Enable Remote Archive With Exchange Hybrid
Deploying an Exchange Hybrid solution offers many opportunities to extend messaging services into the cloud. This is one of the biggest strengths of the Microsoft offering. We can provide on-premises, cloud only and hybrid solutions.
One capability is cloud based archives. This allows either:
- On-premises mailbox with an archive in Office 365
- Office 365 mailbox with archive also in Office 365
This post assumes that you have already deployed Exchange hybrid with the correct Office 365 subscription, and that a version of Outlook which supports archives has been rolled out to the relevant users. Additionally you must correctly design and deploy the necessary retention policy tags and policies to meet your specific business requirements. Ensure that your legal team is heavily involved in this process.
One item that needs to be addressed is how to enable a remote archive in a Hybrid Exchange solution. Simply going to the the Office 365 portal (https://portal.office.com) and clicking the enable option for the archive does not work. The same happens with remote PowerShell to Exchange Online. The PowerShell error is shown below:
Enable-Mailbox user-15 -Archive:$true
The following error occurred during validation in agent 'Windows LiveId Agent': 'Unable to perform the save operation. 'Username' is not within a valid server write scope.'
Is there really a write scope restriction in RBAC that is blocking the command? Not so much. We need to enable the archive from the on-premises management toolset rather than the cloud. This lab is based on Exchange 2010 SP3 RU9, so will use the Exchange Management Console and the Exchange Management Shell on the on-premises Exchange server.
Enabling Remote Archive Using Exchange Management Console
The Office 365 tenant was successfully added to the Exchange 2010 Management Console. It was given the label of O365. To view both cloud mailboxes and on-premises mailboxes ensure that the focus is placed upon the Recipient Configuration node. This is highlighted in the image below.
After confirming the prompt, the attributes on the mailbox will be updated. Through directory synchronisation they will flow to Office 365 and the archive will be provisioned.
Enabling Remote Archive Using Exchange Management Shell
To enable a remote archive through Exchange PowerShell we can run the below on the on-premises Exchange server:
Enable-RemoteMailbox MailboxName –Archive
As with the Exchange Management Console, the on-premises object’s attributes are then updated.
We are not yet done as the changes need to replicate to Office 365 through the directory synchronisation tool. Either wait for the next sync cycle or manually initiate one as noted here.
Examining The Attributes Modified
If we look at the MIISClient.exe tool on the directory synchronisation server, we can see the changes for the mailbox being replicated to Office 365. The below window shows the changes to the object User-15. Note that the changes column has been toggled to filter on attributes changed or added. The changes are highlighted in the red box as shown in the below image:
We can see that the msExchArchiveGuid and msExchArchiveName were added. The msExchRemoteRecipientType was changed from a value of 1 to 3.
Client Experience – Outlook
On the user’s Outlook 2013 client, Outlook automatically adds in the archive when autodiscover detects the updated settings. The instruction to mount up an archive is contain in the AlternativeMailbox section of the XML. This is highlighted below:
Which then looks like the below. Note that the archive is highlighted in the red box:
Client Experience – OWA
The user interface is very similar to Outlook 2013. Again the archive is highlighted.
Creating Office 365 Archive At Time Of Mailbox Creation
Updated 29-7-2015: Section below added for completeness.
It is also possible to directly create the archive mailbox in Office 365 when the mailbox is initially created. The below screenshots are from Exchange 2010. A mailbox is being created for Charlie Cloud. On the Archive Settings page, the default of no archive is then change to provision the archive mailbox directly in Exchange Online.
The previous screens have the default options, in the Archive Settings we now directly enable the archive in Office 365.
Note the remote routing address that is shown above. This lab was created using Exchange 2010 SP3 so it does not have the old school service domain present. This will be the case for most deployments, though if you did originally configure Exchange Hybrid back with Exchange 2010 SP1 using the manual steps then adjust the domain to be whatever you originally configured. Clicking the browse button allows you to easily see the target delivery domain that was configured.
Finally we complete the wizard which then starts execution.
And should then complete successfully.