It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Attention

Starting May 1st, 2018, we will no longer offer the ArchiveOne family of products. This includes all editions of ArchiveOne, ArchiveOne for Files, Max Compression, and Access Security Manager. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support until your contract expires, or until May 1st, 2019, whichever occurs first. The license for ArchiveOne is perpetual; therefore the software may continue to be used independently without any updates or support indefinitely.

How to Deploy ArchiveOne in an Exchange Resource Forest Topology

  • Last updated on

This article refers to the Barracuda ArchiveOne versions 6.5.3 and higher, and Microsoft Exchange 2010 and higher.

You can install Microsoft Exchange 2010 and later in an Exchange resource forest topology. In this deployment, there are two Active Directory (AD) forests:

  • The Accounts forest contains the user accounts for your organization, and has no Exchange deployment
  • The Exchange resource forest or dedicated Exchange forest is where Exchange is deployed and does not contain any user accounts

Users in the Accounts forest access their linked mailboxes in the Exchange forest. Users can log into their accounts and use Microsoft Outlook to access their mailboxes. For more information, see the Microsoft TechNet article Deploy Exchange 2010 in an Exchange Resource Forest Topology or Deploy Exchange 2013 in an Exchange resource forest topology.

Do not confuse the Exchange resource forest topology with a cross-forest topology where Exchange is installed in both forests, as described in the Microsoft TechNet article Deploy Exchange 2010 in a Cross-Forest Topology or Deploy Exchange 2013 in a Cross-Forest Topology.

Implementation Considerations

Keep the following points in mind when planning your deployment:

  • All members of the ArchiveOneUsers group (the security group for administrators of ArchiveOne) must have accounts in the Exchange forest. Only Exchange forest members who are members of that group can log into the ArchiveOneWebAdmin website, or assign users rights under the Roles and Users Node in the ArchiveOne Admin console.
  • Users connecting to the ArchiveOne Search (AOneSearch) website can do so with their Accounts forest account. Note that only Forms-based authentication for the Archive Search website is supported for this configuration. Windows integrated authentication can not be used in this scenario.
  • The PST Processor, Quick Link Client, and Laptop Client all support cross-domain activities.
  • If you are planning to run the PST Processor in uncoupled mode to process a file server in the Exchange forest, log on to the machine where you are running the PST Processor as the ArchiveOne Service account (ArchiveOneAdmin), just as you would in a single forest environment.
  • If you are planning to run the PST Processor in uncoupled mode to process a file server in the Accounts forest, that is, you want to run it as an account with rights to access all mailboxes so that you can migrate data from any PST into the assigned mailbox, log on to the machine as the ArchiveOneAdminAccountsForest user to run the PST processor.
  • If you need to change the password for the ArchiveOne service account users, ArchiveOneAdmin and ArchiveOneAdminAccountsForest, use the steps described in the article How to Update the Exchange Resource Forest Deployment Service Account Password.

Configuration of ArchiveOne Version 7.3 and Higher

To install ArchiveOne in an Exchange resource forest topology,

  1. Install ArchiveOne on a server in the Exchange forest.
  2. In the Accounts forest, create a new standard user account ArchiveOneAdminAccountsForest.
  3. Set the password for the ArchiveOneAdminAccountsForest user to the same password used for the ArchiveOne Service account created during installation in the Exchange forest.
  4. On the Archive server, open the Microsoft Services console (services.msc).
  5. Stop and disable the ArchiveOne Service.
  6. On the Archive server, browse to the Local Configuration Store in C:\ProgramData\Barracuda\ArchiveOne\LocalConfigurationStore.
  7. Open the Service.ini file in a text editor such as Notepad.
  8. In the additional configuration settings section at the end of the file, add the following values:
    1. AccForestCredentialsUserDomain=<FQDN>
      1. where <FQDN> is the fully qualified domain name (FQDN) of the Accounts forest domain containing the ArchiveOneAdminAccountsForest user account.
    2. AccForestCredentialsUserName=<SamAccountName>
      1. where <SamAccountName> is the SAM account name (limited to 20 characters) of the ArchiveOneAdminAccountsForest user account. This would typically be 'ArchiveOneAdminAccount'. To determine the SAM account name, view the Properties of the user account in Active Directory Users & Computers. On the Account tab, view the User logon name (pre-Windows 2000) to determine the SAM account name.
    3. AccForestCredentialsUserLogon=<ServiceLogon>
      1. where <ServiceLogon> is the same as the ServiceLogon value in the System_Service.ini.
  9. Save and close the file.
  10. In the Microsoft Services console, set the Startup type of the ArchiveOne Service back to Automatic and start the service. 

Configuration of ArchiveOne Version 7.2 and Earlier

The steps in this article involve editing the Windows machine registry. Using the Registry Editor incorrectly can cause serious, system-wide problems that may require you to re-install Windows to correct. Barracuda Networks cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk. It is highly recommended that you create a backup of the registry before making any changes.

To install ArchiveOne in an Exchange resource forest topology,

  1. Install ArchiveOne on a server in the Exchange forest.
  2. In the Accounts forest, create a new standard user account ArchiveOneAdminAccountsForest.
  3. Set the password for the ArchiveOneAdminAccountsForest user to the same password used for the ArchiveOne Service account created during installation in the Exchange forest.
  4. On the Archive server, open the Microsoft Services console (services.msc).
  5. Stop and disable the ArchiveOne Service.
  6. On the archive server, type regedit to open the Registry Editor.
  7. Browse to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AOnePolService\Parameters
  8. Right-click and create a new String value called AccForestCredentialsUserDomain. The value of the string is the fully qualified domain name (FQDN) of the domain containing the ArchiveOneAdminAccountsForest user account in the Accounts forest.
  9. Right-click and create a new String value called AccForestCredentialsUserName. The value of the string is the SAM account name (limited to 20 characters) of the ArchiveOneAdminAccountsForest user account. This would typically be ArchiveOneAdminAccount.
    • To determine the SAM account name, view the Properties of the user account in Active Directory Users & Computers. On the Account tab, view the User logon name (pre-Windows 2000) to determine the SAM account name.
  10. Right-click and create a new String value called AccForestCredentialsUserLogon. The value of the string is the same value as the existing ServiceLogon key.
  11. Right-click and create a new DWORD value called AccForestCredentialsUserStatus. The value of the DWORD is the same value as the existing ServiceLogonStatus key.
  12. You should have the following four new registry keys:
    • AccForestCredentialsUserDomain
    • AccForestCredentialsUserName
    • AccForestCredentialsUserLogon
    • AccForestCredentialsUserStatus
  13. Close the Registry Editor.
  14. In the Microsoft Services console, set the Startup type of the ArchiveOne Service back to Automatic and start the service.

Uncoupled PST Processing (all versions)

If you are going to run uncoupled PST processing, complete the following additional steps to create a linked mailbox.

  1. In the Exchange forest, open the Exchange Management Console (EMC).
  2. Expand Recipient Configuration, right-click Mailbox and click New mailbox. The Wizard opens.
  3. Select Linked mailbox as the mailbox type, and click Next.
  4. In the User Type page, verify New user is selected, and click Next.
  5. In the User Information page, enter the account name and user logon name as ArchiveOneAdminAccountsForest, and click Next.
  6. In the Mailbox Settings page, if necessary modify the default settings, and click Next.
  7. In the Master Account page, in Trusted forest or domain, click Browse and select the Accounts forest name.
  8. Turn on Use the following windows user account to access linked domain controller, and enter the ArchiveOneAdminAccountsForest user username and password.
  9. In Linked domain controller, click Browse and select a domain controller in the Accounts forest.
  10. In Linked master account, click Browse and select the ArchiveOneAdminAccountsForest user in the Accounts forest. Click Next.
  11. Review the configuration and then click New to create the mailbox. Click Finish to close the Wizard once the mailbox is successfully created.
  12. Open Exchange Management Shell, and run the command:
    Add-ADPermission –Identity ExchOrgName -UserAccountsForestDomain\ArchiveOneAdminAccountsForest -AccessRights ReadProperty,GenericExecute,WriteOwner,ExtendedRight –ExtendedRights ms-Exch-Store-Admin, Receive-As, ms-Exch-Store-Visible –InheritanceType SelfAndChildren
    Where ExchOrgName is the name of the Exchange Organization and AccountsForestDomain is the name of the Accounts forest domain where the ArchiveOneAdminAccountsForest user account resides.