IBM Support

IBM Content Collector for Microsoft Exchange Online

Product Documentation


Abstract

Starting with IBM Content Collector 4.0.1 fix pack 9 (4.0.1.9), Microsoft Exchange Online can be configured and selected as Email collection source with IBM Content Collector.

Starting with IBM Content Collector 4.0.1 fix pack 10 (4.0.1.10) interim fix 13, OAuth support is enabled for Microsoft Exchange Online. For more information, refer to the 'IBM Content Collector OAuth Support for Microsoft Exchange Online' link in the 'Related Information' section.

Content

IBM Content Collector for Microsoft Exchange Online support enables a user to archive, stub, search, view, or restore archived content for Exchange Online mailboxes. It also allows us to search, preview and restore the already archived emails for the mailboxes that are migrated from Microsoft Exchange on-premises (Exchange 2013 or 2016) to Microsoft Exchange Online.
Microsoft Exchange Online can be configured with Azure Active Directory or Local Active Directory (synchronized with Azure Active Directory). Supported features may differ based on how your Microsoft Exchange Online is set up.
Sections of this document
  1. Installing Content Collector for Microsoft Exchange Online
  2. Microsoft Exchange Online Initial Configuration
  3. Configuring Task Routes
  4. Content Collector for Microsoft Exchange Online Migrated mailboxes
  5. Content Collector performance with Microsoft Exchange Online
  6. Known issues and limitations with Content Collector for Microsoft Exchange Online
I. Installing Content Collector for Microsoft Exchange Online
Software Prerequisites
To use Microsoft Exchange as a source system:
  1. Install Microsoft Outlook 2016, including the latest service packs and patches on the IBM Content Collector server. 
  2. Start Microsoft Outlook and verify its connection to the email server:
    Create a profile with Exchange Online using the user ID that you intend to use as the user account for the IBM Content Collector Email Connector configuration.
  3. Make Microsoft Outlook the default email client.
  4. Configure Microsoft Outlook to prompt for a profile every time Outlook is started.
  5. Stop Microsoft Outlook before you install IBM Content Collector Server.
  6. For the Exchange Online mail profile created by IBM Content Collector Server, reopen the profile and make sure that the password is saved. Configure it as “Always use this profile”.
II. Microsoft Exchange Online Initial configuration
In the Initial Configuration wizard, Content Collector for Microsoft Exchange Online can be configured using the following two options:
  1. Local Active Directory: Select this option when your mailbox users are managed by local Active Directory and your Exchange online Azure Active Directory is connected and synchronized with the local Active Directory.
    In this case, Content Collector uses the local Active Directory to resolve user mailboxes.
    On the Microsoft Exchange Configuration page, specify the credentials for the user account that accesses the local Active Directory information. The user ID and password are used for the transactions between your Exchange servers and Content Collector. Enter the SMTP address of the user. If Active Directory cannot be accessed by using the SMTP address, use the distinguished name of the user in the format CN=ICCConnectorUser,CN=Users,DC=company,DC=com.

  2. Azure Active Directory: Select this option when Exchange Online mailbox users are managed by Azure Active Directory and there is no connection or synchronization between Exchange Online Azure Active Directory and local Active Directory.
    In this case, Content Collector uses Address Book to resolve user mailboxes. As this option does not require credentials for local Active Directory access, Microsoft Exchange Configuration page is disabled.

    For detailed information, refer to the 'Microsoft Exchange Online configuration' section of Configuration worksheets for the Content Collector source systems.
Email Connector - Connection Settings
In Microsoft Exchange online, the Automatic configuration option is not applicable and is disabled.

You need to manually provide the proxy name of the Microsoft Exchange Online mail server which will redirect automatically to a dedicated Exchange server on Microsoft cloud network based on user mailbox detail, provided as a User ID.

You cannot select to open mailboxes or public folders or both with privilege access with Exchange Online, hence the following options are disabled:
  • Open mailboxes with privileged access
  • Open public folders with privileged access
The user account cannot have Exchange administrator rights in the Exchange Online system and needs explicit access rights. When the account does not have Exchange administrator rights, it requires these access rights:
  • For opening mailboxes, full access permission to all mailboxes to be archived and to the trigger mailbox
  • For opening public folders, the permission level Editor for the public folders to be archived and the permission level Reviewer for the parent folders
Email Connector - Active Directory Settings
Microsoft Exchange Online:  Active Directory Settings are disabled when Exchange Online mailbox users are managed by Azure Active Directory and there is no synchronization between Exchange Online Azure Active Directory and local Active Directory.
Email Connector - Processing Options
Retrieve user IDs of internal recipients and senders from Active Directory:  This option is disabled when Exchange Online mailbox users are managed by Azure Active Directory and there is no synchronization between Exchange Online Azure Active Directory and local Active Directory.
III. Configuring Task Routes
Microsoft Exchange collection source for automatic archiving
  • All mailboxes on a server (except journals): This option is not applicable to Microsoft Exchange Online as a collection source. In the case of Microsoft Exchange on-premises, IBM Content Collector retrieves the required information from Active Directory. This information is currently unavailable in the case of Microsoft Exchange Online.
  • Journal: Journal Archiving is not applicable to Microsoft Exchange Online as a collection source. In Microsoft Exchange online, you cannot designate an Exchange Online mailbox as a journaling mailbox. You can deliver journal reports to an on-premises archiving system or a third-party archiving service. If you are running Microsoft Exchange hybrid deployment with your mailboxes split between on-premises servers and Exchange Online, you can designate an on-premises mailbox as the journaling mailbox for your Exchange Online and on-premises mailboxes.
Collection filter for email collectors
  • Managed Exchange folders: Collection based on “Managed Exchange folders” is not supported when IBM Content Collector for Microsoft Exchange Online is configured with Azure Active Directory as the required information about retention policies and settings is not exposed by Exchange Online.
IV. Content Collector for Microsoft Exchange Online Migrated mailboxes

When the Exchange on-premises mailbox (Exchange 2013 or 2016) has already archived emails and is migrated to Exchange Online, the following functionalities of IBM Content Collector for Email are impacted:
  • Web Search (launched from Outlook Extension)
  • Restore
  • Preview
  • Unified Search
In the Content Collector data model, mailbox ID is stored and used as security access when an archived message is accessed from the repository (FileNet P8 or CM8). When the mailbox is migrated to Exchange Online, the mailbox ID on Exchange Online differs from the Exchange on-premises. As the archived messages from Exchange on-premises mailbox will have the mailbox ID from Exchange on-premises mailbox, these archived messages cannot be searched using a new Exchange online mailbox ID.

The same implies to other Content Collector functionalities such as Restore, Preview, or Unified search.

ExchangeOnlineMailboxIDMapper Utility

In order to allow the email retrieval from a migrated mailbox, an administrator needs to provide the mapping between Exchange on-premises and Exchange Online mailboxes to Content Collector, so that Content Collector can use both the mailbox IDs while retrieving archived emails from the target repository.
The mapping file should be named ExchangeOnlineMigratedUsers.csv and kept at the following location:
<ICC_install_path>\MigratedUsersCSVFile\>
ExchangeOnlineMailboxIDMapper Utility
Content Collector provides an ExchangeOnlineMailboxIDMapper PowerShell utility to generate the mapping between Exchange on-premises and Exchange Online mailbox IDs.
The utility is located in the following location:
<ICC_install_path>\tools\ExchangeOnlineMailboxIDMapper>
How it works
The script requires the user to provide two input CSV files - one containing Mailbox IDs from Exchange on-premises and another one with migrated Mailbox IDs from Exchange Online.
  1. Input Preparation
    1. Run below command from Exchange on-premises management console before user mailbox migration starts to export users' email addresses and LegacyExchangeDN (MailBoxID) into CSV File.
      Get-Mailbox -Filter {Emailaddresses -like "*ecmdev.svl.ibm.com"} |select PrimarySmtpAddress,LegacyExchangeDN |Export-Csv "C:\ExchangeOnPremiseUsersMailBoxID.csv" -NoTypeInformation
    2. Run the below command from Exchange online management console after mailbox migration is completed, to export users' email addresses and LegacyExchangeDN (new MailBoxID) into CSV File.
      Get-Mailbox -Filter {Emailaddresses -like "*ecmdev.svl.ibm.com"} |select PrimarySmtpAddress,LegacyExchangeDN |Export-Csv "C:\ExchangeOnlineUsersMailBoxID.csv " -NoTypeInformation
    ExchangeOnPremiseUsersMailBoxID.csv and ExchangeOnlineUsersMailBoxID.csv generated from the above commands need to be used as an input to the ExchangeOnlineMailboxIDMapper utility.
2. Using ExchangeOnlineMailboxIDMapper Utility
Go to the PowerShell console and run ExchangeOnlineMailboxIDMapper.ps1 with two arguments - the first one as CSV file containing the Microsoft Exchange on-premises Mailbox IDs and another one as CSV file containing the Microsoft Exchange Online migrated Mailbox IDs.
Syntax:
\ExchangeOnlineMailboxIDMapper.ps1 <ExchangeOnPremiseUsersMailBoxID.csv> <ExchangeOnlineUsersMailBoxID.csv>
Output:
ExchangeOnlineMigratedUsers.csv
  • Script merges these two CSV files using the PrimarySmtpAddress as key for mapping and generates ExchangeOnlineMigratedUsers.csv at the script location.  
  • On console, it displays execution information like PowerShell version, Script location, execution time, number of users merged, and so on. 
  • For the Mailbox IDs where no mappings were found, the errors will be logged in the MigratedUsersAudit.log file located in the script directory. For every execution, the log statements will be appended in this file.
Note: The minimum PowerShell version required for the execution of ExchangeOnlineMailboxIDMapper.ps1 is v4.0.
3. ExchangeOnlineMigratedUsers.csv Path
Copy ExchangeOnlineMigratedUsers.csv to <ICC_install_path>\MigratedUsersCSVFile\> so that Content Collector can use the required information for the migrated mailboxes.
 
V. Content Collector performance with Microsoft Exchange Online
Content Collector encounters low performance in Microsoft Exchange Online (Office 365) environment, as compared to IBM Content Collector in Microsoft Exchange on-premises environment. When Content Collector downloads mail from Exchange Online server through the internet, ‘Network’ factor plays a major role.

In case of performance issues, check for the response time from Microsoft Exchange Online Server by pinging to “outlook.office365.com”. If this response time is >10ms, it will directly affect IBM Content Collector performance.

If response time from Exchange Online is slow, then you can check for the following configurations in the local network environment:
  1. TCP Window Scaling
    Ensure that the Microsoft Exchange Online network connection is not throttled by the proxy server in the local network. Make sure that TCP Window Scaling is enabled.
  2. Latency / Round Trip Time (RTT)
    Network Latency can cause real issues with Microsoft Exchange Online. You need to check the Round Trip Time (RTT) using network monitoring tools in your local environment. If you have the proxy server in your environment, check for the response time from the proxy server to the local machine and from the Microsoft Exchange Online server to the local proxy server.
  3. If the response time from Exchange Online server to a local proxy server is high, you may need to engage your Internet Service Provider to investigate further. For more information, refer to the technote from Microsoft: How to measure the Network Round Trip Time to Office 365.
  4. Proxy Authentication in Local Network
    When the network has a proxy server configured, proxy authentication may also lead to slow performance. You can bypass or prevent proxy authentication to avoid delays in the Microsoft Exchange Online communication.
  5. DNS Performance
    DNS Performance should be checked to ensure it isn’t adding any additional delay to Microsoft Exchange Online connection.
  6. TCP Max Segment Size AND Selective Acknowledgement
    Check TCP Max Segment size and selective acknowledgment to ensure maximum throughput on the link to Microsoft Exchange Online.
    Also, check if SACK is enabled. Enabling SACK also enables the TCP stack to deal with dropped packets more efficiently and results in performance improvement.
  7. DNS Geo Location

    One of the most important checks that can make a big difference in the performance of Office 365 is ensuring your DNS call are made in the same geographic location as the user is actually in. Getting this wrong means that the routing of your traffic to Office 365 could be sub-optimal and thus affect performance. For more information, refer to the technote from Microsoft: DNS geolocation for Office 365, connecting you to your nearest Datacenter for the fastest connectivity.

If the above steps do not give the expected improvement in response time from Exchange Online, it is recommended to raise a support ticket with Microsoft for further inputs.
VI. Known issues and limitations with Content Collector for Microsoft Exchange Online
The following is a summary of known issues and limitations with Content Collector for Microsoft Exchange Online:
Support limitations
  1. Microsoft Exchange Hybrid environment (Exchange on-premises + Exchange online configuration on single Content Collector Server) is not supported by Content Collector 4.0.1 fix pack 9 (4.0.1.9).
  2. Content Collector for Outlook Web Application (OWA) support is not available with Microsoft Exchange Online due to limitations from Microsoft on supporting OWA custom plugins with Microsoft Exchange Online.
  3. The collection source type 'Journal' is not supported.
  4. 'All mailboxes on a server (except journals)' is not supported.
Configuration limitations
  1. The following options are disabled in the Email Connector Connection configuration:
    1. Open mailboxes with privileged access
    2. Open public folders with privileged access
  2. The following option is disabled in Email Connector Processing options configuration when Content Collector for Microsoft Exchange Online is configured with Azure Active Directory:
    1. Retrieve user IDs of internal recipients and senders from Active Directory
  3. A collection based on 'Managed Exchange folders' is not supported when Content Collector for Microsoft Exchange Online is configured with Azure Active Directory.
  4. Content Collector lets you configure multiple users as service users in the Email Connector tab > Configuration Manager. However, for Exchange Online - Azure Active Directory scenario when multiple service users are configured, on querying MAPI session user during the live run, all active MAPI sessions return the user ID (mailbox ID) of the first service user configured in the Email connector tab.
    This is a design limitation and currently, there is no resolution; however, it does not affect the performance. Only Windows users that belong to local Active Directory can spawn processes that open a MAPI session with Exchange Online server and as per the current design structure:
    • Content Collector allows you to configure only one user as the Logon user.
    • This Logon user spawns as many processes as the number of service users configured for the archival process.
    • Each process, when tries to obtain the mail profile, finds the profile already created manually for the Logon user or creates one for the first Exchange Online service user. Thus, the same Exchange Online user becomes the MAPI session user in each instance.
Feature limitations
  1. The following features are not available with Content Collector for Microsoft Exchange Online:
    1. Detect Litigation Hold (stubbing)
    2. Detect Single Item Recovery (stubbing)
    During the stubbing task route, the Content Collector needs to check whether a mailbox is on 'Litigation hold' or has 'Single-item Recovery enabled' using mailbox flags. In the case of Microsoft Exchange on-premises, this information is stored in Active Directory and is unavailable in the case of Microsoft Exchange Online. Thus, it is recommended to avoid mailboxes with 'Litigation hold' or 'Single-item Recovery enabled' flags.
  2. Stubbing: When Content Collector for Microsoft Exchange Online is configured with local Active Directory, Content Collector successfully archives emails, however, it fails to create preview links. Use the following workaround to resolve this issue:
    Under Email Connector variables, add variable ‘ex.ad.IgnoreMailboxFlags” with the value “true”.
  3. PST Archiving may fail when collection source 'PST file on a computer' or 'PST files on computers in a computer group' is used with Content Collector for Microsoft Exchange Online is configured with local Active Directory. In this case, 'All PST files in a folder tree' can be used as an alternative.
Localization limitation
  1. In Email Connector Configuration, some new tooltips appear only in the English language. Translation in other languages is available in later releases.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSAE9L","label":"Content Collector"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
26 August 2021

UID

ibm10874074

Page Feedback