Difference between revisions of "Retain Exchange"
| Line 94: | Line 94: | ||
[[Troubleshooting Exchange]] | [[Troubleshooting Exchange]] | ||
| − | ==Back to [ | + | <br> |
| + | =====Back to [[Retain Module Configuration]]===== | ||
Revision as of 20:13, 29 December 2014
Contents |
Level 1
There are two major sections to setting up Retain to connect to an on-premise Exchange server.
One is the Impersonation User and the other is the Exchange Forest.
Impersonation User
In the Exchange Module the Impersonation User is formally called the Global Catalog User.
This user needs to exist in Exchange and will have a mailbox even though it won't be used. This user also needs to ApplicationImpersonation rights. Those rights can be added to a User in the 2013 Exchange Admin Console.
Appendix G of the Admin Guide describes how to set it up in Exchange 2010 & 2007.
Exchange Forest
The tab may say Exchange Forest but we are actually talking about the Active Directory Domain Forest. You will find the Domain on the Exchange Server in Active Directory Domains and Trusts or Active Directory Users and Computers.
Active Directory Directory Services is Microsoft's implementation of a directory service, it is a way to organize users, computers and other assets in an organization.
That domain at the top of the stack is the Global Catalog Host. You may have other domains and organizational units under that, but that is the one you would most want to use. At the top you have the domain, that may have multiple forests. At the other end you have organizational units made up of users and computers.
This is can be a DNS domain name or IP address. The port is 3268 for Plain Text, and 3269 for SSL connections.
The final thing to set is the Search Base. This is formatted in LDAP so it needs more information. There are 4 major components to an LDAP query:
- DC=Domain Component
- OU=Organizational Unit
- CN=Common Name
- DN=Distinguishing Name
You should become familiar with the most common errors that relate to Exchange systems.
Hands On
What does it look like if the Retain User does not have Application Impersonation Rights.
*Create your own Impersonation User account and use it as part of your Retain Exchange Module. *Open the Exchange Admin Console. *Create a new user for your Retain system *Attempt to run a job. Note the error. *Now add Application Impersonation rights.
Hands On
What does it look like if Basic Authentication is not enabled.
*Go to IIS Manager on the Exchange system and disable Basic Authentication. *Attempt to run a job. Note the error. *Basic Authentication Check *Now re-enable Basic Authentication.
Hands On
What does it look like if the Search Base is incorrect. You would expect that pointing the search base of the LDAP query at the Users contain would be better as it would not have to search the entire AD forest.
*Go to Module Configuration/Exchange/Exchange Forest. *Add CN=Users to the Search Base. *Attempt to run a job. Note the error. *Remove CN=Users from the Search Base.
Level 2
Overview of Exchange
Exchange is a cluster of roles on one or more servers that transfers messages.
The major roles are:
- DNS (Domain Name Server)
- AD DS (Active Directory Directory Services)
- CAS (Client Access Server)
- Exchange Mailbox Server
The Name Server resolves which server is doing what role. It is very important that Retain and the Exchange servers all point to the same one so the domains are all resolved correctly.
Active Directory organizes the domains, users and computers of the network so they have the proper rights. Mainly that the Retain user has ApplicationImpersonation rights.
The CAS is the front door of the network, it sends requests from the users to the proper place in the network, in the case of Retain it is access to the mailbox database.
The Exchange Mailbox Server hosts the database that stores the users messages.
Overview of Retain's Access to Exchange
When Retain archives from Exchange it uses the Impersonation User aka Global Catalog User to enter Active Directory (AD) to find a user.
We enter Exchange in one of four ways:
- LDAP
- SCP
- EWS
- autodiscover
In that user it searches for the user's homeMDB (homeMailboxDataBase) and uses that to link to the homeMDBBL object in AD. From there it gets the current list of mailboxes in the mail server's database.
Retain will go to the first user in that list and using ApplicationImpersonation rights. It will get the list of folders for the first user and then will process the messages.
Installation
Troubleshooting
