Presentation on theme: "Michael Van Horenbeeck"— Presentation transcript
Slide1Slide2
Michael Van HorenbeeckTechnology ConsultantXylos
Exchange Online Archiving:notes from the field
EDC301Slide3
Agenda
Introduction to Exchange Online ArchivingProvisioning processWorking with archivesChallenges
TroubleshootingSlide4
Introduction
What is Exchange Online Archiving?Slide5
Exchange Online Archiving primer (EOA)
Archive mailbox hosted in Office 365 EXOVirtually no difference in how on-premises archive works vs. cloud archive
Not the same as Exchange Hosted Archives (EHA ┼)
Exchange Hosted Archives tied in with Forefront Online Protection for Exchange (FOPE)
EOA is
not
journaling
Primary user’s mailbox can still be stored on-premises
Hybrid functionalitySlide6
Hybrid EOA ArchitectureSlide7
Requirements
Exchange 2010 SP2+ or Exchange 2013 on-premisesDirSyncPlays an important role in the provisioning process
(Partial) Hybrid Deployment*
Hybrid deployment empowers remote mailbox/archive moves
* Mail flow not needed per-se. Recommendation is to setup full hybrid anyway (little extra effort)Slide8
Why [Hybrid] Online Archiving?
Ideal for well-connected environmentsNo on-premises storage required for archivesPotential money saver
Leverage hybrid deployments
Works pretty much the same way as on-premises archives
Leverage existing retention policies & tagsSlide9
Provisioning
A closer look at the process behind the creation of an online archiveSlide10
High Level Provisioning Process
Multi-step process:
User
Mailbox
Enable
‘remote’
Archive
DirSync
Create
Exchange
Archive
DirSync
Activate
User
ArchiveSlide11
State prior to provisioning archive:
On-premises mailbox:
Cloud mail-enabled
user:Slide12
Step 1 - Activating the Online Archive
Through Exchange Admin Center:Or via PowerShell:
Enable-Mailbox –Identity
UserA
–
RemoteArchive
–
ArchiveDomain
tenant.mail.onmicrosoft.comSlide13
What happens in this step?
On-premises user object gets a few new attributes:msExchArchiveGuid
msExchArchiveName
msExchElcMailboxFlags
msExchRemoteRecipientTypeSlide14
State after enabling the remote archive
On-premises mailbox:
Cloud mail-enabled user:
Because
DirSync
hasn’t run yet, Office 365 EXO has no way of knowing an on-premises attribute has changed.Slide15
Step 2 – Directory Synchronization
Either wait for Directory Synchronization to happen automatically (default every 3 hours)Alternatively, force a synchronization:
Start-
OnlineCoexistenceSyncSlide16
What happens in this step?
DirSync synchronizes the attributes that were added earlier to the MEU in Windows Azure AD:Slide17
State of the mailbox/MEU after DirSync
On-premises mailbox:
Cloud mail-enabled user:
Archive is now enabled in Office 365. On-premises Exchange, however, doesn’t ‘know’ this yet…Slide18
Step 3 – Directory Synchronization (2)
Just like in Step 2, wait for synchronization to happen automatically or force a synchronization with PowerShell.‘Export’ to on-premises AD is important step here:Slide19
What happens in this step?
DirSync gets the updated msExchArchiveStatus attribute for the user and exports (writes) it to local Active Directory:Slide20
State of the mailbox/MEU after DirSync (2)
On-premises mailbox:
Cloud mail-enabled user:
Archive is now active, both in Office 365 as on-premises.Slide21
Archives in Outlook and OWASlide22
Archives in Outlook
Added as a ‘secondary’ mailbox through Autodiscover.Initial
Autodiscover
performed against the on-premises Exchange environment
Based on
Autodiscover
results,
s
econd
Autodiscover
request to Exchange Online for connection info.
No different from on-premises archiveSlide23
Autodiscover response:
<
AlternativeMailbox
>
<Type>Archive</Type>
<
DisplayName
>In-Place Archive - Mark Spencer</
DisplayName
>
<
SmtpAddress
>
94a1a0e0-b24d-4b8a-8bed-491f715ae9d2
@exchangelabonline.mail.onmicrosoft.com</
SmtpAddress
>
<
OwnerSmtpAddress
>mspencer@exchangelab.be</
OwnerSmtpAddress
>
</
AlternativeMailbox
>Slide24
Archives in OWA
Similar process as in Outlook, except for Exchange performing the AutoD requests:Slide25
Working with archives
From an eagle’s perspectiveSlide26
Retention tags
Retention tags combine a (configurable) retention age and a specific (pre-defined) action.Can be applied to both folders and individual itemsSlide27
What happens if an item gets ‘tagged’?
Item (folder/message/calendar entry) gets a few new MAPI properties:PR_ARCHIVE_DATEPR_ARCHIVE_PERIOD
PR_ARCHIVE_TAGSlide28
Retention Policies
Combine one or more retention tags in a policy which can be applied to individual mailboxes:
Get-
RetentionPolicy
“name” | Select –
ExpandProperty
RetentionPolicyTagLinks
|
ft
Name -AutoSlide29
Managed Folder Assistant (MFA)
Mailbox Assistant which processes items in a mailbox Throttle-based (work-cycle)Default work-cycle is 1 day
Configurable
Stamps items with retention settings and takes configured action on items past their retention period. Slide30
Additional resources
For more information on the MFA process or designing retention policies / tags:
EDC.304 “Retention policies in the Real World: notes from the field” ~ Tony RedmondSlide31
Challenges / Tips
Common challenges when deploying Exchange Online ArchivesSlide32
Archive provisioning (large archives)
When the MFA kicks in after enabling an archive there is potentially a huge amount of data that will be ‘archived’.
Can potentially cause Outlook to “hang” while items are being archived.
Described here: http
://support.microsoft.com/kb/2800346Slide33
Archive provisioning – ct’d
Cause: OST resync – items that are being processed by MFA are synced by Outlook > potentially high number.
Workaround: use OWA or Outlook in Online modeSlide34
Bandwidth considerations
Question: how much data will you move to Office 365?Difficult to predict how much data in a mailbox is subject to retention policy / tagSlide35
Bandwidth considerations
Script to ‘estimate’ the potential size of an archive*:
Estimate-
ArchiveSize
–
Agelimit
365
Currently limited and not 100% accurate. Sums up the PR_MESSAGE_SIZE MAPI property of items past the specified retention time (
Agelimit
).Slide36
Outlook & foreground operations
Users sometimes tend to drag & drop messages from mailbox to archive (or vice versa).Outlook treats these operations as a ‘foreground’ operation which means it will execute them immediately.Depending on size of the message, available bandwidth and connection latency this will freeze up Outlook for multiple seconds. [
Not responding…
]Slide37
Outlook & foreground operations
No fix for this issue. User education is crucial. They should not manually move messages unless absolute no other option.Rely on the “Exchange way of things”
Retention Policies & Tags + MFASlide38
Outlook & Authentication
The archive is added to the Outlook profile as a secondary mailbox.Secondary mailbox is located in Office 365 which only supports basic authentication for Outlook.No/failed authentication results in:Slide39
Outlook & Authentication
If you are leveraging AD FS, make sure AD FS is highly available. No AD FS = no archive.Users must
use UPN in authentication prompt:Slide40
Initial archive: cloud or on-premises?
Immediately enabling a cloud archive takes more time to get data to ‘the cloud’Consider enabling on-premises archive first and then performing a remote mailbox [
-
archiveonly
]
Can easily be automated
Relatively transparent to the userSlide41
Remote mailbox moves
Leverage the power of the Mailbox Replication Service.Better performance than e.g. PST imports – especially in Office 365.
Less error-prone than PST importsSlide42
High-level archive move process
Initiate moveMove starts, first creates hierarchy, then copies over the content, then finalizes the move
DirSync
needs to run to mirror the changes of the Archive moveSlide43
Performing mailbox moves
Think about retention policies & retention tags!Use the built-in scripts to export & re-import tags to Office 365 (or vice versa):
$
exscript
\Export-RetentionTags.ps1
$
exscript
\Import-RetentionTags.ps1Slide44
Performing mailbox moves ct’ed
Although migrating archives, make sure that if user is UM-enabled you also have UM policies setup in Office 365.Slide45
Migrating 3rd party archiving solutions
Do not always offer the native ability to interface with Office 365 > other 3rd
party tooling might be required.
Sometimes the only option is to export to PST
Because of performance/error reasons, better to import on-premises first and then perform remote mailbox move to EXO.Slide46
Archives & Active Directory
Even though data is stored in cloud, the link between on-premises & cloud is strong
When an item gets removed on-premises, it automatically gets removed in Windows Azure AD as well (after
DirSync
).
Take this into account for your Disaster Recovery plans!Slide47
Example: OU accidentally removed
Scenario:OU was removed from AD. Forest converged within 15 minutes (no roll-back possible). Within these 15 minutes, DirSync also ran…
Result: mailboxes gone, archives gone (disabled).Slide48
OU Accidentally removed – ct’d
Potential issues afterwards:User has an empty archive after AD restore
The admin can observe the following error:
Solution:
request support to merge the old and new archive (but within retention period!)Slide49
Troubleshooting
What to do when everything goes South…Slide50
Possible/observed issues
Disconnected archivesSeveral causes, most commonly DirSync
Archive connectivity issues (errors in Outlook)
Autodiscover
not working properly
Network connectivity issues
Outlook is sensitive
Items not being moved after retention period
Not very common, but a real * to troubleshoot
Exit-procedures
How to retain or export data when someone leaves the companySlide51
MFCMAPI
Can be used to verify if retention policies/tags are applied successfully:Slide52
Diagnostic Logging
Start with increasing event log level:
Set-
EventLogLevel
"<
id>"
–level Expert
"
MSExchange
Assistants\Assistants
"
"
MSExchangeMailboxAssistants
\Service
"
"
MSExchangeMailboxAssistants
\
Email_Lifecycle_Assistant
"
"
MSExchangeMailboxAssistants
\ELC Library
"Slide53
Mailbox Diagnostic Logging
Export-
MailboxDiagnosticLog
–Identity <id> -component MRMSlide54
Forcing the MFA to run
You can force the Managed Folder Assistant to immediately start processing a mailbox:
Start-
ManagedFolderAssistant
–Identity <mailbox
>
Particularly handy for testing or to immediately start archiving data.Slide55
Take-awaysSlide56
Take-aways
Great solution if you don’t want to move primary mailbox but still want “large” amount of disk spaceProvisioning can potentially take a while (~6 hours by default)
Avoid enabling empty archives in EXO for large mailboxesSlide57Slide58
©
2014
Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
