Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
Veeam Explorers User Guide

Required Permissions

The following table lists required permissions for user accounts to back up and restore Microsoft Exchange data.

Operation

Required Roles and Permissions

Backup

For more information, see:

Restore to Microsoft Office 365 and on-premises Microsoft Exchange from backups created by Veeam Backup & Replication and Veeam Backup for Microsoft Office 365

To restore data to Microsoft Office 365 and on-premises Microsoft Exchange, make sure to configure user accounts as follows:

Restore to a Public Folder

  • The account being used must own a mailbox on a target Microsoft Exchange server.
  • The account must be assigned the Organization Management role on a target Microsoft Exchange server. See Assigning Organization Management Role.
  • To restore In-Place Hold Items to the original location:
    If the In-Place Hold Items folder already exists, make sure the account being used can create, modify and delete items. If the In-Place Hold Items folder does not exist, the account being used must be able to create folders under the All Public Folders root node.

Restore to a Mailbox

  • If the account owns a mailbox, make sure it has Full Access.
  • If the account does not own a mailbox, then access must be granted through impersonation. See Granting Full Access.

Examples

Assigning Organization Management Role

To assign the Organization Management role, use the following cmdlet.

Add-RoleGroupMember “Organization Management” –Member “<user_account>”

For more information about the Add-RoleGroupMember cmdlet, see this Microsoft article.

Granting Full Access

To grant Full Access to the account that owns a mailbox, use the following cmdlet.

Add-MailboxPermission –Identity “<target_mailbox>” -User “<user_account>” -AccessRights FullAccess –InheritanceType All

For more information about the Add-MailboxPermission cmdlet, see this Microsoft article.

To grant Full Access to the account that do not own a mailbox (i.e. through impersonation), use the following cmdlet.

New-ManagementRoleAssignment -Name "<role_name>" -Role ApplicationImpersonation -User "<user_account>"

For more information about the New-ManagementRoleAssignment cmdlet, see this Microsoft article.

Recalling Given Permissions

To recall given access level, run either of the following cmdlet. 

Remove-ManagementRoleAssignment "<role_name>"

Remove-ManagementRoleAssignment -Identity <role_name>

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions

Veeam Availability for Nutanix AHV

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation