Performing Document Level Backups and Restores › Backup Agent Service Account Requirements for Document Level Backup and Restore

Backup Agent Service Account Requirements for Document Level Backup and Restore

To perform a document level backup and restore job, your backup agent service account must meet the following criteria on the Exchange server:

• It must be a domain account.
• There must be a mailbox. For Exchange Server 2003 or 2007, this mailbox must be on the Exchange server which you plan to back up or restore to. Only users who have a mailbox on the Exchange Server have access to the document level operation.

  The name of the mailbox must be unique. A unique name is a name that does not exist in the organization as a subset of characters in another mailbox name. For example, if there is a mailbox named Administrator in your organization, you cannot use the name Admin.

• It must be a member of the Administrator group.
• It must be a member of the Backup Operators group.
• On Exchange Server 2003 systems, it must be assigned the Exchange Full Administrator Role.
• On Exchange Server 2007 systems, it must be assigned either the Exchange Organization Administrator Role or the Exchange Server Administrator Role.
• On Exchange Server 2010/2013 systems, it must be assigned the Exchange Organization Management Role.
• If you selected the agent option, Backup Additional User Properties, and then restore the mailbox with user properties using the options, Create mailboxes if specified mailboxes do not exist and Create user if not existing, it must be assigned the Exchange and Domain Admins Roles.
• It must be assigned the Exchange Server MAPI Owner role on every public folder you intend to back up and restore because permissions for public folders can vary. If a lower permission level is assigned, back up or restore may fail or duplicate items may be restored because the backup agent service account does not have the permission to delete original documents. The method that you use to assign Exchange Server MAPI Owner role varies depending on the version of Exchange in your environment:

  Exchange Server 2003

  To assign this role, open the Exchange System Manager, right-click the public folder you want to back up or restore, and select Properties. When the Properties dialog opens, click the Permissions tab, click the Client permissions button, either add a new client with the Owner role or modify an existing client to assign the Owner role, and then click OK.

  Exchange Server 2007 and Exchange Server 2010

  To assign this role, use the Exchange Management Shell command add-publicfolderclientpermission to grant the user Owner access rights.

Note: If Exchange Server 2010 co-exists in an organization with other Exchange Server versions, make sure the designated user backup account has a mailbox that resides on the same version of the Exchange mailbox that is being backed up.