Exchange Server 2013: Configuring Single Item Recovery
Overview
Single Item Recovery adds another layer of protection for messages, protecting against accidental or malicious deletion of messages. This feature also protects against changes of items, saving the original message before applying the changes.
With this feature enabled on the mailbox, the administrators can restore messages directly from the mailbox database without restore backup.
The Single Item Recovery uses the structure of Recoverable Items folder on user mailbox to store delete or alter messages. The* Recoverable Items folder* is a non-IPM store structure locate in each mailbox, this store structure contains operations information about mailbox as well as logs about mailbox auditing and is not displayed in Outlook, Outlook Web App or any other mail client.
As Recovery Items folders store is hosted on each mailbox when the mailbox is moved from one database to another all content of Single Item Recovery is preserved. This architecture also helps Exchange Server track changes to items carry by the users.
All deleted items are retained in Recovery Items folders for the retention period, 14 days by default. After this time the item is permanently removed from the database.
Enable Single Item Recovery
This feature is enabled per mailbox, to activate this function it must use the cmdlet Set-Mailbox.
This cmdlet bellow enables Single Item Recovery for User05
Set-Mailbox User05 -SingleItemRecoveryEnabled $true
Recover Message
To restore messages is only possible for organization administrator is not possible for the users restore items from Single Item Recovery store.
To restore deleted items is necessary to use Search-Mailbox cmdlet, but before running this command you need to grant permission for users to perform searches in all users mailboxes of an organization.
The user who will conduct the search must be a member of Discovery Management group*.* Access the Active Directory Users and Computers, in Microsoft Exchange Security Groups OU locate the Discovery Management group and add the user whom will perform the search.
You will need to close the Management Shell for the new permission to apply.
To perform a search on User01 mailbox looking for a deleted message send by User02 run cmdlet
Search-Mailbox User01 -SearchQuery "from:'User02'" -TargetMailbox "Discovery Search Mailbox" -TargetFolder "User01 Recovery" -LogLevel Full
This will copy the search result to -TargetMailbox "Discovery Search Mailbox". To return the message to the end user mailbox use Search-Mailbox with target mailbox User01
Search-Mailbox "Discovery Search Mailbox" -SearchQuery "from:'User02'" -TargetMailbox User01 -TargetFolder "User01 Recovery" -LogLevel Full
Check User01 mailbox, it should exist a folder named User01 Recovery with the recovered message and a log of every action taken by the system
Another option is to export the result of the first search to a PST file. First is necessary to create a network share to store the pst.
The administrator also must grant permission to the user connect to target mailbox and export the content to a pst. Run the cmdlet to grant user the export ability
New-ManagementRoleAssignment –Role “Mailbox Import Export” –User “Administrator”
Close and reopen Management Shell to apply the new permissions and run the cmdlet to export the contents of the Discovery Search Mailbox
New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -SourceRootFolder "User01 Recovery" -FilePath \hm03cas\PST\User01Recovery.pst
Changing Mailbox Creation Default
By default, the Single Item Recovery feature is disabled for every new user created. To change this behavior administrator can configure the *Cmdlet Extension Agent. *
This is a global feature, the configuration of the agent is applied throughout the organization.
Configuring XML File
Before enabling the extensions it must configure the XML file that will be use to extend the cmdlets. Navigate to the folder <Exchange Installation>\V15\Bin\CmdletExtensionAgents located the file sample XML file ScriptingAgentConfig.xml.sample. If default installation folder is used the path is C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents
Rename the file to ScriptingAgentConfig.xml and replace the content for XML string below
<?``xml version``=``"1.0" encoding``=``"utf-8" ?>
``<``Configuration version``=``"1.0"``>
``<``Feature Name``=``"MailboxProvisioning" Cmdlets``=``"New-Mailbox"``>
``<``ApiCall Name``=``"OnComplete"``>
``If($succeeded) {
``$Name= $provisioningHandler.UserSpecifiedParameters["Name"]
``Set-Mailbox -Identity $Name -SingleItemRecoveryEnabled $true
``}
``</``ApiCall``>
``</``Feature``>
``</``Configuration``>
Copy the new ScriptingAgentConfig.xml file to all Exchange Servers, otherwise the process of creating a new mailbox will fail.
Enable Agent
To enable the agent for organization run the cmdlet
Enable-CmdletExtensionAgent "Scripting Agent"
To check the settings of the agent
Get-CmdletExtensionAgent "Scripting Agent"
Test Configuration
With this setting, all new users will have Single Item Recovery feature enabled. Create a new user and see the feature enabled.
Get-Mailbox <Nome do Usuário> | FL SingleItemRecoveryEnabled,RetainDeletedItemsFor,RetainDeletedItemsUntilBackup
The time that objects are kept can be set at the database, ensuring that all users are protected.
