Grant FullAccess to all Mailboxes in Exchange 2010

By default your Administrator's account does not have FullAccess permission to your mailboxes. This make your item level restore of Exchange items a bit complicated since you need to chase your mailbox owner for credentials.

TL;DR - The history of CBB for Exchange

CloudBerry Backup for Exchange introduced Item level restore for 2010. This feature is based on ese.dll (Extensible Storage Engine) and works with native MS APIs. Exchange backup plan leverages Windows Shadow Copy technology (VSS) and it guarantees backup consistency. Any Exchange plan configured with CBB triggers VSS provider, which initiates volume shadow (volume snapshot). Once done, backup engine starts to copy .edb and .log files (Database and transaction logs of Exchange). "Image based" backup for Exchange was introduced several years ago and in fact is still great solution for backup mail server off to cloud storage.

Exchange database and transaction logs restore

Missing (or corrupted DBs) or transaction logs of MS Exchange can be restored as flat files using Exchange Management Shell. This is super simple with CloudBerry Backup, have a look (this also explained in details in the above blog post, that I've mentioned earlier).

DB and transaction logs restore for MS Exchange with CloudBerry Backup

Essentially you will need Exchange Management Shell and deal with Eseutil to bring your database into a clean shutdown state. I believe there are massive number of posts in the Internet about this case. So CB gives you the tools to backup and recovery your data, while native utilities help to bring the state of your systems to the state before disaster happen.

Do Item level restore for MS Exchange 2010 like a boss

Granular recovery helps system administrators save time on recovery missing items (email items, address book, calendar, notes, tasks etc). Eventually, everything in MS Exchange data is divided into different types, but they are all items. You may hear this feature called item level restore, brick level restore etc. It depends on the product manager and his creativity. But they all mean the same. Items of DBs.

Item level restore in CB for Exchange requires Exchange 2010. Due to APIs difference, it does not support 2007 and newer versions of MS mail server unfortunately. Check your data and logs backup in "Backup storage" section of the product UI and find out restore point you need to deal with.

CB Exchange restore point selection

Check "Item Level Restore" and it starts to bring your DBs and transaction logs (if you prefer) on-prem (streaming) in order to start utilizing Eseutil.

The following is the UI of brick level restore for it.

Item Level Restore for Exchange 2010 (CloudBerry Backup)

The problem here is that it won't work if we don't have FullAccess permissions for all (or at least for eugene.r@fiji.local) mailboxes. This is default behavior and we can change it. In order to change this, we need to do the following in our Exchange Management Shell (this is default utility on your Exchange server):

Get-MailboxDatabase -identity “DB_NAME” | Add-ADPermission -user "USER_NAME" -AccessRights GenericAll

Make sure you set DB_NAME and USER_NAME to yours. This will elevate your user's permissions to the highest with the ability to deal with other's mailbox in the defined DB (by the way, this rule will be applied to all new mailboxes later, so make sure you delegate permissions to the right person/user). Alternatively you can do this user by user in the Exchange Management Console, check the above example:

Exchange 2010 user permissions management

Depends on the case, but I think command line approach is much smarter. And this is relevant to other backup tools, that are based on the same architecture and offer item level restore. Hope it helps.

Stay tunes!

In short, this is about:

Start discussion:
Related articles:
Cloudberry 1.8 for Mac OS X is now live! Impressive list of features and storage platforms support! S3 compatible, new UI and etc. ... more
over 5 years#cloudberrylab #mac
Asterisk IP PBX comes with embedded MixMonitor, that allows us to to record and place those recordings somewhere. ... more
Amazon Web Services (AWS) has its own AWS Linux AMI (also free tier). There are several reasons you want to use this AMI for your projects. ... more
Working with customers is great experience and you always learn or invent something new. I've been working on the case with files portioning ... more
In this article you'll learn how to protect your data against hardware and software failures according to the 3-2-1 rule. ... more
In CloudBerry Lab we help people to move data offsite to the cloud either with backup or file management solution. Sometimes I need sample files, a lot of sample files. ... more
over 4 years#cloudberrylab #ruby
Launching AWS EC2 can be supplied by something what is known as "user data" and it helps to have things ready before you access it. ... more
How to pre-deploy App using user data script for Windows OS with powershell powered script in EC2? Example inside. ... more
In this short article you will learn how to use PsExec with remote powershell script to download, execute and clean up software. You can do it for multiple computers in super easy way. ... more
Here at CloudBerry, where one of the goal I have is to help partners decide, pick and build right configurations for dealing with computers data when they need backup solution. FTP, SCP, WebDav and some other proprietary protocols have been here forever, where simplicity and flexibility made them number one in data protection and management fields as primary target configurations. But, there is big BUT... ... more