Chat now with support
Chat with Support

Metalogix Archive Manager for Exchange 8.1.1 - Advanced Installation Guide (with Exchange 2010)

Introduction Getting started Pre-installation tasks Installing Archive Manager for Exchange Post-installation tasks Addendum

Addendum

·Installation check list

·Office 365 Configuration Details

·Creating an MS SQL database

Installation check list

Use the list below to write down all information which you will need during the installation and configuration of Archive Manager for Exchange. It also summarizes all prerequisites for individual server.

·MS Exchange Server name:                                                        

üCreate and mount Public Folder database

üCreate Organizational Forms Library

·Mailbox for the super-user:                                                        

The super-user must be given these permissions:

ülocal administrator on your Archive Manager server

ürights over LDAP Configuration container – with ADSI edit tool

üOwner rights over Organizational Forms Library

üView-Only Organization Management role on your Exchange Server

üPublic Folder Management role on your Exchange Server

üPermissions on your Exchange Server to mailboxes which will be archived

üOnly if OWA will be used: Impersonation permission on your Exchange Server

·Database

oMS SQL Database 2008 and higher

SQL Server name:____________________________________________                                                

Initial Catalogue (DB-Name):________________________________                                        

oORACLE Database 11g, 12c and 18c

Net8 Connection Name:_____________________________________                                

oIn both cases:

Schema: ______________________________________________________                                

Database user: _____________________________________________                                

Password (do not reveal, do not fill in here!):___________                                

·HSM Server:

oHSM Server (NETBios) Name: ______________________________________                                        

oHSM Schema name:__________________________________________________                                        

oHSM Store name:                                        ________

·Archive Manager Server;

üOperating system – MS Windows Server 2008 R2 SP1 / 2012

üIIS 6.0 or higher installed

ü.NET Framework 3.5 and 4.5 installed

üWeb Service Extension ASP.NET v2.0 and 4.0 allowed

üMSXML (IE 7.0)

üIf ORACLE database is used you need to install the ORACLE Data Provider for .NET, in order to establish a Net8 connection.

üOutlook 2016 (32 bit) / Outlook 2013 (32 bit) / Outlook 2010 (32 bit) installed (full UNICODE compatibility ensured)

üAdditional DCOM rights set

 

IMPORTANT NOTE: Automated archiving is designed for groups. It is therefore crucial to have Active Directory groups synchronized with Archive Manager, or at least to create new Archive Manager groups using the Addressbook Manager. In Archive Manager, the jobs (automated archiving) apply to groups. Mailboxes not included in any group can be archived manually only.

After Installation

When you have completed this check list and installed everything as described in this manual, log on to the Archive Manager Server as the super-user and open Outlook. Add a few test mailboxes and send a couple of emails, in order to see if you can read them. This way you can check if the super-user has the necessary rights for archiving to function properly.

Office 365 Configuration Details

Archive Manager requires specific connection configuration details to import your o365 users. This section will guide you through the steps to be completed in your o365 in order to collect the necessary data:

Organization Name in Office 365 – your organization in Office 365

Client ID – get this ID by following the process described below

Client Secret (or Key) – get this key by following the process described below

Autodiscovery Url – to get this URL, go to https://testconnectivity.microsoft.com/, select the Outlook Autodiscover option; click Next and perform the test with your details; As a result you should get the URL

Username & Password – the respective user must be Office 365 administrator

VERY IMPORTANT: In case of Office 365, run the EM with the super-user under which Archive Manager has been installed (i.e. the user under which MAM services run).

NOTE: This sample will not work with a Microsoft account, so if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now. If you create an account and want to use it to sign-in to the Azure portal, don't forget to add the user account as a co-administrator of your Azure subscription.

1.Sign in to the Azure Management Portal.

2.Click on Active Directory in the left hand nav.
Snap1-a-o365

3.Click on the App registrations.
Snap2-a-o365

4.Click on New application registration.

Snap3-a-o365

 

5.Enter friendly name for the application (e.g. Archive Manager).

6.Select Web app / API as application type.

7.For the Sign-on URL, enter the base URL, which is by default

 https://localhost:44322/WebAppGraphAPI

 

 
Snap4-a-o365

 

8.Click on Create button.

9.Find your application in the list and click on it.

10.In the Settings tab click on Keys and generate a secret key.

 
Snap5-a-o365

                 Snap6-a-o365

11. Copy and save the key value. You won’t be able to retrieve after you leave this blade.

Snap7-a-o365

12.Click on Properties and define App ID URI.

For the App ID URI enter https://<your_tenant_name>/WebAppGraphAPI , replacing <your_tenant_name> with the domain name of your Azure AD tenant.
(e.g. https://metalogix.com/WebAppGraphAPI).

 

Snap8-a-o365

 

13.Copy and save the Application ID value.

14.Click on Reply URLs and define Reply URL. This URLs are used to return the authorization code returned during Authorization code flow.
 
Note:  Both URLs (https://localhost:44322/WebAppGraphAPI & http://localhost:44322/Response ) are needed.

 

Snap9-a-o365

 

15.Click on Required permissions.

 

Snap10-a-o365

16.Click on Windows Azure Active Directory.

 

Snap11-a-o365

 

17.Configure and Save permissions according the screenshots below.

 

Snap12-a-o365

 

Snap13-a-o365

 

18.Click on Grant permissions.

 

 

 Snap14-a-o365

 

 

 

Advanced Authentication

Archive Manager for Exchange supports also access to Azure AD in case when user account name and password are needed (advanced authentication) for retrieval of user accounts and groups in Azure AD. Advanced authentication is normally not required and must be configured on both Azure AD and Archive Manager for Exchange.

Advanced authentication is implemented in Archive Manager in two components:

 

1.Back-end is in MAM Exchange Direct Archive Error Monitoring service which contains a web application waiting for responses on location specified in registry key. It needs to match reply URL in Azure AD web application and it needs to end with character /. The URL from example above is then: http://localhost:44322/

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Metalogix\exchangePAM

 

Value name:

OwinAuthWebAppLocation

Value data:

http://localhost:44322/
(The first part of REPLY URL from Azure AD, the slash at the end is needed)

Value type:

string

 

2.Front-end is located in Enterprise Manager which authenticates a user on Azure AD server and waits for security token which is send from Azure AD server to Archive Manager back-end.

Tips & Tricks:  If there is a problem with retrieval of security token it is recommended to restart Enterprise Manager. Also check the registry keys.

 

 

Configuration in Office365 Exchange Admin Center

It is necessary to assign Full Access permissions on behalf of Archive Manager User against all recipients you plan to archive.

 

This can be done in Exchange Admin Center or with Azure PowerShell.

 

1.Exchange Admin Center

a.Go to https://outlook.office365.com/ecp/

b.Click on Recipients > Mailboxes

c.Select Mailbox > Edit User Mailbox > Mailbox delegation > Full Access

d.Delegate Full Access permissions on behalf of Archive Manager User against all recipients you plan to archive.

 

Snap15-a-o365

2.Azure PowerShell

Set full access for all members of a distribution group to Archive Manager user:

 

Get-DistributionGroupMember <%NameOfDistributionGroup%> | Get-Mailbox |
Add-MailboxPermission –User <%SuMailAddress%> -AccessRights FullAccess  -InheritanceType all

 

 

Authentication with native application

1.Sign in to the Azure management portal.

2.Click on Azure Active Directory in the left hand nav.

3.Click on App registrations.

4.Click on New application registration.

z1-o365

 

5.Enter friendly name for the application.

6.Select Native as application type.

z2-o365

 

7.Redirect URI of the Native Application must be added to registry: create registry key “NativeAppRedirectUri” in path HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Metalogix\exchangePAM. The value of this key must be the Redirect URI defined in the Native Application.

8.Properties of newly created application contains the Application ID, and under Keys tab you can generate the Client secret (Key).  These values are needed in Server Wizard in Archive Manager.  If Keys tab is not available in Azure AD, then you can leave empty the Client Secret field.

z3-0365

 

9.In owners tab add new owner (super-user) for the Application.

z4-o365

 

10.In Required permissions tab grant Windows Azure Active Directory permissions for the application.

z5-o365

 

11.When permissions are selected, do not forget to push Grant Permissions button.

z6-o365

Configuration for German tenants

1.Register and configure Native Application on Azure AD as it is described above.

2.Create 2 new registry keys in path:

 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Metalogix\exchangePAM

·GraphResourceId with value https://graph.cloudapi.de/

·AadInstance with value https://login.microsoftonline.de/{0}

z7-o365

3.In Archive Manager in Server wizard modify the Autodiscovery Url to: https://autodiscover-s.outlook.de/Autodiscover/Autodiscover.xml  (change .com to .de)

Related Documents