One of the more obscure parts of Exchange Server is the Dumpster. This allows the recovery of one or more deleted emails, in much the same way as the recycle bin in Windows, even if the user has purged them. Although it is seen as an alternative to backup, or as a means to document retention, it really provides a separate function, undoing an accidental deletion. Elie Bou Issa explains how to configure deleted retention items and how to recover a purged item.
One of the daily tasks for an Exchange administrator is typically to recover deleted email. The recovery process used to be different depending on how the item was deleted. If the item is soft deleted or hard deleted, that would be an easy task to accomplish as long as the item is within the deleted item retention period. If the item is expired, the administrator would need to recover the item by restoring the appropriate backup.
In this article, we will discuss the Dumpster architecture, check how to configure single item recovery and show the needed steps to recover an item in Exchange 2010.
In Exchange 2003, the dumpster was simply a view which displayed the soft deleted and hard deleted items.
Users working on Microsoft Outlook 97 were limited to recovering soft deleted items for mail folders. Other folders would require at least Microsoft Outlook 2000. It was possible to recover hard deleted items as well but would require inserting in the registry, under the following path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\ a DWORD key DumpsterAlwaysOn and setting the value data to 1.
This would allow the Recover Deleted Items folder to appear on any selected folder from Microsoft Outlook.
In Outlook Web Access, you could only easily view soft deleted items. A workaround to restore hard deleted items through OWA was to manually locate the folder and enter the required URL. The URL would look like:
where folder is referring to the folder name the item was deleted from.
Exchange 2007 didn’t change much in the dumpster architecture. An improvement to the Outlook Web Access came with the release of the Exchange 2007 service pack 1 which allows the view of the Recover Deleted Items for all folders.
On the other hand, Microsoft Outlook 2007 will automatically provide the “Recover Deleted Items” functionality in mail folders
Taking a close look at the new architecture of the dumpster, we find that unlike previous versions, the dumpster in Exchange 2010 is displayed as a folder named Recoverable Items.
The new design gives the Recoverable Items folder the following benefits:
- All items in the folder are indexed and can be searched using the Mailbox search feature from OWA or through discovery cmdlets.
- Quota management for better security and size management.
- All items in the folder can be moved through move requests.
- The recoverable items folder has three sub-folders:
- Deletions folder holds the items that have been soft deleted or hard deleted. Items residing in this folder are visible to the user through the “Recover Deleted Items” features in Microsoft Outlook or OWA. This folder architecture is mainly inherited from the previous version of dumpster; major changes remain in the creation of the versions and purges folder.
- Versions folder holds the original and modified copy of an item. Different versions of a specific item can be found in this folder. This folder is hidden and not visible to the end user.
- Purges folder holds the items that have been purged by the user. Items are removed from this folder when the retention period for the mailbox is exceeded. This folder is hidden and not visible to the end user.
When performing a search against a mailbox, the Recoverable Items folder and the three sub-folders will be visable from the Discovery Search Mailbox as shown in the figure below:
To view the folders through the Management Shell, run Get-MailboxFolderStatistics cmdlet as shown below:
Configuring Item Recovery
In previous versions of Exchange, Deleted Item retention is configured either on the mailbox database level (or the Information Store in Exchange 2003) or on the Mailbox level.
By default, the retention period is set to 7 days in Exchange 2003 and to 14 days in Exchange 2007/2010. These values can be changed either through the Management Console or the Management Shell.
To change the default deleted item retention through EMC, go to Mailbox under Recipient Configuration, highlight the user mailbox, and click on Properties. Go to Mailbox Settings, highlight Storage Quotas and click on Properties.
Uncheck the Use Mailbox database defaults and modify the number of days.
To perform the same operation in the Management Shell, run the below cmdlet:
Set-mailbox Mailbox –RetainDeletedItemsFor NbOfDays.00:00:00 –UseDatabaseRetentionDefaults $false
Note: An item will be un-recoverable if the retention period exceeds the defined retention period and if the “do not permanently delete items until you back up the database” is not set.
In Exchange 2010, additional settings were added that allow setting limits for the Recoverable Items folder.
Because the Dumpster quota is not related to the Mailbox quota, this feature will help limit the folder size for users with extended retention time.
Two mechanisms can be used to configure Single Item Recovery in Exchange 2010:
- Time limited safeguarding of data where the items are stored in the Recoverable Items folder based on a predefined retention period. In this case, the retention period is set as described in Figure 1.2 (or the mailbox database defaults will apply if a specific value is not set for the mailbox).
- Unlimited safeguarding of data - which is called legal hold - where Items in the recovery folder will never be purged. Retention period and quota limitation set on a “litigation hold” mailbox will be ignored. This would ensure that deleted mailbox items and record changes won’t be purged.
This feature can be enabled for users working with sensitive and confidential data and where the organization policy would require never deleting any item or allowing the end user to do so. A drawback of this is the increase in mailbox size which could result in performance issues related to mailbox searches.
To set a mailbox on a litigation hold, execute the below cmdlet:
Set-Mailbox EmailAccount – LitigationHoldEnabled $true
In both mechanisms, Single Item Recovery must be enabled. This must be performed using the Exchange Management Shell.
To enable Single Item Recovery for a mailbox, run the cmdlet shown in Figure 1.3
If you are running with a single site with no AD replication than the above warning can be ignored; otherwise single item recovery can take up to 60 minutes depending on Active Directory replication in your environment
To check if a mailbox has Single Item Recovery enabled, run the below cmdlet:
Dumpster v1.0 is still applicable in Exchange 2010, and enabling Single Item Recovery will fire the dumpster v2.0 functionality.
Recoverable Items folder limit:
The mailbox is not configured with any values; hence the mailbox database limit will be applied. Size limits can be changed through Management Shell as below:
If the value set for the RecoverableItemsWarningQuota is exceeded, a warning event is entered in the event viewer.
The values for the recoverable items quotas are stored in Active Directory and can be seen in ADSIEDIT under the user properties. The values are:
Recovering single item:
As in Exchange 2007, the end user has the option to recover a single item if it was soft deleted or hard deleted. That can be achieved from the end user’s Outlook as shown in the below figure:
However, if an item is purged by the user, that item can still be recovered if Single Item Recovery has been properly configured on the users’ mailbox.
To perform a recovery for a specific item from the Purges folder, the below steps need to be followed:
- Locate and extract the targeted item to the Discovery Mailbox:
- Open the Exchange Control Panel, select Reporting and click on Mailbox Searches
- Click on New to create a new search
- Fill in criteria as it will help you narrow your search and make it simpler
- Under Keywords, write any keyword that can be included in the item you want to search
- Under Messages To and From Specific E-mail Addresses, add the email address the message was sent to.
- Under Mailboxes to Search, select All Mailboxes
- Under Search Name and Storage Location, type the name of your search, and browse to select the Discovery Search Mailbox
In order to perform a mailbox search, the user performing this task must be a member of the Discovery Management role.
- Browse to the Discovery Mailbox to validate the item to be recovered:
Note: In order to proceed with this step, you need to have access to the Discovery mailbox
- From the Exchange control panel, click to open other mailbox
- In the select mailbox area, type Discovery Mailbox, and click to open
- As you can see in the figure 1.8, the item to be recovered has been expanded to the Discovery mailbox inbox and specifically, to a folder holding the user’s mailbox name, followed by a folder named Primary Mailbox as the item exist in the Primary Mailbox of the user.
As you notice in Figure 1.8, only Purges folder is appearing from the Recoverable Items folder; which means that the item is in its original state and doesn’t have versions.
Single Item Recovery is applicable on Personal Archive and when leveraging a search against an item purged by user, the recovery folders will look as the below figure:
It is worth mentioning that the archive mailbox is considered a second mailbox integrated with the primary mailbox, hence it has a separate “Recoverable Items” folder.
Now that we have validated the item to recover, we can either forward the item to the specific recipient or run an export mailbox cmdlet.
- Export the recovered item:
- You can drag and drop the recovered item into a higher level folder in order to make the export cmdlet shorter.
- The item is dragged to the Recovered folder.
- Run the below cmdlet to export the item to the user’s mailbox:
Export-Mailbox –Identity “Discovery Search Mailbox” –IncludeFolders \Recovered –TargetMailbox Elie –TargetFolder targetedfolder
Single Item Recovery covers many aspects. From the compliance perspective, single item recovery guarantees that no item can be deleted or completely removed from the end user’s side. From a security perspective, Single Item Recovery increase data security and data protection from any misuse of data. Operation wise, single item recovery will lower the effort and time spent on backup from the exchange administrator and will facilitates the restore or recovery of a single or multiple items.
In this article, we looked at the dumpster architecture in Exchange 2003 and its subsequent versions. Then, we spoke on how to configure deleted retention items and finally, we’ve showed the required steps to recover a purged item.
A question to consider is whether Single Item Recovery in an organization can be a replacement for the Exchange backup.
The Exchange team came up with a small formula where they calculate the needed quota per mailbox for a single item recovery enabled mailbox. The result appeared to be an addition of 350MB for an approximate user who send/receive around 100 emails per regular working day and for the period of three months. Definitely, the proper size will differ based on the organization backup policy and the retention period for the backup. That might not be a good backup solution for organization that retain offsite backup.
Finally, it is worth trying Single Item Recovery even if you are highly satisfied with your current Exchange backup. You can still enable this feature for selective mailboxes.