Exchange Server 2010 : Backup and Recover Exchange Data (part 4) - Recovering Single Items & Using Exchange Native Data Protection

5. Recovering Single Items

Exchange Server 2010 introduces single item recovery functionality and the Recoverable Items folder, which was formerly known as the dumpster in Exchange 2007. The same name is used in some Technet articles about Exchange Server 2010, but the correct name is the Recoverable Items folder.

Single item recovery functionality helps you ensure that deleted and modified items are preserved and that deleted and modified items can be recovered easily in compliance cases. Single item recovery helps you reduce the risks associated with email and other communications and makes it easier to keep what you need to comply with company policy, government regulations, or legal needs.

Single item recovery provides the following features:

• The Recoverable Items folder is given a quota to help prevent potential denial-of-service attacks during which a malicious user places large amounts of data in this folder.

• All items in a user’s Recoverable Items folder are indexed and searchable using the discovery cmdlets .

• All items in the Recoverable Items folder are moved when a move request is implemented.

In Exchange Server 2010, items are retained when the single item recovery feature is enabled for a mailbox, even if end users purge these items from their Recoverable Items folders. The Recoverable Items folder contains the following subfolders (note that items placed in these folders do not count toward the mailbox quota):

• Purges All items that the user hard-deletes are moved to this folder whenever either legal hold or single item recovery is enabled. This folder is invisible to the end user.

• Deletions All items that the user soft-deletes from the Deleted Items folder within the user mailbox are moved to this folder, which is exposed when a user accesses the Recover Deleted Items feature in Microsoft Outlook.

• Versions Original and modified copies of an item are placed in this folder when either legal hold or single item recovery is enabled. This folder is invisible to the end user.

Although the Purges and Versions subfolders of the Recoverable Items folder are inaccessible to the end user, they can be accessed by an administrator or a user who is a member of the Discovery Management role group and carries out a multi-mailbox or a discovery search.

Whether single item recovery is disabled or enabled, Messaging Policy and Compliance automatically purges items from the Recoverable Items folder after 14 days by default—except for calendar items that are purged after 120 days. Also, soft-deleted items are stored in the Recoverable Items folder whether single item recovery is disabled or enabled.

If single item recovery is enabled, modified and stored hard-deleted items are stored in the Recoverable Items folder, and the user cannot purge items from this folder. If, on the other hand, single item recovery is disabled, modified and stored hard-deleted items are not stored in the Recoverable Items folder, and the user can purge items from this folder.

When an item is moved to the Recoverable Items folder, the size of the item is subtracted from the parent mailbox quota and added to the size of the Recoverable Items folder. The Recoverable Items folder has a configurable soft limit default of 20 GB and a hard limit default of 30 GB. You are notified via an event log and a Microsoft System Center Operations Manager alert when the Recoverable Items folder reaches its soft and hard limit defaults. This alert fires when the soft and hard limit defaults are reached and then once every day after that. Note that when legal hold is enabled, records management purging of recoverable items stops.

5.2. Configuring Single Item Recovery

You can use commands based on the Set-Mailbox EMS cmdlet to configure single item recovery settings on a mailbox and commands based on the Set-MailboxDatabase EMS cmdlet to configure single item recovery settings on a mailbox database. Note that these values are ignored when legal hold  is enabled.

For example, the following command sets the Recovery Items folder quota limit at which a warning event is entered in Event Viewer to 10 GB for the Don Hall Mailbox:

Set-Mailbox -Identity "Don Hall" -RecoverableItemsWarningQuota 10GB

The following EMS command sets the hard limit for the Recovery Items folder in the Don Hall Mailbox to 20 GB:

Set-Mailbox -Identity "Don Hall" -RecoverableItemsQuota 20GB

The following EMS command sets the hard limit quota for the Recovery Items folder for all mailboxes that reside on the Research mailbox database to 25 GB:

Set-MailboxDatabase -Identity Research -RecoverableItemsQuota 25GB

Note that if you want to set Recovery Items folder quotas at a database level rather than the quotas that are set at the mailbox level, you need to use the Set-Mailbox EMS cmdlet to set the UseDatabaseQuotaDefaults parameter to $true on the user’s mailbox.

5.3. Configuring the Deleted Item Retention Period

Deleted items such as email messages can be retrieved by the user during a configurable deleted item retention period, by default 14 days (120 days for calendar items), after which they need to be restored from backup. Note that the deleted item retention period is not the same as the deleted mailbox retention period. If, for example, you wanted to change the deleted item retention period to seven days for all mailboxes in the database Mailbox Database 1514648952, you would enter the following EMS command:

Set-MailboxDatabase -Identity "Mailbox Database 1514648952" -DeletedItemRetention
7.00:00:00

					  

6. Using Exchange Native Data Protection

Exchange Server 2010 includes several new features that can provide native data protection and eliminates the need to restore data from backup. By combining these features with other built-in features, such as legal hold, you can reduce your Exchange organization’s dependency on traditional point-in-time backups. Depending on organizational requirements, it is likely that an Exchange Server 2010 environment with at least three mailbox database copies can provide lower total cost of ownership than an organization that depends on backups for disaster recovery.

6.1. Native Data Protection Features

In the event of a hardware or software failure, multiple database copies in a DAG enable high availability with fast failover and no data loss. This eliminates end-user downtime, which represents a significant cost when recovering from a past point-in-time backup to disk or tape. DAGs can be extended to multiple sites and can provide resilience against failures in large organizations.

The Recoverable Items folder introduced in Exchange 2010 and the hold policy that can be applied to it makes it possible to retain all deleted and modified data for a specified period of time, and recovery of these items is easier and faster. This enables end users to recover accidentally deleted items themselves, thereby reducing the administrative costs associated with single item recovery.

The archiving, multi-mailbox search, and message retention features introduced by Exchange Server 2010 can efficiently preserve data in a manner that makes it accessible to the end user for extended periods of time. This eliminates expensive restores from tape or optical media and enables clients such as Microsoft Outlook and OWA access to older data.

Point-in-time copies of mailbox data may be one of your organizational requirements. Exchange Server 2010 lets you create a lagged copy in a DAG environment. This can be useful if logical corruption occurs and this replicates across the databases in the DAG, resulting in a need to return to a previous point in time. Lagged copies can also be useful if an administrator accidentally deletes mailboxes or user data. Recovery from a lagged copy can be faster than restoring from a backup because lagged copies do not require a copy process from the backup server to the Exchange server.

6.2. Log Truncation without Backups

At the end of a successful full or incremental backup, Exchange truncates those transaction log files that are no longer needed for database recovery. If full or incremental backups are not taken, log truncation does not occur. You can enable circular logging for your replicated databases to prevent a buildup of log files. If you combine circular logging with continuous replication, this creates a type of circular logging called continuous replication circular logging (CRCL), which differs from Extensible Storage Engine (ESE) circular logging. ESE circular logging is performed and managed by the Microsoft Exchange Information Store service, whereas CRCL is performed and managed by the Microsoft Exchange Replication Service.

ESE circular logging does not generate additional log files and instead overwrites the current log file when needed. However, in a continuous replication environment, log files are needed for log shipping and replay. As a result, when you enable CRCL, the current log file is not overwritten, and closed log files are generated for the log shipping and replay process. The Microsoft Exchange Replication Service manages CRCL so that log continuity is maintained, and logs are not deleted if they are still needed for replication.