For updates on
product information, subscribe
to our email newsletter.

Prevention and Procedures

This paper explains the procedures for restoring a single mailbox. The procedures for disaster recovery of an entire Exchange server are explained in detail in the UltraBac Manual and on Microsoft’s Web site.

Disclaimer:
The information contained in this document represents the current view of BEI Corporation on the issues discussed. BEI cannot guarantee the accuracy of any information presented in this document.

This document is for informational purposes only.
BEI MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS DOCUMENT.

Prevention
Before getting into the steps needed for a single mailbox restore, please take note that there are ways to avoid this process most of the time. First of all, make sure that as much information as possible is kept on the Exchange Server. If disk space is an issue, ensure that any information kept in .pst files is backed up using the file-by-file backup procedures. A consideration may be to store all .pst files on another server in the user’s directory. Sometimes .pst files can create additional problems as well. They are difficult to manage. If a user has a password on this file and forgets the password, recovery is impossible. If the .pst file is in use by Exchange or Outlook clients when a file-by-file backup attempt occurs, the .pst file is skipped because Outlook and Exchange clients exclusively lock this file when in use. If disk space is not limited on the Exchange Server, then keeping data here may be the best solution.

Another potential loss of data may be with the Auto Archive function. Auto archiving is simply the movement of mail messages from the server to a .pst file or from one .pst file to another. If Auto Archive is enabled then data is moved on a regular basis to a .pst file. Much like the above scenario, it is important that this data be stored in a place where it can be backed up. It may be a good idea to put all .pst files on NTFS and have no password on the .pst files but simply restrict access to that user. Remember that forgotten .pst passwords make recovery impossible.

If a user has the option ‘Empty the deleted items folder upon exiting’ enabled and the user accidentally deletes a message and exits Outlook, then the message is permanently lost unless you have the mailbox on Microsoft Exchange Server 5.5 (or greater) and have the Item Recovery option turned on. Make sure ‘Empty the deleted items folder upon exiting’ is not enabled. Auto archiving can be used to move or delete items in this folder that are over NN days old. Using auto archiving to move items in the "Deleted Items" folder to a .pst file is much safer than permanently deleting items on exit. It is much too easy to hit the X in the top-right portion of the screen and say "oops" as soon as you do it. If you have Exchange Server 5.5 there is additional functionality that will preserve items for NN days after someone permanently deletes items from their "Deleted Items" folder. In this scenario, when a user deletes an item from their "Deleted Items" folder, the item is moved to a hidden subfolder. This subfolder holds the messages for NN days as set by the Exchange Administrator. This protects against accidental deletions and helps eliminate the need to restore a single mailbox.

To preserve items for NN days, start Exchange Administrator and select "Private Information Store," then select "File\Properties." Select the "General" tab to access these settings.

You can apply the same settings for the private information store as for the public information store.

How is this information restored? Outlook v8.03 or greater is required for this. If v8.03 or greater is deployed within your corporation, then each individual user can initiate recovery without intervention from the administrator. Simply click on the "Deleted items" folder in Outlook and select "Tools \ Recover Deleted Items."

If you have not deployed Outlook v8.03 or greater then this option will not be available to individual users. This does not mean that information can’t be recovered. It just means that an administrator must have a copy of Outlook v8.03 or greater available. To restore the information, the administrator must then have user access or permissions access to the user’s mailbox. Then the administrator must create a profile for that user’s mailbox and follow the procedures above. For more information of how to assign access to individual mailboxes and/or create profiles see Microsoft Exchange Administrator Help or Outlook Help files.

Keep in mind that if a mailbox is deleted from within Exchange Administrator, then there is no way to avoid doing a single mailbox restore. It is good practice not to immediately delete a mailbox when an employee leaves the company. Instead, edit the mailbox by modifying the email address, removing the mailbox from distribution lists and rejecting all incoming messages. Then hide the entry from the address book. Set a date (30-60 days) to delete the mailbox. There may be times when an employee may decide to come back after leaving a short amount of time (contract work, etc.); if an employee decides comes back, all you have to do as an administrator is go back and modify the user’s mailbox.

A note on email privacy:
Many users assume that their email address is their private property. Email addresses actually belong to the company and many emails may need to be read by whoever assumes the responsibilities of the original employee.

Single Mailbox/Email Restore
If you haven’t read the above section on prevention, now would be a good time to do so.

Unfortunately, there are times when we need to restore a single mailbox on Exchange Server. This section addresses what you need to have in place to do such a restore. It also addresses the step-by-step process involved in completing a single mailbox restore successfully.

Minimum Requirements:
A separate non-production server with Microsoft Exchange Server installed.
1. Must be same Exchange and OS versions, and same service packs (OS and Exchange) as the machine on which the backup was performed. Basically, get the restore machine to be as close to the production machine as possible.
2. Permanently disable circular logging on all Exchange servers. Do this for the public and private information store. This should be done before the backups originally take place. If you upgrade Exchange Server, circular logging may be automatically turned back on. After each upgrade re-check these settings.
3. Available Disk space on the non-production server after all installs are complete must meet or exceed twice the sum of the size of the Public Information Store (Public Folders - \exchsrvr\mdbdata\pub.edb) and the Private Information Store (Personal Folders - \exchsrvr\mdbdata\priv.edb) on your largest Exchange production server.
4. Site and organization name must match the production server.

Why are you required to have a separate server? The information store is really two database files. One is the Public Information Store (Public Folders - \exchsrvr\mdbdata\pub.edb) and the other is the Private Information Store (Personal Folders - \exchsrvr\mdbdata\priv.edb). If you restored to the same server, those files would get overwritten. This IS what you want to happen during a disaster recovery of Exchange where ALL of the information is lost, but this is NOT what you want to take place for a single mailbox restore. So you have to perform the restore to a non-production server.

Once the server is set up, the actual restore comes next. Start UltraBac, go into "Mode\Restore" and load the index of the Exchange backup you wish to restore. Select ONLY the Information Store (you can’t restore a directory store to any machine other than itself) and click "Perform Restore."

Select "Yes" to "Delete Existing Logs," and "Yes" to "Restart Services."
Make SURE you select "Restore Information Store to Alternate Server" and type in the name of the non-production server you wish to restore the information store to.

WARNING.
The restore target defaults to the server where the backup was originated. Failure to type in the name of the non-production server in this space will result in the information store being restored to the server in which it was backed up from EVEN if you are running UltraBac from the non-production server.

If the storage media is password protected, enter the password.

Click "Restore."

Once the restore is complete, ensure that the services have restarted. If the services won’t restart it may be necessary to run the \exchsrvr\bin\isinteg –patch command from the command prompt.

If the Information Store still fails to start, please read the section on "Trouble-shooting Information Store Startup Problems" of the "Microsoft Exchange Disaster Recovery – Part I." This document is currently located at http://www.microsoft.com/exchange under ‘Deployment and Support’ and ‘Planning and Development.’ It is currently titled ‘Exchange Backup and Restore White Paper.’

Once the services have restarted, open Outlook or Exchange Client and create a new profile for the user’s mailbox on the non-production server.

Create a Personal Storage File (.pst) and copy the messages from the non-production server to the .pst file you have created. Then create another profile for the user’s production mailbox and copy the messages back to the user’s folder. For more information about creating user profiles in Outlook, please see the Outlook Help file. For more information about attaining access permissions on a user mailbox, please see the Microsoft Exchange Administrator Help guide.

David Thomas is Technical Support Manager at BEI Corporation.  He also contributes in the areas of Web Development, Network Administration, and Software Testing.