This article refers to Barracuda Message Archiver Legacy Release firmware or higher. An Office 365 Exchange online service account provides Exchange Server directory permissions to grant the Barracuda Message Archiver read access to all mailboxes. If you encounter issues running the PowerShell scripts in this article, you can temporarily change the Windows PowerShell script execution policy to unrestricted. Important: This setting removes all restrictions which means unauthorized PowerShell scripts can run. For more information, refer to the Microsoft TechNet article Using the Set-ExecutionPolicy Cmdlet. If this is a Cloud Service Provider (CSP) account, refer to this article Azure MFA Requirements for Microsoft CSPs to ensure the correct configuration is set. Windows 8 or 8.1 Windows Server 2012 or Windows Server 2012 R2 Windows 7 Service Pack 1 (SP1) Windows Server 2008 R2 SP1 Microsoft .NET Framework 4.5 or 4.5.1 and either the Windows Management Framework 3.0 or the Windows Management Framework 4.0 Verify the service account has a mailbox, and is not hidden in the Global Address list Microsoft Exchange Online Microsoft Exchange Online message throttling policies set bandwidth limits and restrict the number of processed messages. Throttling is enabled by default in Microsoft Exchange Online. Currently you cannot set policies to disable throttling in Exchange Online; for details, refer to the Microsoft Outlook dev blog. Barracuda is working on a solution to provide this option in the future. Enter the following command, and then press Enter: For more information, refer to the Microsoft TechNet article Connect to Exchange Online using remote PowerShell. Enter the following command, and then press Enter: Permissions are assigned on existing mailboxes only; if additional mailboxes are added to your organization, you must rerun this command. Service Account Password Setting When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings. To create an email service account: Use the following steps to set the permissions on Exchange where CUDASVC is the name of the Barracuda service account: Use the following steps to apply permissions for the service account where database name is the name of the specific Mail Store database rather than all databases: Continue with Microsoft Exchange Server Operations based on your Exchange Server: Service Account Password Setting When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings. To create an email service account: In the Exchange Management Shell, enter the following command to add View-Only Administrator permissions, replacing CUDASVC with the name of the Barracuda service account: add-exchangeadministrator CUDASVC -role ViewOnlyAdmin Important: If inheritance to the individual mail stores is not enabled on a custom mailbox database, to set the Send As, Receive As, and Administer Information Store permissions at the store level, you must enter the following command in the Exchange Management Shell: Continue with Microsoft Exchange Server 2007 Operations Create an Office 365 Exchange Online Service Account
Requirements
Connect to Office 365 Exchange Online
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User ServiceAccount@domain.com -AccessRights fullaccess -InheritanceType all -Automapping $false
Where ServiceAccount@domain.com represents your service account.
Configure a Microsoft Exchange Server 2010 and Newer Service Account
Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Add-RoleGroupMember "Organization Management" -Member "CUDASVC"
Get-MailboxDatabase -Identity database name | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Configure a Microsoft Exchange Server 2007 Service Account
get-mailboxserver Exchange2007 | add-adpermission -user CUDASVC -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
Add-ADPermission -identity "custom database name" -user "CUDASVC" -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
To verify the Send As, Receive As, and Administer Information Store permissions, enter the following command in the Exchange Management Shell, where Exchange2007 is the name of the Microsoft Exchange 2007 Server, dbname is the name of the Exchange mail database, and CUDASVC is the name of the Barracuda service account:
get-mailboxdatabase Exchange2007\dbname | get-ADpermission -user CUDASVC | Format-List