ENTERPRISE

Exchange Server 2010 : Maintaining Reliability and Availability - Recover Data

5/24/2011 3:49:17 PM
Many scenarios exist where you might need to recover data in Exchange. Knowing how to perform data recovery and practicing your recovery process regularly are key factors to a successful data recovery plan. Different types of recovery require different strategies; therefore, it's essential to ensure that you clearly know how to react in each situation in which recovery may be needed. Some of the common scopes of data recovery are

  • Entire mailbox databases

  • Individual user mailboxes

  • Single items in a mailbox

1. Recover Databases with the Windows Server Backup Tool

Windows Server Backup isn't the only backup tool that can be used in Exchange, but Exchange Server 2010 brings back the ability to use the built-in backup product. If you used the Windows Server Backup tool to back up your Exchange databases, you can restore the database from your backup either to the original location of the database or to an alternate location. This section shows you how to recover a database from the backup created with the Windows Server Backup tool.

1.1. Restore the Database from Backup

When you used Windows Server Backup to create a backup, you had to back up the entire volume and the Exchange databases are backed up with it. When you restore a backup in Windows Server Backup, however, you can choose to only restore the Exchange databases. When you perform the restore, all the databases on the volume are restored. You do not have the option of choosing which databases to restore.

To restore all the databases that were backed up on a particular volume, use the following steps:

  1. Open Windows Server Backup by selecting Start => All Programs => Administrative Tools => Windows Server Backup.

  2. In the Actions pane on the right, select the Recover task. This launches the Recovery wizard.

  3. At the Getting Started screen of the wizard, select This Server to restore a backup of the current server from a local volume.

    Click Next to continue.

  4. On the Select Backup Date screen, select from the calendar control the date of the backup that you are restoring. The dates that have backups are displayed in bold text.

    After selecting the date, select the time of the backup from the Time field. Click Next after you've chosen the backup that you want to restore (see Figure 1).

    Figure 1. Selecting the backup to restore

  5. On the Select Recovery Type screen, choose Applications and click Next.

  6. On the Select Application screen, choose the Exchange application and click Next.

  7. At the Specify Recovery Options screen, choose Recover To Original Location to restore the backup to the original location of the databases.

    You might also choose the Recover To Another Location option if you want to restore only one of the databases on the volume. You can then specify the folder that you want to restore the databases to and manually copy the restored database files to the original location of the database.

    In this example, we're restoring the database to its original location. Choose the Recover To Original Location option and click Next.

  8. On the Confirmation screen, click the Recover button to begin recovery.

  9. The Recovery Progress dialog box is displayed while the recovery is being performed. You can safely close this dialog box and the recovery will continue.

    If you choose to the keep the dialog box open, you can click the Close button after the recovery completes to close the Recovery wizard.

1.2. Mount a Database Restored to an Alternate Location

There are a couple of differences between restoring data to its original location and restoring data to an alternate location.

When you perform a restore in Windows Server Backup, all the databases in the backed up volume are restored; therefore, you can't restore a single database to its original location in Windows Server Backup. If you want to restore a single database, you must first restore the databases on the volume to an alternate location and then overwrite the database files with the restored copy.

If the database is restored to its original location, the database is automatically mounted and made current by replaying any transaction logs that are still in the location. However, if you restored the database to an alternate location, the database must be brought into a clean shutdown state before it can be mounted.

To bring the database into a clean shutdown state:

  1. Take note of the database base name. You can find out the base name of the database by browsing to the folder that contains the restored backup and examining the first three characters of the log files. For example, if there is a log file named E0200000003.log, then the base name of the database is E02.

  2. Open a command prompt by selecting Start => All Programs => Accessories => Command Prompt.

  3. Change directories to the folder that contains the restored backup. For example, if the backup was restored to C:\RestoredData, run the following command:

    cd c:\RestoredData

  4. Run the following ESEUTIL command, substituting BaseName for the three-digit base name discovered in step 1:

    Eseutil /r BaseName

    For example, the command to restore our database from step 2 is

    Eseutil /r E02

After the database is brought to a clean shutdown state, you can redirect the original database to use the restored files. To do this, use the Move-DatabasePathConfigurationOnly parameter. The following example command remaps the database and transaction log files for the database DB03 to the location of the restored files (C:\RestoredData\ and C:\RestoredData\DB03.edb): cmdlet in the EMS along with the 

Move-DatabasePath DB03 -EdbFilePath 

C:\RestoredData\DB03.edb -LogFolderPath C:\RestoredData 

-ConfigurationOnly

You can then mount the database using the Mount-Database cmdlet. The following EMS command mounts the database that we just restored, named DB03:

Mount-Database DB03

2. Recover Mailboxes

Exchange Server 2010 gives you a few options for recovering a mailbox. This section shows you how to configure and use some of the mailbox recovery options. The options discussed are as follows:


Recovering a Mailbox Using the Deleted Mailbox Retention Capability

This works well for recovering mailboxes that were recently deleted (such as within the last 30 days).


Recovering a Mailbox Using a Recovery Database

You can use this option if you have a valid backup or copy of the database that you want to restore the mailbox from.


Recovering a Mailbox Using a Lagged Database Copy

This option is good if you are concerned about mailboxes being logically corrupted from a third-party application or a virus.

2.1. Use Deleted Mailbox Retention

By default, when a mailbox is removed from Exchange, the mailbox is not actually deleted. The mailbox is disjoined from the Active Directory account that it was paired with and remains in Exchange as a disconnected mailbox for a specified amount of time. After a time period expires (30 days by default), the mailbox is removed completely from Exchange. However, within this time period, you can reconnect a mailbox to another Active Directory account or to the same account that it used to be attached to (if the account still exists). This is useful for situations where mailboxes were accidentally deleted.

2.1.1. Adjust the Deleted Mailbox Retention Time

You can adjust the default mailbox retention time using the EMC. The following steps show you how:

  1. Open the EMC and browse to the Organization Configuration => Mailbox node in the Console tree.

  2. Click the Database Management tab in the Work area to open a list of databases that exist in the organization.

  3. Select the database from the list and click the Properties action in the Actions pane for the database that you selected.

  4. In the Database Properties dialog box, select the Limits tab.

  5. In the Keep Deleted Mailboxes For (Days) field, enter the number of days that you want to keep deleted mailboxes. The default setting is 30 days.

  6. Click OK to save the changes and close the properties dialog box.

You can also modify the default mailbox retention time using the EMS by running the Set-MailboxDatabase cmdlet with the MailboxRetention parameter, specifying the number of days that you want to keep mailboxes for. This setting affects every mailbox on the database. The following example changes the mailbox retention time on the database named DB01 from 30 days to 60 days:

Set-MailboxDatabase DB01 -MailboxRetention 60.00:00:00
2.1.2. Reconnect a Disconnected Mailbox Using the Exchange Management Shell

A disconnected mailbox can be reconnected to an Active Directory account using the Connect-Mailbox cmdlet in the EMS. Before you can use the Connect-MailboxLegacyDN), or the Globally Unique Identifier (GUID). You can use the following command to list each disconnected mailbox and its associated display name, GUID, and legacy DN. We'll also include the date that the mailbox was disconnected so it will be a little easier to narrow down the disconnected mailbox that you are looking for. In the example, the mailbox is on the server named CONTOSO-EX01. cmdlet, you need a way to identify the disconnected mailbox, since it is no longer tied to a user account. You can use either the Display Name of the mailbox, the legacy Distinguished Name (

Get-MailboxStatistics -Server CONTOSO-EX01 |
where {$_.DisconnectDate -ne $null} |
fl DisplayName, MailboxGUID, LegacyDN, DisconnectDate

This command is a little more complex than some of the others that we've used in this book, so I'll break it down to help you understand what is happening here. The first part of the command (Get-MailboxStatistics -Server CONTOSO-EX01) is getting the statistics for each mailbox on the server CONTOSO-EX01. The output from this command is being piped into the next command (where {$_.DisconnectDate -ne $null}). This part of the command is looking at each mailbox from the first part of the command and seeing if the DisconnectDate attribute on the mailbox is not equal to $null. If it is not equal to $null, that means there is a valid date in the DisconnectDate attribute. And if there is a valid date, the mailbox is a disconnected mailbox. Then each of the disconnected mailboxes is passed into the third part of this command (fl DisplayName, MailboxGUID, LegacyDN, DisconnectDate). This is just a Format-List command that lists each mailbox and the four attributes that we asked for in the command.

After you have an identifier, you can run the Connect-Mailbox cmdlet with the following syntax. As discussed previously, the MailboxID can be the display name, GUID, or legacy DN of the disconnected mailbox. Since you are essentially mail-enabling a user account, you will need to give the mailbox an alias, which can just be the same as the UserName.

Connect-Mailbox [MailboxID] -Database [DatabaseName]
-User [UserName] -Alias [MailboxAlias]

For example, the following command will reconnect Abe's mailbox using the GUID:

Connect-Mailbox e3edfb68-88ea-4b38-93cc-35a2196ed3e9
-Database DB01 -User abe -Alias abe
2.1.3. Reconnect a Disconnected Mailbox Using the Exchange Management Console

You can also reconnect a disconnected mailbox with the EMC. When using the EMC, you do not need to use the mailbox GUID as you did in the EMS. The EMC uses the mailbox GUID for you in the background, so you only need to select the disconnected mailbox and tell the wizard what account you want to connect it to. Use the following steps to reconnect a user mailbox that was inadvertently deleted:

  1. Open the EMC and browse to the Recipient Configuration => Disconnected Mailbox node in the Console tree.

  2. The Results pane lists the disconnected mailboxes that have not yet been removed from the database. Select the mailbox that you want to reconnect and click the Connect option in the Actions pane.

    The Connect Mailbox wizard launches.

  3. At the Introduction screen, select User Mailbox and click Next.

  4. On the Mailbox Settings screen, select the Active Directory account that you want to connect the mailbox to. If you click Matching User and select the Browse button, Exchange will attempt to find users whose properties match the mailbox.

    If Exchange can't locate a user that matches the mailbox properties, you can select Existing User instead. When you select Existing User, a list of all enabled users in Active Directory without mailboxes will be returned.

    Type an alias for the account in the Alias field and click Next.

  5. On the Connect Mailbox screen, verify that the settings are correct and click the Connect button to connect the mailbox.

  6. At the Completion screen, view the results and click Finish to close the wizard.

2.2. Use a Recovery Database

A recovery database (RDB) allows you to restore and mount a copy of a mailbox database and extract data from it. The RDB has some unique characteristics that make it well suited for recovery, because it ensures that the data in the database cannot be modified. Here are some of these characteristics:

  • Mailbox databases can be mounted into an RDB, but the data cannot be accessed with methods used by traditional email applications. Users cannot use tools like Outlook to read from an RDB.

  • Even though it's a mounted database, mail cannot flow to or from the database.

  • No policies are applied to a database that is mounted in an RDB.

When using an RDB, the mail must be extracted from or merged into an existing mailbox. The process for recovering a mailbox from a database using an RDB is as follows:

  1. Create the recovery database.

  2. Restore the mailbox database files from the backup.

  3. Point the RDB to the restored mailbox database and mount it.

  4. Restore the mailbox.

2.2.1. Create a Recovery Database Using the Exchange Management Shell

You can create an RDB using the New-MailboxDatabase cmdlet in the EMS. The parameters used are the same parameters used for creating a mailbox database. The difference, however, is that you will need to specify the Recovery parameter to mark the database as a recovery database. The following command creates a recovery database called RDB01:

New-MailboxDatabase RDB01 -Server CONTOSO-EX01 -Recovery
2.2.2. Restore the Mailbox Database from Backup

When you restore the mailbox database from a backup. These procedures only apply to backups taken with the Windows Server Backup tool. If you use a third-party backup solution for Exchange, you will need to follow their steps for restoring the database.

2.2.3. Repair and Mount the Restored Database

Before the restored database can be mounted, you first must repair the database with ESEUTIL. Run the following command to repair the database:

Eseutil /p [PathToEDBFile]

For example, to repair the database restored to C:\Recovered, you might use this command:

Eseutil /p c:\recovered\e03.edb

After the database is repaired, you need to point the recovery database to the location of your restored files or copy the restored files into the location that the recovery database is currently using to store its data. To change the location of the RDB transaction logs and database file, use the Move-DatabasePath cmdlet with the ConfigurationOnly parameter. The following EMS command modifies the RDB to point to the recovered files:

Move-DatabasePath [RDBName] -EdbFilePath [RestoredEDBFile]
-LogFolderPath [RestoredLogFolder] -ConfigurationOnly

For example, to modify the recovery database RDB01 to point to the files at C:\Recovered, you would use the following command:

Move-DatabasePath RDB01 -EdbFilePath c:\Recovered\e03.edb
-LogFolderPath c:\Recovered -ConfigurationOnly

You can now mount the recovered database using the Mount-Database cmdlet, as shown here:

Mount-Database RDB01
2.2.4. Restore the Mailbox

Now that the recovery database is mounted with the recovered backup, you can restore the mailbox. To restore the mailbox, you use the Restore-Mailbox cmdlet in the EMS. When running the Restore-Mailbox command, you can either restore the data to the original mailbox or restore it to a different mailbox.

To restore the data to the original mailbox, run the following command:

Restore-Mailbox [Name] -RecoveryDatabase [RDBName]

For example, to restore Abe Berlas's mailbox, you would run this command:

Restore-Mailbox "Abe Berlas" -RecoveryDatabase RDB01

If you want to restore the data to a different mailbox than the original one, you need to specify the target mailbox, the source mailbox, and the folder that you want to put the data in. You must run Restore-Mailbox with the following parameters:

Restore-Mailbox [TargetMailbox] -RecoveryDatabase [RDBName]
-RecoveryMailbox [SourceMailbox] -TargetFolder [FolderName]

The following command will restore Abe Berlas's mailbox from the backup into Jay Humphrey's mailbox inside the folder named Abe's Mail:

Restore-Mailbox "Jay Humphrey" -RecoveryDatabase RDB01
-RecoveryMailbox "Abe Berlas" -TargetFolder "Abe's Mail"
2.3. Use Lagged Database Copies

A lagged database copy allows you to replicate transaction logs to a passive database and wait a specified amount of time before replaying them into the database copy. This gives you some buffer in case you want a safeguard against potentially replaying a log that could cause a logical corruption. This scenario is unlikely in most cases, but there have been third-party applications known to cause logical corruption of data in mailboxes. If this is the case, you will probably incur some data loss when recovering from a lagged copy, since you will be deleting transaction logs that may still have valid transactions in them.

2.3.1. Configure a Lagged Database Copy Using the Exchange Management Shell

To enable lagged replay for an existing database copy, use the Set-MailboxDatabaseCopy cmdlet with the ReplayLagTime parameter. The following command enables a replay lag of 7 days on a database copy. (The max replay lag time is 14 days.)

Set-MailboxDatabaseCopy CONTOSO-MB02\DB01 -ReplayLagTime
7.0:00:00
10.3.2.3.2. Recover from a Lagged Copy

To recover from a lagged database copy, perform these high-level steps:

  1. Suspend replication to the lagged copy.

  2. Take a Volume Shadow Copy Service (VSS) snapshot of the volume to ensure that you have a point-in-time copy of the lagged database copy.

  3. Determine the day and time that you want to restore the database to. Delete all the transaction logs that occurred after that time.

  4. Repair the database using ESEUTIL. Use the steps in the earlier section "Mount a Database Restored to an Alternate Location."

  5. Recover the data from the database using the recovery database method, as outlined in the earlier section "Use a Recovery Database."

  6. Restore the VSS snapshot of the volume. You can follow the steps in the earlier section "Recover Databases with the Windows Server Backup Tool." When selecting the recovery type in the Recovery wizard, select the option to restore volumes instead of applications.

  7. Resume replication to the lagged copy.

3. Recover Deleted Messages

One of the challenges over the years has been providing the ability to restore a single item after a user has deleted it. Many organizations turned to using third-party tools or kept backups for months on end, just to have this ability. Exchange Server 2010 now includes the ability to recover deleted messages after users purge them from their mailbox completely. This section helps you understand how this works and shows you how to configure and use single-item recovery.

3.1. Understand Single-Item Recovery

When a user deletes a message from their mailbox, it goes to the Deleted Items folder, where the message sits until the Deleted Items folder is emptied. After the folder is emptied, the message goes to the dumpster, which removes it from the view of the user's mailbox in Outlook. Users still have the ability to recover deleted items in Outlook using the Recover Deleted Items option. In previous versions of Exchange, once a user removed the message from the Recover Deleted Items tool or if the age of the message surpassed the deleted item's age limit, it was gone forever.

In Exchange Server 2010, a new step is added into the dumpster. After a user removes the message using the Recover Deleted Items tool in Outlook (by the way, the Recover Deleted Items tool is now available in Outlook Web App as well), the message is moved to a special Purges folder inside the dumpster. The Purges folder and the messages in it are hidden from the user. However, administrators who are delegated the right to perform discovery searches can search through the Purges folder and recover items for individual users. This model allows administrators to recover deleted items for users without requiring permissions to restore and mount databases.

3.2. Configure Single-Item Recovery

By default, single-item recovery is configured to hold items for 14 days. However, you can modify this default value and hold items for longer.

The longer items are held, the more space they take up. Therefore, you don't want to enable single-item recovery for an extremely long period of time unless you've planned the storage capacity for it and adjusted the dumpster quotas appropriately.
3.2.1. Enable Single Item Recovery on a Mailbox Using the Exchange Management Shell

You can enable single-item recovery for a mailbox by running the following command in the EMS:

Set-Mailbox MailboxName -SingleItemRecoveryEnabled $true

For example, to enable single-item recovery for Jay Humphrey's mailbox, you would use the following command:

Set-Mailbox "Jay Humphrey" -SingleItemRecoveryEnabled $true
3.2.2. Configure the Retention Period for Single-Item Recovery Using the Exchange Management Shell

To configure how long items are kept when single-item recovery is enabled, use the following EMS command:

Set-Mailbox MailboxName -RetainDeletedItemsFor NumberOfDays

For example, to enable single-item recovery to hold 60 days of messages, run this command:

Set-Mailbox "Jay Humphrey" -RetainDeletedItemsFor 60
3.3. Recover a Deleted Message

To recover a message using the single-item recovery feature, an administrator uses the discovery search tool to find the item. After the item is found, it is exported from the discovery search mailbox into the user's mailbox.

NOTE

To perform this recovery, you need to have the 64-bit version of Outlook 2010 installed on the computer with the Exchange Management Tools and you must hold the role called Mailbox Import Export.

These are the steps:

  1. Perform a discovery search for the item that you need to restore. When performing the search, you can use keywords or a date range to narrow down the results of the search.

  2. After the search is finished, open the discovery search mailbox .

  3. Find the item you're looking for in the discovery search mailbox.

  4. Create a new folder in the discovery search mailbox. You can name this folder anything you'd like.

    This folder will be used to temporarily hold the item from the Recoverable Items folder in the discovery search mailbox. For example, you might call this folder Abe's Recovered Mail. Then drag the item from the Recoverable Items folder into the new folder that you just created.

  5. Open the EMS and run the Export-Mailbox cmdlet on the discovery search mailbox.

    The following command exports the items from the Abe's Recovered Mail folder in the discovery search mailbox to the Recovered Mail folder inside Abe's mailbox:

    Export-Mailbox "Discovery Search Mailbox" 

    -IncludeFolders "Abe's Recovered Mail" 

    -TargetMailbox abe -TargetFolder "Recovered Mail"

Abe's message is now restored in his mailbox in the folder called Recovered Mail.
Other  
  •  Exchange Server 2010 : Maintaining Reliability and Availability - Back Up Exchange
    •
  •  Exchange Server 2010 : Utilize the Availability Options for Servers Based on Role (part 3) - Implement Redundant Transport Servers
    •
  •  Exchange Server 2010 : Utilize the Availability Options for Servers Based on Role (part 2) - Increase Mailbox Database Availability
    •
  •  Exchange Server 2010 : Utilize the Availability Options for Servers Based on Role (part 1) - Load-Balance Client Access Servers
    •
  •  Exchange Server 2010 : Track Exchange Performance (part 2) - Test the Performance Limitations in a Lab
    •
  •  Exchange Server 2010 : Track Exchange Performance (part 1) - Use the Performance Tools Available
    •
  •  Exchange Server 2010 : Keep Exchange Healthy (part 2) - Verify Exchange Server Health
    •
  •  Exchange Server 2010 : Keep Exchange Healthy (part 1) - Ensure That Mail Flows Freely
    •
  •  Programming WCF Services : Queued Services - Instance Management
    •
  •  Programming WCF Services : Queued Services - Transactions
    •
  •  Exchange Server 2010 : Implementing Client Access and Hub Transport Servers - Test Cmdlets for CAS and Hub Transport Servers
    •
  •  Exchange Server 2010 : Implementing Client Access and Hub Transport Servers - Installing the Hub Transport Server
    •
  •  Exchange Server 2010 : Implementing Client Access and Hub Transport Servers - Transport Pipeline
    •
  •  Exchange Server 2010 : Implementing Client Access and Hub Transport Servers - Understanding the Hub Transport Server
    •
  •  Implementing Client Access and Hub Transport Servers : Installing the Client Access Server
    •
  •  Implementing Client Access and Hub Transport Servers : Understanding the Client Access Server (part 2)
    •
  •  Implementing Client Access and Hub Transport Servers : Understanding the Client Access Server (part 1)
    •
  •  SharePoint 2010 : Implementing and Managing In Place Records
    •
  •  Understanding Exchange Policy Enforcement Security : Creating Messaging Records Management Policies
    •
  •  Understanding Exchange Policy Enforcement Security : Implementing Transport Agent Policies on the Edge
    •
     
    Top 10
    Windows Server 2003 : Domain Name System - Command-Line Utilities
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 2)
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 1)
    Brother MFC-J4510DW - An Innovative All-In-One A3 Printer
    Computer Planet I7 Extreme Gaming PC
    All We Need To Know About Green Computing (Part 4)
    All We Need To Know About Green Computing (Part 3)
    All We Need To Know About Green Computing (Part 2)
    All We Need To Know About Green Computing (Part 1)
    Master Black-White Copying
    Most View
    Collaborating Within an Exchange Server Environment Using Microsoft Office SharePoint Server 2007 : Exploring Basic MOSS Features
    Get A Faster, Safer PC (Part 3) - Make text easier to read, Disable a laptop touchpad
    Algorithms for Compiler Design: THE MACHINE MODEL
    iPhone, iPad touch and iPad : Realikety
    Storage, Screens And Sounds (Part 1)
    Audio Cleaning Lab MX - makes some sounds sound better
    SQL Server 2008 : Using Remote Stored Procedures
    Sony Xperia Go
    Web Security Testing : Manipulating Sessions - Analyzing Session Randomness with WebScarab
    Understanding the Basics of Collaboration in SharePoint 2010 : Microsoft Office Integration
    Buyer’s Guide - Keyboard and mice (Part 2) - Gigabyte Multimedia Ultra-slim Profile Keyboard GK-K6150, Microsoft Natural Ergonomic Keyboard 40000
    How To Store Your Files In The Ether
    Expert advice: Printer & Scanner (Part 2) - Samsung ML-2955DW
    SharePoint 2010 : PerformancePoint Services (part 2) - Using PerformancePoint
    SQL Server System and Database Administration : System Databases
    Is The Personal Blog Dead? (Part 2) - Going Mainstream
    Choosing The Right Gear For The Right Job
    Panasonic KX-MB1530CX Multi-Function Printer : A small workhorse for document printing
    Master Black-White Copying
    Windows 7 : Installing and Running Your Software (part 1)