Configuration of Exchange servers

When you configure Exchange servers, you must consider various connections and permissions.

  • Secure connection. If you want to connect to Exchange volumes over HTTPS, you can either select the Use SSL checkbox or add port number 443 after the server name. If you choose the latter option, an example is qa03exch2000.qaw2k.local:443. In some cases, this secure connection can result in some performance degradation due to SSL running large. If you enter the volume information without the 443 suffix, the default connection is HTTP.
  • Permissions for Exchange 2003. The following permissions must be set on the Exchange server to the mailbox store or the mailboxes from which you harvest.
    • Read
    • Execute
    • Read permissions
    • List contents
    • Read properties
    • List object
    • Receive as
  • Permissions for Exchange 2007, 2010, 2013, and Online. The Full Access permissions must be granted on the Exchange server for each mailbox from which you harvest.

    The account that you specify in IBM® StoredIQ® when creating an Exchange Online volume must also have the Read and manage mailbox permission for each mailbox to be harvested. You can grant this permission in the Microsoft Exchange admin center. This account must be the account that is used for creating the IBM StoredIQ service application in Microsoft. For more information, see Registering IBM StoredIQ as a Microsoft service application for access to Exchange Online.

  • Deleted items. To harvest items that were deleted from the Exchange server, enable Exchange's transport dumpster settings. For more information, see Microsoft® Exchange Server 2010 Administrator's Pocket Consultant. Configuration information is also available online at www.microsoft.com. It applies only to on-premises versions of Exchange.
  • Windows Authentication. For all on-premises versions, enable Integrated Windows Authentication on each Exchange server.
  • Public folders. To harvest public folders in Exchange, the Read Items privilege is required. It applies to Exchange 2003 and 2007.
  • An Exchange 2013 service account must belong to an administrative group or groups granted the following administrator roles:
    • Mailbox Search
    • ApplicationImpersonation
    • Mail Recipients
    • Mail Enabled Public Folders
    • Public Folders
    An Exchange Online service account must belong to an administrative group or groups granted the following administrator roles, which are required as part of the Service account:
    • Mailbox Search
    • ApplicationImpersonation
    • Mail Recipients
    • Mail Enabled Public Folders
    • MailboxSearchApplication
    • Public Folders
    Note: It is possible to create a new Exchange Admin Role specific to IBM StoredIQ that includes only these roles.

    Deleted items might persist because of Exchange Online's retention policies. Exchange Online is a cloud-based service; items are deleted by an automated maintenance task. Items that are deleted manually might persist until the automated job completes.