Netmail Archive will connect to the Exchange system to pull all the data out of the mailboxes. For this, it has some requirements around impersonation, authentication, ports, etc. This article will attempt to give an overview why these are required and what role they play in the archiving process.
Address Book Sync
Before any archive jobs can run, Netmail needs to complete an Address Book Sync. As the name implies, this process will attempt to read information from Exchange and save a cached copy in the local Netmail LDAP. This saves time when selecting users in the Netmail administration console, such that they are presented quickly from the cache rather than fetched repeatedly from the mail system. The Address Book Sync job uses Powershell to read the mailboxes, distribution lists + members, servers, folder IDs, aliases, etc...
To accomplish this it will need 3 things:
- The URL for Powershell in your organization
- Access to port 80/443 at that URL
- A service account/credentials with Organization Management rights*
* Some people have had success assigning View Only Organization Management instead (since the software is only reading object anyway) however the official requirement remains Organization Management.
Once the mailboxes are synchronized to the local cache, they can be selected for jobs. To complete an archive of a mailbox, the software will require 3 things:
- Autodiscover to locate the mailbox. Most organizations have this fully functioning already, but in some cases it is necessary to put an entry in ..\etc\hosts which points autodiscover.domain.com to the correct endpoint (usually an Exchange server)
- Access to the EWS URL returned by autodiscover for the mailbox
- Impersonation rights on the service account such that it can open the mailboxes and access the data
With these in place, the job can begin to perform operations on the mailbox such as reading items, marking items are published, deleting items, creating items, etc...
It's worth noting that, by default, Netmail Search will also have a requirement of the mail system. Unless otherwise configured, Netmail Search will authenticate users via the same Powershell URL provided to the Address Book Sync job. Authentication will be of the type 'Basic' so this mechanism must be permitted on the Powershell virtual directory (in IIS on the Exchange servers responding to the URL indicated above).