Creating a minimal NetBackup account for Exchange operations
This procedure describes how to create a minimal account for NetBackup Exchange operations. This account is used for the in the Exchange client host properties, enabling NetBackup to perform operations with Granular Recovery Technology (GRT).
Note the following:
Configure each Exchange mailbox server.
Configure each client that performs granular operations. To determine which clients to configure, see the following topic:
In a cluster environment, perform the steps on each database node in the cluster. For an Exchange DAG, perform the steps on each database node in the DAG.
Note:
If you specify the minimal NetBackup account for the Exchange credentials in the client host properties, NetBackup can back up only active copies of the Exchange databases. If you select in the Database backup source field when you create a policy, any backups fail. The failure occurs because the Microsoft Active Directory Service Interface does not provide a list of database copies for a minimal account.
If the policy specifies in the Database backup source field, NetBackup backs up the active copy of each database.
To create a minimal NetBackup account for Exchange operations
- In the Exchange Management Console, create a new Exchange mailbox for NetBackup.
This process creates a new user that is automatically a domain user. This procedure refers to that user as NetBackupUser.
- Double-click on the user account you created.
- Select the Member Of tab.
- Click Add and add this user to the Administrators group.
- Create a new Role Group, make the account a member of this group, and assign roles. Use the Exchange Management Shell to run the following commands:
Note:
If the account does not have the necessary privileges, an administrator needs to perform these tasks.
New-RoleGroup -Name NetBackupRoles -Roles @("Database Copies", "Databases", "Exchange Servers", "Monitoring", "Mail Recipient Creation", "Mail Recipients", "Recipient Policies"Add-RoleGroupMember -Identity NetBackupRoles -Member NetBackupUser
Where NetBackupUser is the name of the Active Directory account you created in 1.
- To perform restores with Granular Recovery Technology (GRT), also run the following commands with the Exchange Management shell:
For Exchange 2010:
New-ManagementRole -Name SymantecEWSImpersonationRole -Parent ApplicationImpersonation New-ManagementRoleAssignment -Role SymantecEWSImpersonationRole -User NetBackupUser -Name "NetBackupUser-EWSImpersonation"
New-ThrottlingPolicy -Name "SymantecEWSRestoreThrottlingPolicy" -EWSPercentTimeInCAS $null -EWSPercentTimeInAD $null -EWSMaxConcurrency $null -EWSPercentTimeInMailboxRPC $null -PowerShellMaxConcurrency $null
Set-Mailbox -Identity NetBackupUser -ThrottlingPolicy "SymantecEWSRestoreThrottlingPolicy"
For Exchange 2013 and 2016:
New-ManagementRole -Name SymantecEWSImpersonationRole -Parent ApplicationImpersonation New-ManagementRoleAssignment -Role SymantecEWSImpersonationRole -User NetBackupUser -Name "NetBackupUser-EWSImpersonation"
New-ThrottlingPolicy -Name "SymantecEWSRestoreThrottlingPolicy" -EwsCutoffBalance "Unlimited" -EwsMaxBurst "Unlimited" -EwsMaxConcurrency "Unlimited" -ExchangeMaxCmdlets "Unlimited" -MessageRateLimit "Unlimited" -PowerShellCutoffBalance "Unlimited" -PowerShellMaxBurst "Unlimited" -PowerShellMaxCmdlets "Unlimited" -PowerShellMaxConcurrency "Unlimited" -PowerShellMaxOperations "Unlimited" -RecipientRateLimit "Unlimited" -ThrottlingPolicyScope "Regular"
Set-Mailbox -Identity NetBackupUser -ThrottlingPolicy "SymantecEWSRestoreThrottlingPolicy"
- Provide the credentials for this account in the Exchange client host properties.
See About the Exchange credentials in the client host properties.
- Configure this account with the right to "Replace a process level token."