Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Exchange Server 2010 Native Data Protection - Part 2

Vladimir Meloski [MCSE, MCITP, MCT, MVP]

Vladimir Meloski [MCSE, MCITP, MCT, MVP] Photo

Vladimir Meloski is a Microsoft Certified Trainer and Most Valuable Professional on Exchange Server. He is a consultant, providing unified communications and infrastructure solutions based on Exchange Server and System Center. Vladimir has been involved in Microsoft Conferences in Europe and US as a Speaker, Proctor for Hands on Labs and Expert.

Cast your Vote
Poor Excellent

Email Item Retention does not allow for the recovery of items deleted from the Recoverable Items folder. Today we see how this issue is addressed using the new Exchange 2010 Single Item Recovery functionality.

In Exchange Server 2010 Native Data Protection - Part 1 we discussed Email Item Retention. This feature allows us to recover items as long as these are not deleted from the Recoverable Items folder. Once removed, the user is no longer able to access deleted items.

On top of that Exchange 2010 provides us with another layer of protection known as Single Item Recovery. If enabled, and the appropriate permissions are assigned, we have another opportunity for restoring deleted items.

Single item recovery is enabled using the Exchange Management Shell cmdlet:
Set-Mailbox -Identity "Vladimir Meloski" -SingleItemRecoveryEnabled $True

Note: This feature cannot be enabled from the Exchange Management Console.

Next assume we deleted an email item from our mailbox, deleted the same item from the Deleted Items folder, and also deleted the item from the Recoverable Items folder, as shown below:

Deleting from Recoverable Items folder

As from now the user is no longer able to access the item. In order to restore it, first we should perform a multi-mailbox search. We do this from the Exchange Management Shell, or the OWA Exchange Control Panel but not the Exchange Management Console.

Discovery Management Role Group

In order to perform the search, we need appropriate permissions. These permissions are assigned by adding our user account to the Discovery Management role group. By default, no user has these permissions, which means that users and administrators do not have permissions to search other user's mailboxes. Therefore we will create a new user account named RestoreUser.

Permissions can be assigned from the Exchange Control Panel ECP or the Exchange Management Shell. We will first show how to assign the permissions using the ECP.

  1. At the Exchange Management Console expand Toolbox, and double-click Role Based Access Control (RBAC) User Editor to open the ECP.

    Open Exchange Control Panel

  2. Log on using an account having permissions to open the RBAC User Editor, such as Administrator.

  3. Click on Administrator Roles, then double-click the Discovery Management role group, as shown:

    Administrative Roles

  4. Next we will add the RestoreUser we created previously as a member:

    Add Role Member

Alternatively the permissions could be assigned using the Exchange Management Shell cmdlet:
Add-RoleGroupMember "Discovery Management" -Member RestoreUser

Restoring an email item using Single Item Recovery

Once RestoreUser has the appropriate permissions, we can proceed with searching the mailbox and recover the item of interest. This can be performed using both ECP and Exchange Management Shell.

In this procedure, the mailbox being searched is referred to as the Source Mailbox. The mailbox where items are restored is the Target Mailbox. The search process requires that we enter a Search Criteria needed to identify the item to be restored.

First we will see how to search and recover through the ECP interface, where we will be logged as RestoreUser. At the ECP select Mail Control, then click on New in order to open the New Mailbox Search window:

New Mailbox Search

In the New Mailbox Search window, we can choose from different search criteria. In our example, we will enter the sender "IT Manager", and the mailbox that will be searched, "Vladimir Meloski".

Mailbox Search Criteria

In the same window we should specify a search name, for example "Deleted message from IT Manager", as well as the destination mailbox, by default the Discovery Search Mailbox. It is also recommended to select the option 'Send me an e-mail when the search is done', since the search might take long. The lower part of the same window is shown in the picture below:

More Mailbox Search Options

Once the search is completed successfully, the following window will be displayed, which will contain the search name, the search status, as well as number and size of items discovered.

Search Results

We can open the message that is discovered, by clicking open, which will redirect us to a new window, opening the Discovery Search Mailbox in OWA, as shown:

Open Item to Recover

Finally we have recovered the message, located at the target mailbox, which by default is the Discovery Search Mailbox.

We can also search for the message using the Exchange Management Shell:
Search-Mailbox "Vladimir Meloski" -SearchQuery "from:'IT Manager'" -TargetMailbox "Discovery Search Mailbox" -TargetFolder "Deleted message from IT Manager" -LogLevel Full

Restoring the deleted item can be performed using the cmdlet:
Search-Mailbox "Discovery Search Mailbox" -SearchQuery "from:'IT Manager'" -TargetMailbox "Vladimir Meloski" -TargetFolder "Recovered Items" -LogLevel Full

Note: In order to run the Search-Mailbox cmdlet, the user must have the Mailbox Import Export role assigned. This role assignment can be performed from the Exchange Control Panel or Exchange Management Shell.

Once we complete this cmdlet, the mailbox content of the user will have the deleted item restored, as shown in the picture that follows:

Recovered Email using Search-Mailbox


Single Item Recovery enables us to protect email items from accidental or intentional deletion. In this article we recovered an item without using any backup. In addition depending on the scenario, restore time using Exchange Native Data Protection is considerably shorter comparing to traditional backup and restore procedures.

Copyright © 2005 - 2024 All rights reserved. is not affiliated with Microsoft Corporation