WinDeveloper O365 Mailer FREE for 1 Year

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Exchange Server 2010 Native Data Protection - Part 2

Vladimir Meloski [MCSE, MCITP, MCT, MVP]

Vladimir Meloski [MCSE, MCITP, MCT, MVP] Photo

Vladimir Meloski is a Microsoft Certified Trainer and Most Valuable Professional on Exchange Server. He is a consultant, providing unified communications and infrastructure solutions based on Exchange Server and System Center. Vladimir has been involved in Microsoft Conferences in Europe and US as a Speaker, Proctor for Hands on Labs and Expert.

Cast your Vote
Poor Excellent

Email Item Retention does not allow for the recovery of items deleted from the Recoverable Items folder. Today we see how this issue is addressed using the new Exchange 2010 Single Item Recovery functionality.

In Exchange Server 2010 Native Data Protection - Part 1 we discussed Email Item Retention. This feature allows us to recover items as long as these are not deleted from the Recoverable Items folder. Once removed, the user is no longer able to access deleted items.

On top of that Exchange 2010 provides us with another layer of protection known as Single Item Recovery. If enabled, and the appropriate permissions are assigned, we have another opportunity for restoring deleted items.

Single item recovery is enabled using the Exchange Management Shell cmdlet:
Set-Mailbox -Identity "Vladimir Meloski" -SingleItemRecoveryEnabled $True

Note: This feature cannot be enabled from the Exchange Management Console.

Next assume we deleted an email item from our mailbox, deleted the same item from the Deleted Items folder, and also deleted the item from the Recoverable Items folder, as shown below:

Deleting from Recoverable Items folder

As from now the user is no longer able to access the item. In order to restore it, first we should perform a multi-mailbox search. We do this from the Exchange Management Shell, or the OWA Exchange Control Panel but not the Exchange Management Console.

Discovery Management Role Group

In order to perform the search, we need appropriate permissions. These permissions are assigned by adding our user account to the Discovery Management role group. By default, no user has these permissions, which means that users and administrators do not have permissions to search other user's mailboxes. Therefore we will create a new user account named RestoreUser.

Permissions can be assigned from the Exchange Control Panel ECP or the Exchange Management Shell. We will first show how to assign the permissions using the ECP.

  1. At the Exchange Management Console expand Toolbox, and double-click Role Based Access Control (RBAC) User Editor to open the ECP.

    Open Exchange Control Panel

  2. Log on using an account having permissions to open the RBAC User Editor, such as Administrator.

  3. Click on Administrator Roles, then double-click the Discovery Management role group, as shown:

    Administrative Roles

  4. Next we will add the RestoreUser we created previously as a member:

    Add Role Member

Alternatively the permissions could be assigned using the Exchange Management Shell cmdlet:
Add-RoleGroupMember "Discovery Management" -Member RestoreUser

Copyright © 2005 - 2024 All rights reserved. is not affiliated with Microsoft Corporation