Setting Up Brick Level Backup On Exchange 2007 With ExMerge
Way back in January I attended Microsoft’s Exchange 2007 / Vista / Office 2007 launch event in Cleveland. I sat there with one of my fellow Bug Jr. Executives and marvelled at how PowerShell would change the way we managed our Exchange box. Eagerly, I then Installed Exchange 2007 on our primary mail server back in May, and found out that PowerShell, despite it’s wonderful abilities, was a royal pain to work with for the un-initiated. Sure, I’d used command-line tools before (Heck, I run a linux box for fun, with just Webmin to help me manage it), but I was not ready for PowerShell’s glorious take-over of some very simple Exchange administration tasks!
Back on our old 2003 Box, I used to have a tool called ExMerge. ExMerge is a nice little utility dating back to 1997 that allows exchange administrators to dump mailbox data to PST file, and vice versa (Among other things ). Since we’re a small outfit, with only a handful of exchange users, brick-level mailbox backup is fine for us (There are other ways to back up exchange , however). If the server dies, my employees want access to PSTs they can easily import into Outlook. So I used some nice tutorials by Daniel Petri to create an automated ExMerge script that would dump stuff straight to wonderful PST format. This also made my own backups super easy – just download my PST every few months, and all was good. There are various versions of ExMerge, this wonderful article explains where to get them!
But Exchange 2007 does not look highly upon ExMerge, in fact it’s probably a tool not long for this world. PowerShell cmdlets are written now to take over ExMerge’s functionality, however they are missing one key component – they can’t export to PST! However, there is a saving grace – you can Still use ExMerge Provided that you retain one Exchange 2003 server in your infrastructure. Knowing this, I created one Exchange 2003 Server as a Virtual PC and kept it, so that I could continue to use ExMerge.
Now, in the wonderful world of Exchange, Administrators can do almost anything. Except read users’ mail. Reading users’ mail tends to annoy them, so Microsoft figured they’d let users keep their email away from the prying eyes of novice administrators and those who had administrative rights but were bonafide snoopes. I think this is a good thing.
However, ExMerge requires rights to open the mailbox store you wish to backup (or the individual mailboxes). This means that running ExMerge as a regular Administrator will fail (unless you’re backing up your own mailbox). The simple solution is to set up a special user that will do backups, and grant them the rights needed to do the brick-level backup. In our infrastructure, this user is known as scriptadmin. Scriptadmin is a domain admin account, and is used solely to run scripts on the boxes. Hence the name!
Now on Exchange 2003, Daniel Petri has written a wonderful primer on how to grant an individual user the permissions needed to backup a mailbox , a server’s mailboxes, or a specific information store. These would be great for Exchange 2007, however the graphical user interface to perform this function has been eaten… by PowerShell!
Never fear, you can actually use those cmdlet things to give your account the administrative rights it needs to open mailboxes and read from them. But this also means you have to figure out what cmdlet to use, it’s syntax, and all that annoying stuff. Or you could just read this page and use the following two cmdlets:
add-adpermission -id “Mailbox Database” -user <domain>\scriptadmin -extendedrights “send-as”
add-adpermission -id “Mailbox Database” -user <domain>\scriptadmin -extendedrights “receive-as”
Amazing isn’t it? Simply pop open PowerShell (The Exchange Management Shell icon) and run those two cmdlets, obviously replacing <domain> with your domain name, and scriptadmin with your choice of username. One caveat – don’t try adding Domain Admins to this as Domain Admins have some particularly nasty extended rights additionally assigned to the mailbox database. And after all, should all your admins be able to view everyone’s mail?
Before I end, I should point out a few resources that helped me greatly in figuring this problem out on my Exchange 2007 box. Daniel Petri’s articles are linked above (His site is an awesome resource – I could spend hours just reading through his posts!). Additionally, I also found PowerGUI that helped me figure out how some of the cmdlets ran (and administer things that were out of reach in Exchange Administrator thanks to this additional xml file for PowerGUI. Hopefully everyone reading this can now go back to brick-level backups if they wish. Microsoft promises that SP 1 of Exchange 2007 will support export to PST, but for now, i’m happy with this!