BitTitan’s Google Vault Extractor is a command line tool that will automate the creation of Google Matters. After the creation and configuration of the matters, Google Vault will search the matters (based on input from BitTitan’s Google Vault Extractor) and prepare the results for export. Once the results are prepared, then BitTitan’s Google Vault Extractor will download the results.
The Google Vault Extractor must be run from a locally managed server. This export server is set up and maintained by the customer. This export server is a requirement and not provided by BitTitan. This server can be a local workstation, on-premise server, or a virtual server.
Set up and Configure the Google Vault Extractor
Command Options
1. GoogleVaultExport.lnk -process-start-args (mandatory)
2. Command (export -or- exportandupload) (mandatory)
a. Defines what action(s) the extractor should take.
i. exportandupload (most commonly used) will export and download the results to the Export Server. Once the results are downloaded to the Export Server, it will use UploaderWiz to upload the results to the Azure BLOB.
ii. export will export and download the results to the Export Server.
b. If using exportandupload (most commonly used), UploaderWiz is required.
3. clientid ClientID (suggested)
a. The ClientID is generated when you create an OAuth Client API in your Google tenant.
4. clientSecret ClientSecret (suggested)
a. The ClientSecret is generated when you create an OAuth Client API in your Google tenant
5. newEmailsTimeout 86400000 (suggested)
a. Specifies the wait time in milliseconds for new email during an export.
b. Not defining this results in the default value, 15 minutes.
6. compressionTimeout 86400000 (suggested)
a. Specifies the wait time in milliseconds for Exporter while Google Vault compresses the export. Not defining this results in the default value, 15 minutes.
7. missingEmailThreshold xxxx (optional)
a. Replace xxxx with a number that is an acceptable number of missing items.
b. By default 0 is the acceptable number of missing items.
c. For more information, see Mismatch in number of emails export.
8. inputFile c:\GVE\input.txt (mandatory)
a. This file contains a list of the Google Vault users that will be exported.
b. Read Google Vault Best Practices for more information on formatting.
9. outputFolder c:\GVE\export (mandatory)
a. This defines where Google Vault Extractor should store the data extracted from Google Vault.
10. uploadAccessKey StorageAccountName (mandatory if using exportandupload command)
a. Name of the Azure Storage Account.
b. For more information, read the Google Vault Migration Guide.
11. uploadSecretKey (mandatory if using exportandupload command)
a. Secret key to the Azure Storage Account.
b. For more information, read the Google Vault Migration Guide.
12. uploadBucketName PublicBlobContainerName (mandatory if using exportandupload command)
a. Name of the public blob container where UploaderWiz should place Google Vault's files.
b. For more information, read the Google Vault Migration Guide.
13. searchTerms ""label:^deleted OR -label:Draft OR -in:spam"" (optional)
a. Search term used within a Matter to retrieve a specific data set for export. Read more: Use search operators. Not defining this will result in Google Vault exporting all mail for the specified user.
b. The example above would export all permanently deleted mail except those labeled "Draft", or existing in "Spam". A search operator using a – in front will result in excluding it.
c. SearchTerms labels must be enclosed in 2 double quotes such as -searchTerms ""label:^deleted OR in:trash""
Search Terms
It’s strongly recommended that you review the Google website and are familiar with how the search operators work. These are a function of Google and if they are not used correctly, it may result in missing email or not exporting the results that you were expecting. Using search search terms is the key to what is extracted from the Google Vault Mailbox.
Common Search Terms
Anything with a dash (-) in front of it means that it will be excluded from the export.
- label:^deleted This option is used when you want to extract the permanently deleted items.
- in:trash - This option is used when you want to extract the items in the trash.
- -in:trash - This option is used when you don’t want to extract the items in the trash.
- in:drafts - This option is used when you only want to extract the items in the drafts folder.
- -in:drafts - This option is used when you don’t want to extract the items in the drafts folder.
- older_than:1y This option is used when you only want to extract items older than one year.
- newer_than:1y This option is used when you only want to extract items newer than one year.
Building the Right Syntax
Building the right syntax for the BitTitan Google Vault Extractor is all dependent on what data needs to be extracted from Google Vault. The commands can be structured to fit your needs and be customized depending on velocity, security requirements, extractor server size, data export requirements, and throttling on the Google side.
To launch the extractor utility, open the command prompt as an administrator and navigate to the working directory.
Example: Search, Export, Download then Upload automatically using your own Google Vault OAuth Client API Setup:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""
- "-command exportandupload option is used when you plan to use BitTitan’s UploaderWiz to automatically upload the exported results to the Azure BLOB.
- -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET option is used when using your own Google Vault OAuth Client API setup.
- -searchTerms ""label:^deleted"” option is used when you want to export only the permanently deleted items from Google Vault.
Example: Search, Export, and only Download. This option is most commonly used when you plan to use another tool (e.g. AzCopy) to upload the data into the Azure BLOB.
GoogleVaultExport.lnk -process-start-args "-command export -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -searchTerms ""label:^deleted OR in:trash"""
- -command export If you use this option, you will have to manually upload the data into the Azure BLOB, before MigrationWiz can migrate it.
- -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET is used when using your own Google Vault OAuth Client API setup.
- -searchTerms ""label:^deleted OR in:trash"" is used when you only want to export the permanently deleted and items in the trash from Google Vault.
Example: Search, Export, Download then Upload automatically, using BitTitan Shared Client API:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""
- Automatic upload: "-command exportandupload is used if you plan to use BitTitan’s UploaderWiz to automatically upload the exported results to the Azure BLOB.
- Exporting permanently deleted items: -searchTerms ""label:^deleted"" is used if you only want to export only the permanently deleted items from Google Vault.
This option will use the BitTitan Shared Client API.
This will automatically launch a browser window for authentication. Log in with the Google Administrator Account and select that account to authenticate for access to Google Vault data. To switch to a different Google Administrator account after logging in with this command, you can use the reset option GoogleVaultExport.exe "-command reset".
Extraction Process
BitTitan Google Vault Extractor will create and configure the matter based on a list of users. When the matter is created, we instruct Google to search the matter based on the terms specified. Google searches Vault, prepares and exports. During the search, we log the number of anticipated items Google will return in the export. When Google has the export results ready for download, BitTitan Google Vault Extractor will automatically download the export from Google. The export is downloaded to a local Export Server and stored until it can be uploaded back into an Azure BLOB. BitTitan Google Vault Extractor can be setup to sequentially download from Google, then upload to Azure. The extractor will download two files from Google: the compressed zip folder with the data and an XML file. It will also create a .done file that indicates a successful extraction. If the extractor fails, it will create a .fail file for the user.
The export needs to be in Azure because that is where MigrationWiz can read the file and start the migration of data into the Office 365 mailbox. Since Google Vault is a compliance system and not an archive, the typical destination for the data is in the Recoverable Items Folder in the user’s primary mailbox. It’s important to place the users mailbox on Litigation Hold, before migrating any contents.
Running the Google Vault Extractor
1. From the Export Server, open an administrative command prompt.
2. Navigate to your working directory.
3. Run the command to Search, Export, Download, and Upload (optional).
Example: Search, Export, Download then Upload automatically using your own Google Vault OAuth Client API Setup:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""
Example: Search, Export, Download then Upload automatically NOT using your own Google Vault OAuth Client API Setup:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms ""label:^deleted"""
4. This will automatically launch a browser window for authentication. Log in with the Google Administrator Account and select that account to authenticate for access to Google Vault data.
Switching Google Administrator accounts: To switch to a different Google Administrator account after logging in with this command, you can use the reset option GoogleVaultExport.exe "-command reset".
5. Once access is granted, the extractor will run in the command window.
6. When completed:
a. Confirm that all expected Google Vault data is available in the Azure BLOB, if you used the option to extract and upload or
b. Manually upload the results to the Azure BLOB if you used the option to only extract.
Important: The extractor will download two files from Google. The compressed zip folder with the data and an XML file. It will also create a .done file, which indicates a successful extraction. It will do this for each user in the input file.
Fail States: If the extractor fails on a user, it will create a .fail file for the user.