Creating a new connection to Exchange server

To be able to back up your Exchange data in CodeTwo Backup, you first need to configure a connection to your server. The program allows you to configure multiple connections to both on-premises Exchange servers, as well as Office 365 (Exchange Online).

You can configure a new connection to your Exchange Server when creating a new backup job or directly from the program’s Dashboard, by clicking the Settings button () on the Defined server connections card and selecting New > Exchange connection (Fig. 1.).

Backup opening manage server connections
Fig. 1. Creating a new Exchange connection.

The Exchange Server connection wizard will open (Fig. 2.). In the Server type step of the wizard, you can choose between connecting to:

Backup Exchange connection server type
Fig. 2. The Exchange Server connection wizard.

Once you make your selection, click Next to proceed.

Connecting to Office 365

One you choose Office 365 in the first step, you will be directed to the next step: Office 365 cloud. Choose, if you want to connect to Office 365 global (or simply Office 365) or to Office 365 Germany (Fig. 3.). Since Office 365 and Office 365 Germany are completely independent clouds, it is not possible to use the Office 365 credentials to log in to Office 365 Germany and vice versa. If your Office 365 email address ends with .de, for example admin@my-company.onmicrosoft.de, you’re using the Office 365 Germany cloud. Read more about Office 365 Germany.

Backup Exchange connection Office 365 cloud
Fig. 3. Selecting the Office 365 cloud.

In the Admin's credentials step of the wizard, enter the email address and password of your Office 365 administrator (Fig. 4.). This admin needs either to be assigned the global administrator role or fulfill these minimum requirements. We also recommend entering the admin account name by using its primary email address from the *.onmicrosoft.com (or *.onmicrosoft.de for Office 365 Germany) domain. That way, you will know for sure that you are always connected to the right tenant, even when you change the domain or add a new vanity domain on your Office 365 tenant. 

Backup O365 connection admin credentials
Fig. 4. Entering the Office 365 admin credentials.

Important

If multi-factor authentication (MFA) has been enabled for this account, remember to use the app password instead of your regular Office 365 password. Learn more.

In the last step, Configuration, the program will attempt to connect to your Office 365 tenant based on the data provided in the previous steps of the wizard. To start the verification process, click Configure and wait for the results (Fig. 5.). During this process, the program checks the server connection, verifies the impersonation rights (and grants them, if necessary), and tries to enumerate mailboxes by using PowerShell.

Backup O365 connection configuration
Fig. 5. Verifying the connectivity to Office 365.

You can use the links provided in the Steps to consider section for additional configuration options:

Once the configuration process is finished, you can also check the administrator's impersonation rights on a selected user mailbox. To do so, click the Test link next to Test connection to your Exchange Server. This will open a new window, where you can either manually enter the primary SMTP address of the user's mailbox in question or click Browse to open the Select user window that shows a list of all Office 365 users with their names and email addresses (Fig. 6.). 

Backup O365 connection list of users
Fig. 6. Browsing through Office 365 users.

Important

Be advised that the values shown in the User name column are NOT taken from the user's properties (such as UserPrincipalName, DisplayName, FirstName, LastName) or mailbox aliases, etc. This is why you may not find a specific user you are looking for. 

Instead, these are CommonName (CN) values from the DistinguishedName property (see MSDN and Technet for more information). Sometimes this identifier may be different than the actual name of a user or the user's mailbox alias. If you want to view or edit the CN value, connect to your Exchange on-premises or Exchange Online (Office 365) via PowerShell and check or assign the value of mailbox property name using get-mailbox or set-mailbox cmdlets.

To choose a user, select a person on the list and click OK. Next, click Test to run the test (Fig. 7.). You can select only one user at a time to perform the test. If the user you want to perform the test on is not listed, clicking Refresh may help. This will reload the list of users.

Backup O365 connection test impersonation rights
Fig. 7. Verifying admin's impersonation rights on a selected mailbox.

Info

In case the test is not successful, try setting the impersonation rights manually for that mailbox.

If you have successfully connected to Office 365, click Finish to close the wizard. If you get any errors instead, consult the Troubleshooting section.

Important

After closing the connection wizard, you also need to click OK in the Manage server connections window (Fig. 8.) to save your connection. This will automatically close the window and store your settings. Otherwise, the connection will not be saved, and you will have to start from the beginning.

Backup O365 manage connection confirmation
Fig. 8. Confirming the connection settings.

After confirming your server's connection settings, you will be able to use this connection to create backups of mailboxes and public folders residing on this Office 365 tenant. Furthermore, you can also use this connection to restore backed-up Exchange data to that tenant.

Connecting to on-premises Exchange Server

In the Server connection step, select how the program should connect to your Exchange server. To connect to a server from the same domain where the program is installed, select the Autodiscover Exchange Server option. Your server will be located automatically. If you want to set up a connection to a server from a different domain, you need to select the Configure connection manually option and enter the server's Fully Qualified Domain Name (DNS) or IP address in the Server name field (Fig. 9.). The server's FQDN consists of the server's name followed by the domain name, e.g. myserversname.domain.com. The EWS URL field will be completed automatically.

Backup Exchange connection server connection
Fig. 9. Providing the EWS URL manually.

Warning

If you use the IP address of a server instead of its name, you first need to configure its PowerShell Virtual Directory in IIS to allow basic authentication. Otherwise, the program will not be able to grant impersonation rights on users' mailboxes or enumerate target mailboxes. As a result, you will get errors (failure notifications) when your connection settings are verified and the program will not be able to run any jobs by via such a connection.

In the next step, Admin's credentials, provide the User Principal Name (UPN) and password of the admin account that will be used to connect to your Exchange Server. The Administrator's UPN field is filled in automatically with your local admin credentials, that is the credentials of the user who is currently using the program (Fig. 10.).

Backup Exchange connection admin credentials
Fig. 10. An administrator's UPN proposed automatically by the program.

Important

Make sure that the provided admin account is mailbox-enabled, has appropriate UPN suffix configured, and has impersonation permissions on users' mailboxes. By default, members of the Organization Management group fulfill these requirements. Read more on how to create an account with the minimum required permissions to be used in CodeTwo software.

To use a different administrator account, enter the UPN manually or select another user via the Browse button. To select an admin account from another domain, in the Select User dialog box click Locations first and select the required domain (Fig. 11.).

Backup Exchange selecting domains
Fig. 11. Choosing a different domain.

Info

The Browse button can only be used to list administrators from the same domain or from different trusted domains. If you want to use an admin account from an untrusted domain, you will have to type the UPN manually.

In the last step, Configuration, the program will attempt to connect to your Exchange Server based on the data provided in previous steps of the wizard. To start the verification process, click Configure and wait for the results (Fig. 12.). During this process, the program checks the server connection, verifies the impersonation rights (and grants them, if necessary), and tries to enumerate mailboxes by using PowerShell.

Backup Exchange connection configuration
Fig. 12. Verifying the connectivity to your Exchange Server.

You can use the links provided in the Steps to consider section for additional configuration options:

Once the configuration process is finished, you can also check the administrator's impersonation rights on a selected user mailbox. To do so, click the Test link next to Test connection to your Exchange Server. This will open the Test impersonation rights window (Fig. 13.). Enter the primary SMTP address of the user's mailbox in question or click Browse and select the user from the Active Directory. Click Test to run the test.

Backup Exchange test impersonation rights
Fig. 13. Verifying admin's impersonation rights on a selected mailbox.

Info

In case the test is not successful, try setting the impersonation rights manually for that mailbox.

If you have successfully connected to the selected Exchange Server, click Finish to close the wizard. If you get any errors instead, consult the Troubleshooting section.

Important

After closing the connection wizard, you also need to click OK in the Manage server connections window (Fig. 14.) to save your connection. This will automatically close the window and store your settings. Otherwise, the connection will not be saved, and you will have to start from the beginning.

Backup Exchange manage connection confirmation
Fig. 14. Confirming the connection settings.

After confirming your server's connection settings, you will be able to use this connection to create backups of mailboxes and public folders residing on this server. Furthermore, you can also use this connection to restore backed-up Exchange data to that server.

Was this information useful?