Article

Exchange mail retention

William BoswellAddison-Wesley Professional, Copyright 2004
Users call upon Exchange administrators for help with a variety of problems. Here is a brief list:
  • "I deleted an important message, and you have to get it back for me right away."

  • "I deleted all the stuff in my Junk Mail folder, but now I think there was an important message in there. How can I check?"

  • "I cleaned out all my deleted items like you told me to and now I can't find some messages that I really, really, really need. Get them back for me."

  • "I was archiving my inbox last night and Outlook blew up and now I can't see any of my messages. This email system of yours really sucks."

  • Finally, one that you might hear from a colleague: "I accidentally deleted a user last night and I re-created the account, but now he can't get his email."

Some of these problems seem trivial, others complex, but they all could require considerable corrective work on your part if you don't take a few precautions.

    Requires Free Membership to View

    Login

You are reading tip #13 from "15 tips in 15 minutes: Managing recipients and distribution lists," excerpted from Chapter 5 of the book Learning Exchange Server 2003, published by Addison-Wesley Professional.
For example, recovering a user's mailbox (or recovering a single deleted message within a mailbox) involves a lengthy tape restore of the entire mailbox store followed by an extraction and import of the user's mailbox contents. Instead, you can set a retention interval for mailboxes and mailbox items and simply grab the deleted mailbox or deleted item from a hidden container in Exchange and put it back to its original location.

Do you want to do hours of work or seconds of work? Not a tough choice.

Deleted mailbox retention

When you delete a user from Active Directory, or remove the user's Exchange attributes by deleting a user's mailbox, Exchange does not immediately wipe the mailbox from the store. Instead, it retains the mailbox intact for a period of time to give you a chance to either change your mind or to assign the mailbox to another user.

Each mailbox store has a setting that determines the deleted mailbox retention interval. By default, Exchange sets a 30 day interval. You can change the interval using the Limits page of the Properties window for a mailbox store, as shown in Figure 5.63. You can also set a System Policy to manage the retention interval for all mailbox stores in an Administrative Group.


Figure 5.63 Mailbox Store Properties window showing default item and mailbox retention interval. (Click on image for enlarged view.)

Deleted user identification in ESM

Exchange periodically monitors the status of Active Directory users to make sure they still have links to their mailboxes. The Mailbox Cleanup Agent does this work.

You can manually initiate a Mailbox Cleanup Agent session from ESM. Right-click the Mailboxes icon under a mailbox store and select Run Cleanup Agent from the flyout menu, as shown in Figure 5.64.


Figure 5.64 Manually initiating Cleanup Agent using Mailbox Store property menu. (Click on image for enlarged view.)

If the Mailbox Cleanup Agent determines that a mailbox no longer has an owner, it flags the mailbox in ESM with a big X next to the original owner's name.

You might also notice that the "Last Logged On By" entry for the mailbox shows a bare SID, indicating that the system cannot resolve the SID to a friendly name because the user account has been removed from Active Directory.

Recovering the deleted mailbox

Once the Mailbox Cleanup Agent has flagged a mailbox as having no link to a User object, you can then link the mailbox to another user who does not have a mailbox.

You must see a red X on the mailbox in ESM before you can relink the mailbox. If you delete a user but you do not see a red X, manually initiate the Mailbox Cleanup agent for the mailbox store. You might need to wait a few minutes and refresh the console before the red X appears.

Right-click the mailbox in ESM and select Reconnect from the flyout menu. Use the object picker to select a new account for the mailbox. Exchange updated the Active Directory account, and the mailbox and ESM shows the selected user as the new owner after you refresh the console. The process takes only a few seconds.

You must have Exchange Full Administrator privileges to link a mailbox to another user. This gives your account permission to scan the Deleted Objects container looking for the original user. If someone with simple Exchange Administrator permissions attempts to reconnect a mailbox, the system refuses to comply and displays an error saying that the administrator does not have the rights to complete the operation.

Deleted item retention

Now let's deal with the users who accidentally delete a message, calendar appointment, or task item from their mailbox. Ordinarily, Outlook simply moves deleted items to the Deleted Items folder where the user can drag them back.

Things get a bit more complicated if the user empties the Deleted Items folder. You might get a panicked call when the user discovers that an important message got purged.

Exchange comes to the rescue in these situations by not actually deleting items when the user empties the Deleted Items container. Instead, Exchange gives the items a special mark that flags them as purged so that they do not display in Outlook or an Internet client. The messages remain available for recovery for a period of time -- seven days by default -- and you can do the recovery in Outlook and OWA.

Recovering purged items from the Deleted Items folder

You can walk a user through this process. Have the user highlight the Deleted Items container and then select Tools -> Recover Deleted Items from the flyout menu, as shown in Figure 5.65.


Figure 5.65 Outlook menu option showing deleted item recovery option for Deleted Items folder. (Click on image for enlarged view.)

This opens a Recover Deleted Items From -- Deleted Items window, as shown in Figure 5.66.


Figure 5.66 Recover Deleted Items From window showing items still marked for retention at Exchange server. (Click on image for enlarged view.)

Highlight the item you want to recover and click the Recover Selected Items menu. This moves the item back into the Deleted Items folder where the user can then drag the item into another folder.

Deleted items obey the same single instance storage rules as any other item in the Exchange Store. If a message gets sent to 20 recipients who share the same mailbox store, only one copy of the item actually resides in the store, whether or not the item has been flagged for purging. This means you can increase the interval from seven days without getting a tremendous increase in the size of the Exchange store.

Recovering from "hard" deletes

Ordinarily, deleted items pass through the Deleted Items folder on the way to oblivion, so recovering purged items from Deleted Items makes sense in most cases. Here are some exceptions:

  • The user presses Shift+Del to delete the item.

  • A POP3 user deletes a message, or an IMAP4 user purges a message without first deleting it.

  • An offline user deletes an item and then purges the Deleted Items folder before syncing with Exchange.

Microsoft calls these "hard" deletes because they don't pass through the Deleted Items folder. As it turns out, though, Exchange treats hard deletes just like any other deleted item. It simply flags the item as purged and retains it for the duration of the Deleted Item Retention period, seven days by default.

If you want to recover hard deleted items, set a Registry entry that allows Outlook to expose the Recover Deleted Items window from any folder, not just the Deleted Items folder: 

Key: HKLM | SOFTWARE | Microsoft | Exchange | Client | Options
Value: DumpsterAlwaysOn
Data: 1 (DWORD)

Ordinarily, it's not a good idea to let the users believe that a "hard" delete truly lasts forever because they might recover a virus-laden message that they originally deleted using Shift+Del.


15 tips in 15 minutes: Managing recipients and distribution lists

 Home: Introduction
 Tip 1: Exchange security groups
 Tip 2: Group membership expansion
 Tip 3: Managing Exchange group email properties
 Tip 4: Exchange 2003 Query-Based Distribution Groups
 Tip 5: DSAccess for Exchange
 Tip 6: DSProxy for Exchange
 Tip 7: Managing Exchange recipient policies
 Tip 8: Exchange Recipient Update Service and proxy addresses
 Tip 9: Restricting mail storage on an Exchange server
 Tip 10: The Exchange server mailbox management service
 Tip 11: Blocking a user's email access
 Tip 12: Accessing another user's mailbox in Outlook
 Tip 13: Exchange mail retention
 Tip 14: Managing recipients with system policies
 Tip 15: Managing recipients with Global Settings

This chapter excerpt from Learning Exchange Server 2003 by William Boswell is printed with permission from Addison-Wesley Professional, Copyright 2004. Click here for the chapter download or to purchase the book.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top