Backup Exec 2010 + 2012 User/Service Account rights when Hyper-V host is in a Workgroup

When installing Backup Exec 2010 or 2012 in a Domain Environment it will automatically create a Backup service account and will automatically assign the correct rights to the account.

Problem is in a Virtualized environment were you have no physical Domain Controllers your Hypervisor is usually in a Workgroup. So when installing Backup exec it creates a Service account for the workgroup but not for the domain.

Below is the steps to manually create an account for the domain as well as to assign the correct permissions and rights.

1. Create a normal account in Active Directory called “Backup” and give it a password.

2. Set the password of the account to never Expire

3. If you will be backing up the System state of Domain Controller make the account part of the Domain Admins group.

4. The account should have its primary role as Domain Admin.

5. Assign the following rights to the account.

The below will happen in the Domain Controllers Security Policy as well as any Security Policies that control your member servers.

Act as part of the operating system
Backup files and directories
Create a token object
Logon as a batch job (Windows 2008 only)
Logon as a service
Manage auditing and security log
Restore files and directories
Take ownership of files and other objects

Also make sure the account is not added under the following:

Deny logon as a service
Deny logon as a batch

Public Folders not Replicating Exchange 2007 to Exchange 2010

During your migration from Exchange 2007 to Exchange 2010 you have followed our guide to replicate your Public Folders but when checking the Folder are still not replicating.

One of the reasons that can cause this is when the 2007 server was originally migrated from Exchange 2003 and an empty “Servers” containers was originally left in the old First Administrative Group.

To resolve the issue please follow the following steps:

1. Connect to one of your Domain Controllers

2. Open Adsiedit

3. Expand the Configurations container and go to: CN=Services, CN=Microsoft Exchange, CN=”Your Organisation”, CN=Administrative Groups, CN=First Administrative Group, CN=Servers


4. Check to see if the Servers container is empty. If its empty delete the container.

5. Give it some time and use the following command to see if Public Folder replication has started.

Get-PublicFolderStatistics -Server Exchange 2010

6. When this is done you can complete the Public Folder migration using this guide.

Public Folder replication Exchange 2007 to 2010

When migrating from Exchange 2007 to 2010 and you have moved all the mailboxes across. Now comes the time to move the Public Folders. Below is a set by step guide with the required Powershell commands to move your Public Folders.

1. Add new Exchange 2010 server to the Personal Public Folder replica set:

.\AddReplicaToPFRecursive.ps1 -server Exchange2007 -TopPublicFolder “\” -Servertoadd Exchange2010

2. Add new Exchange 2010 server to the System Public Folder Replica set:

.\AddReplicatoPFRecursive.ps1 -TopPublicFolder “\Non_IPM_Subtree” Servertoadd Exchange2010

3. Manually Start the replication process.

Update-PublicFolderHierarchy -Server Exchange2010

4. Monitor the replication status

Replication can days to happen so do it as early as possible. Run the below commands on new and old server to compare the amount of Public Folders and items to know when all Public Folder items have replicated.

Old Server:

Get-PublicFolderStatistics -Server Exchange 2007

New Server:

Get-PublicFolderStatistics -Server Exchange 2010

5. When the Replication has completed we need to remove the old server from the Replica set.

.\RemoveReplicaFromPfrecursive.ps1 -server Exchange2010 -TopPublicFolder “\” -ServerToRemove Exchange2007

.\RemoveReplicaFromPfrecursive.ps1 -server Exchange2010 -TopPublicFolder “\Non_IPM_Subtree” -ServerToRemove Exchange2007

6. Once this is completed go the the Exchange 2007 server – EMC – Server Configuration – Mailbox. On the properties of your Mailbox Database under client settings change the Default Public Folder Database to the one residing on the Exchange 2010 server.

7. To uninstall Exchange you will need to delete the old Public Folder Database. Log onto the EMS of your Exchange 2010 server and run the following command:

Remove-PublicFolderDatabase -Identity “Old Public Folder Database”




Slow Mailbox move Exchange 2003 to 2010

You’ve completed the initial part of the Exchange 2010 migration and have now come to the point were you need to start moving mailboxes. You start to move the mailboxes but they seem to be taking ages to move. If you look under your move request tab you will see that only 2 mailboxes are moving at a time. I think the reason Microsoft limits this to 2 is because Exchange was configured so you can move the mailboxes during business hours with hardly any interference to the users.

Like most of us thou we move mailboxes outside of office hours so we would like to speed up the process.

Below is the steps to increase how many simultaneous mailboxes can move at any one time.

1.  Edit the following file: C:\Program Files\Microsoft\Exchange Server\V14\Bin\MsExchangeMailboxReplication.exe.xml using Notepad.

2. Increase the “MaxActiveMovesPerSourceMDB” from 2 to your desired number. I have found 5 to be a good starting point. Make sure you do this under MRSConfiguration section not the section above it.

3. Restart the Microsoft Exchange Replication Service and restart the Mailbox Move.

This should resolve the slow move. I have found that this makes a massive difference from taking 2 days to move a certain amount of mailbox to only 8 hours.

Configure Backup Exec 2010 + 2012 on VMware to Backup to Tape

This method below will guide in using VMware pass-through to connect a Physical tape device to a Virtual Machine.

1. Install Backup Exec on the Virtual Machine that you would like to be the Media Server, run updates then restart server. Do this until Backup Exec is    completely up to date.

2. Shutdown the Virtual Machine

3. Go to your Vmware Manager and edit the particular Virtual Machine that runs Backup Exec.

4. Click on Add – Hardware and select SCSI Device

5. Make sure the correct Tape device is selected

6. The Finish page will be displayed

7. Restart the Host server then start the Virtual Machine.

8. Go to Device Manager on the specific Virtual Machine and check if the Tape Device is listed.

10. Open Backup Exec. Go to Devices – Right click the server and select “Configure Tape Devices”

10. Select install Tape Device drivers. Leave defaults in place and keep clicking next. A Popup will appear asking if you would like to install unsigned drivers. Select install anyway.

11. Wizard will complete. Restart the Virtual Machine.

Now you will be able to run backups on the Virtual Machine as if it was a physical device.


Configuring a Dell PowerVault SAN

Below is a brief description of how to configure a Dell PowerVault SAN.

On iSCSI Network cards on Server:

  • Disable client for MS networks
  • Disable Netbios over TCP
  • Disable File & Printer sharing
  • Do not register connection in DNS
  • Enable Jumbo Frames and set to 9000
  1. Configure Jumbo frames on SAN, Switches and Server (9000 on server and SAN – Just enable on Switches)
  2. Disable Spanning Tree port fast on switches (Recommended to disable if using SAN)
  3. Connect to SAN management port (Default IP’s of SAN management ports – & 102)
  4. Set your IP to same range – Wait bit for default static IP’s to be assigned (Will look for DHCP and after 150 seconds assign default static IP)
  5. Install Dell Storage Manager Software (Run auto discover and it will pick up the SAN)
  6. Using software configure Raid Pools and Virtual Discs
  7. Rename Server network Cards to appropriate names.
  8. Configure switches  according to:
  9. Configure IP address of SAN iSCSI ports as well as set frames to  9000 (Jumbo Frames)
  10. Enable Jumbo frames on Server NIC’s (9000).
  11. Disable client for MS networks
  12. Disable netbios over tcp
  13. Disable File & Printer sharing
  14. Do not register connection in DNS
  15. Assign IP addresses to Server NIC’s
  16. iSCSI Initiator configuration follow below:
  17. Discover portal add IP address of SAN iSCSI NIC’s (PowerVault limited to 2 connections and Equalogics to 4)
  18. Back to targets and select target and say connect
  19. Select enable multipath
  20. Click advanced – set local adapter as iSCSI initiator
  21. Set Initiator IP address
  22. Set corresponding target IP address
  23. Go to properties of target – Add session – Enable multipath – advanced – set local and target to secondary iSCSI connection on SAN
  24. Go back to Storage Manager and add host
  25. Assign volumes to host.

Cross Forest migration – Exchange 2010 and Active Directory

Below is a brief description of how to do a cross forest migration which includes Exhange and all AD accounts. This was done with Server 2008, Exchange 2010 and ADMT 3.2 (Active Directory Migration Toolkit).

Before you begin you would need to download ADMT and PES (Password Export Server):

ADMT 3.2 –

PES Service –

1. Install SQL2008R2 SP1 express on target server (Page 60 on ADMT migration guide).

2. Install ADMT on target domain.

3. Create encryption key from target server from command line: admt key /option:create /sourcedomain: /keyfile: /keypassword:{|*}

4. Install Password server (PES Service) on source server and start service.

5. Create trust between the two domains.

6. Migrate groups using ADMT.

7. Run .\prepare –moverequest to prepare mailboxes.

8. Move mailboxes to new server: New-moverequest

9. Migrate AD accounts using ADMT.

10. Use ADmodify to change that users are not requested to change password at first logon – Can also set via AD per user – Set “PwdLastSet” attribute to –1

11. Migrate user profiles using security translation wizard.

12. Migrate computer accounts.

13. Migrate groups again.

14. Copy GPO’s (Using Cross-Domain copying wizard).

15. Re-add distribution groups on new exchange server.

16. Reconfigure any AD integration devices (Eg: Sonicwall AD integration).