- "I deleted an important message, and you have to get it back for me right away."
- "I deleted all the stuff in my Junk Mail folder, but now I think there was an important message in there. How can I check?"
- "I cleaned out all my deleted items like you told me to and now I can't find some messages that I really, really, really need. Get them back for me."
- "I was archiving my inbox last night and Outlook blew up and now I can't see any of my messages. This email system of yours really sucks."
- Finally, one that you might hear from a colleague: "I accidentally deleted a user last night and I re-created the account, but now he can't get his email."
Some of these problems seem trivial, others complex, but they all could require considerable corrective work on your part if you don't take a few precautions.
Do you want to do hours of work or seconds of work? Not a tough choice.
Deleted mailbox retention
When you delete a user from Active Directory, or remove the user's Exchange attributes by deleting a user's mailbox, Exchange does not immediately wipe the mailbox from the store. Instead, it retains the mailbox intact for a period of time to give you a chance to either change your mind or to assign the mailbox to another user.
Each mailbox store has a setting that determines the deleted mailbox retention interval. By default, Exchange sets a 30 day interval. You can change the interval using the Limits page of the Properties window for a mailbox store, as shown in Figure 5.63. You can also set a System Policy to manage the retention interval for all mailbox stores in an Administrative Group.
Deleted user identification in ESM
Exchange periodically monitors the status of Active Directory users to make sure they still have links to their mailboxes. The Mailbox Cleanup Agent does this work.
You can manually initiate a Mailbox Cleanup Agent session from ESM. Right-click the Mailboxes icon under a mailbox store and select Run Cleanup Agent from the flyout menu, as shown in Figure 5.64.
If the Mailbox Cleanup Agent determines that a mailbox no longer has an owner, it flags the mailbox in ESM with a big X next to the original owner's name.
You might also notice that the "Last Logged On By" entry for the mailbox shows a bare SID, indicating that the system cannot resolve the SID to a friendly name because the user account has been removed from Active Directory.
Recovering the deleted mailbox
Once the Mailbox Cleanup Agent has flagged a mailbox as having no link to a User object, you can then link the mailbox to another user who does not have a mailbox.
You must see a red X on the mailbox in ESM before you can relink the mailbox. If you delete a user but you do not see a red X, manually initiate the Mailbox Cleanup agent for the mailbox store. You might need to wait a few minutes and refresh the console before the red X appears.
Right-click the mailbox in ESM and select Reconnect from the flyout menu. Use the object picker to select a new account for the mailbox. Exchange updated the Active Directory account, and the mailbox and ESM shows the selected user as the new owner after you refresh the console. The process takes only a few seconds.
You must have Exchange Full Administrator privileges to link a mailbox to another user. This gives your account permission to scan the Deleted Objects container looking for the original user. If someone with simple Exchange Administrator permissions attempts to reconnect a mailbox, the system refuses to comply and displays an error saying that the administrator does not have the rights to complete the operation.
Deleted item retention
Now let's deal with the users who accidentally delete a message, calendar appointment, or task item from their mailbox. Ordinarily, Outlook simply moves deleted items to the Deleted Items folder where the user can drag them back.
Things get a bit more complicated if the user empties the Deleted Items folder. You might get a panicked call when the user discovers that an important message got purged.
Exchange comes to the rescue in these situations by not actually deleting items when the user empties the Deleted Items container. Instead, Exchange gives the items a special mark that flags them as purged so that they do not display in Outlook or an Internet client. The messages remain available for recovery for a period of time -- seven days by default -- and you can do the recovery in Outlook and OWA.
Recovering purged items from the Deleted Items folder
You can walk a user through this process. Have the user highlight the Deleted Items container and then select Tools -> Recover Deleted Items from the flyout menu, as shown in Figure 5.65.
This opens a Recover Deleted Items From -- Deleted Items window, as shown in Figure 5.66.
Highlight the item you want to recover and click the Recover Selected Items menu. This moves the item back into the Deleted Items folder where the user can then drag the item into another folder.
Deleted items obey the same single instance storage rules as any other item in the Exchange Store. If a message gets sent to 20 recipients who share the same mailbox store, only one copy of the item actually resides in the store, whether or not the item has been flagged for purging. This means you can increase the interval from seven days without getting a tremendous increase in the size of the Exchange store.
Recovering from "hard" deletes
Ordinarily, deleted items pass through the Deleted Items folder on the way to oblivion, so recovering purged items from Deleted Items makes sense in most cases. Here are some exceptions:
- The user presses Shift+Del to delete the item.
- A POP3 user deletes a message, or an IMAP4 user purges a message without first deleting it.
- An offline user deletes an item and then purges the Deleted Items folder before syncing with Exchange.
Microsoft calls these "hard" deletes because they don't pass through the Deleted Items folder. As it turns out, though, Exchange treats hard deletes just like any other deleted item. It simply flags the item as purged and retains it for the duration of the Deleted Item Retention period, seven days by default.
If you want to recover hard deleted items, set a Registry entry that allows Outlook to expose the Recover Deleted Items window from any folder, not just the Deleted Items folder:
Key: HKLM | SOFTWARE | Microsoft | Exchange | Client | Options Value: DumpsterAlwaysOn Data: 1 (DWORD)
Ordinarily, it's not a good idea to let the users believe that a "hard" delete truly lasts forever because they might recover a virus-laden message that they originally deleted using Shift+Del.
15 tips in 15 minutes: Managing recipients and distribution lists
Tip 1: Exchange security groups
Tip 2: Group membership expansion
Tip 3: Managing Exchange group email properties
Tip 4: Exchange 2003 Query-Based Distribution Groups
Tip 5: DSAccess for Exchange
Tip 6: DSProxy for Exchange
Tip 7: Managing Exchange recipient policies
Tip 8: Exchange Recipient Update Service and proxy addresses
Tip 9: Restricting mail storage on an Exchange server
Tip 10: The Exchange server mailbox management service
Tip 11: Blocking a user's email access
Tip 12: Accessing another user's mailbox in Outlook
Tip 13: Exchange mail retention
Tip 14: Managing recipients with system policies
Tip 15: Managing recipients with Global Settings
This chapter excerpt from Learning Exchange Server 2003 by William Boswell is printed with permission from Addison-Wesley Professional, Copyright 2004. Click here for the chapter download or to purchase the book.