of all the permissions set by the script is available in this KB article. (This table can also be used as a reference when setting the permissions manually with ADSIEdit.msc.) 

3.    Run the Deployment Scanner again to verify that the proper permissions have now been set.

a.    Navigate to the EV installation directory and run the file Deployment_Scanner.exe.

b.    Click Next to skip the Welcome screen.

c.    On the second page, the fully qualified domain name of the new Exchange Server should remain listed from the last time the Deployment Scanner was run.

d.    Click Next twice to advance through the remainder of the screens.

e.    The Deployment Scanner will test EV’s permissions on Exchange and other key resources. This can take a few minutes.

f.     If the Results screen shows , then EV has all the required permissions to Exchange.

g.    Click Finish to close the Deployment Scanner.



 

Part II – The EV System Mailbox

Watch a video explanation of this section:

1.    EV requires an EV System Mailbox on each Exchange Server that it archives.

a.    Create a mailbox on the new Exchange Server using the Exchange Management Console or Exchange Management Shell.

b.    Do not reuse an existing mailbox, such as the Vault Service Account’s or an Exchange System Mailbox. This should be a dedicated mailbox just for EV to use for archiving this Exchange Server.

2.    The Vault Service Account requires the “Send As” permission on the EV System Mailbox.

a.    Open Exchange Management Shell.

b.    Run the following command, substituting appropriate values for the italicized sections:
Add-ADPermission –Identity Name_of_EV_System_Mailbox –User DOMAIN\Vault_Service_Account –AccessRights ExtendedRight –ExtendedRights “send as”

Note that the Identity parameter takes the Display Name of the EV System Mailbox, which should be enclosed by quotation marks if it contains any spaces, as in the example screenshot below.
 


3.    Verify that the Vault Service Account can send mail using the EV System Mailbox.

a.    Log onto the EV server as the Vault Service Account.

b.    Create a new mail profile for the EV System Mailbox.

                                          i.    Open the Control Panel.

                                        ii.    Open the Mail applet. On a 64-bit operating system this will be called Mail (32-bit).

                                       iii.    Click Show Profiles…

                                       iv.    Click Add…

                                        v.    Type EV System Mailbox or something similarly appropriate in the Profile Name field and click OK.

                                       vi.    Choose the Microsoft Exchange mail service (depending on the version of Exchange, it may be necessary first to choose Manually configure server settings).

                                      vii.    Type the name of the appropriate Exchange Server in the Server: field.

1.    For Exchange 2010 and later, this is a server with the CAS role.

2.    For Exchange 2007 and earlier, this is the server that hosts the EV System Mailbox.

                                    viii.    Type the Display Name of the EV System Mailbox in the User Name: field.

                                       ix.    Click Check Name to verify that the name resolves.

                                        x.    Click Next and Finish to exit the wizard and OK to close the Mail applet.

c.    Open Outlook using this new profile and send a test e-mail to a known good mailbox.



 

Part III – Target, Task, and SynchInMigrationMode

Watch a video explanation of this section:

1.    Add a new Exchange Server target in EV.

a.    Refer to this KB article for detailed instructions.

b.    The Archiving Task for this Exchange Server will be created automatically when you add the target.

2.    Implement the SynchInMigrationMode Registry setting.

a.    Create the DWORD in the Windows Registry as described in this KB article.

b.    Set the value to 1.



 

Part IV – Moving Users and Synching Hidden Messages

Watch a video explanation of this section:

1.    Move a test user’s mailbox to the new Exchange Server.

a.    The details of moving mailboxes differ by Exchange version and can be found in the Exchange documentation.

2.    Provision and Synchronize the mailbox in EV.

a.    Explanation

                                          i.    The Provisioning Task is responsible for reading from Active Directory which mailboxes reside on which Exchange Servers. The Provisioning Task records this information in EV’s Directory database.

                                        ii.    The information recorded in the database is then used to update EV’s hidden message in the mailbox, which is a mailbox-specific record of archiving settings. The process of writing these updates to the hidden message is called Synchronization and is performed by the Mailbox Archiving Task that corresponds to the Exchange Server on which the mailbox resides.

                                       iii.    Both Provisioning and Synchronization typically run on a schedule, so by simply waiting a day, everything in the instructions section below should take care of itself. The instructions are provided so that the results can be seen immediately for a single test user if desired.

b.    Instructions

                                          i.    In the Vault Admin Console, navigate to Enterprise Vault Servers > Server Name > Tasks.

                                        ii.    Right-click the Provisioning Task and click Run Now…

                                       iii.    Select Normal Mode and click OK.

                                       iv.    The Status column will change to Processing and then return to Running after a short while, indicating that the Provisioning run is complete.

                                        v.    Right-click the Mailbox Archiving Task for the server housing the moved mailbox. Choose Properties.

                                       vi.    Click the Synchronization tab.

                                      vii.    Choose Selected Mailboxes and click Synchronize.

                                    viii.    Choose List all available mailboxes and click OK.

                                       ix.    Select the mailbox for the test user that was moved and click OK.

                                        x.    After a few moments, a dialog box will appear stating the result of the synchronization. Click OK to dismiss it.

c.    Verification

                                          i.    Use the Vault Information dialog on the test user’s workstation to verify that the hidden message has been updated.

1.    Open Outlook and log onto the test user’s mailbox. The EV Outlook Add-in must be installed.

2.    Hold CTRL + Shift while clicking on any of the EV toolbar buttons.

3.    In the resulting Enterprise Vault Diagnostics dialog, click the Vault Information button in the lower left. This will open a long list of Enterprise Vault settings.

4.    Scroll through the list to find the heading HIDDEN MESSAGES IN FOLDER and the subheading IPM.Note.EnterpriseVault.Settings, which contains a list of values found in the EV hidden message.

5.    Confirm that the setting MAILBOXSERVER lists as its value the name of the new Exchange Server to which the mailbox was moved.

3.    Move, Provision, and Synchronize the remaining users.

a.    Recall that, by default, Provisioning and Synchronization of all users happens automatically on a schedule, or they can be invoked immediately as described above.

4.    Remove the SynchInMigrationMode Registry setting when all desired mailboxes have been moved, Provisioned, and Synchronized.

a.    Delete the setting from the Registry or set its value to 0 to disable it.

 

Additional notes on the SynchInMigrationMode Registry setting:

·         SynchInMigrationMode controls whether EV attempts to preserve the link between a user mailbox and its archive. (The setting does not affect journal mailboxes.)

·         It does so by comparing a value called LegacyMbxDN in the EV Directory database between its existing record of the mailbox on the former Exchange Server and the new record of the mailbox on the current Exchange Server. The LegacyMbxDN value is based on an Active Directory attribute called legacyExchangeDN which remains constant regardless of where the mailbox moves; EV uses this as an anchor to identify the mailbox uniquely as it traverses the Exchange environment. Click here for a diagram.

·         Because EV’s archiving model is constructed around the Exchange Server, a moved mailbox is seen as a new mailbox by EV (it is new to that server, after all). When the LegacyMbxDN of a new mailbox matches that of one already in EV’s records, EV defaults to archiving neither mailbox and simply logging a Warning event in the Windows Event Viewer. (This is a safety precaution.)

·         In situations where the discovery of new mailboxes with LegacyMbxDN values matching those of existing mailboxes is to be expected, such as planned mailbox migrations, the SynchInMigrationMode setting instructs EV to associate the newfound mailboxes to their existing archives and continue archiving them.

 




Legacy ID



284956


Article URL http://www.symantec.com/docs/TECH48928


Terms of use for this information are found in Legal Notices