Fine-tuning Exchange mailbox retirement procedures and retention settings

Topic

New Reply

Hi Loungers,

I am starting this thread so I can make a more fine tuned set of procedures for retiring Exchange mailboxes when users leave my organization. I will explain my current procedure, then I will follow up with the issues/questions I have with a user that left the organization and now is returning. I also would like to address the backup component of mailboxes and retention settings.

Note: When making replies, please include step by step instructions on how to make the changes you suggest, as I am relatively new to Exchange 2010.

Software installed:
Windows Server 2008 R2 (64-bit)
Exchange Server 2010 SP1
Symantec Backup Exec R3

My current procedure:

[*]Disable user account in Active Directory Users and Computers (ADUC)
-Either at this step or in the step 3, I don’t know which, the mailbox now appears in the “Disconnected” mailbox list in Exchange

On the MAIL server, go to the Exchange Management Console. In the left tree window, browse to Microsoft Exchange On-Premises -> Recipient Configuration -> Disconnected Mailbox
.
[*]Remove user from the “Staff” ADUC container into the “Non-Staff” container.
.
[*]Move user’s mailbox from the default mailbox database to the “ex-employees” mailbox database.
-This is keep the size of the default mailbox smaller.

On the MAIL server, go to the Exchange Management Console. In the left tree window, browse to Microsoft Exchange On-Premises -> Recipient Configuration -> Mailbox. Highlight the user’s mailbox. In the actions pane on the right, click “New Local Move Request”. Click Browse under the “Target mailbox database” heading. Choose “Ex-employees”. Click Ok. Click Next. Click New.
[*]Hide user from the Outlook Exchange Address Book

On the MAIL server, go to the Exchange Management Console. In the left tree window, browse to Microsoft Exchange On-Premises -> Recipient Configuration -> Mailbox. Right click on the user’s mailbox and choose Properties. Enable the check box entitled “Hide from Exchange address lists”. Click OK.

Note: It takes 24 hours for the domain controller to propagate this change to the Outlook Address Books of the staff.

Questions:

[*]When in the “Disconnected Mailbox” window why do all the users (who I have disabled accounts for) display the default mailbox database instead the Ex-employees mailbox database in the “Mailbox Database” column?
.
[*]How do I reconnect a users mailbox for an employee who has returned to work at my organization?
I un-did steps 1 and 2 in my procedure above. However I couldn’t undo step 3. When I viewed the users mailbox in “Microsoft Exchange On-Premises -> Recipient Configuration -> Mailbox” there was no option for a local move request to move the mailbox back to the default Mailbox database. Also, when in the “Disconnected Mailbox” folder, when I right clicked on the user and chose “Connect” -> User Mailbox”, I couldn’t browse for the user in either the “Matching user” or “Existing User” options, and hence couldn’t reconnect them.
29143-Exchange-screenshot
[*]Every friday I run a full backup on all my servers, (file, application, mail, etc.). Is there a way to save space in my backups so that Symantec Backup Exec isn’t backing up the “Ex-Exployees” mailbox database every Friday unless it has changed?

Thank you,
Peter

Reply | Quote

Replies

1. The mailbox should just show up as “shared” if you disable the account in ADUC. Are you sure you haven’t ticked “delete Exchange mailbox” as well?

2. If the mailbox is shared there is no need to re-connect, but you may want to change the status to “regular”. This is a powershell command which I can’t remember off the top of my head.

3. If you use different stores for normal and ex-employees you can backup the ex store weekly instead of daily, but there is a risk of data loss if the mailbox is moved before you disable the account in ADUC.

cheers, Paul

Reply | Quote

1. The mailbox should just show up as “shared” if you disable the account in ADUC. Are you sure you haven’t ticked “delete Exchange mailbox” as well?

I don’t know what you mean here about the “shared” state, please post a screenshot of where to see this setting. Similarly, all I did with the outdated mailbox was a local move request using the wizard, so I didn’t check any “delete” boxes. Would it help if I shared my mailbox retention settings? Please specify where to, if you need them.

I found an article entitled “Connect or Restore a Disabled Mailbox”.I ran the command below and determined that all the mailboxes for disabled users that have been moved to the “ex-employees” store are in the “Soft-deleted” state in the original “default” mailbox.

Code:

[PS] C:>Get-MailboxStatistics -Database ‘Mailbox Database 0967836029’ | Where { $_.DisconnectReas
on -eq “SoftDeleted” } | Format-List LegacyDN, DisplayName, MailboxGUID, DisconnectReason

So I ran the restore command:

Code:

[PS] C:>New-MailboxRestoreRequest -SourceDatabase ‘Mailbox Database 0967836029’ -SourceStoreMailb
ox [I]“User Name”[/I] -TargetMailbox [I]UserAlias[/I]

Next I checked that the commend completed:

Code:

[PS] C:>Get-MailboxRestoreRequest -Name “MailboxRestore”

However, the users mailbox is still sitting the “disconnected” window, and I can’t “connect” it, and am still having the same issue.

2. If the mailbox is shared there is no need to re-connect, but you may want to change the status to “regular”. This is a powershell command which I can’t remember off the top of my head.

Same as the comment I made above, where do I see this “regular or shared” status?

3. If you use different stores for normal and ex-employees you can backup the ex store weekly instead of daily, but there is a risk of data loss if the mailbox is moved before you disable the account in ADUC.

Thanks, I can modify my backup schedule to remove the “ex-employees” mailbox store from the Monday through Thursday night incremental backups.

Reply | Quote

The mailbox type is shown in the Find dialogue in the GUI. You can also show it in PS.
get-mailbox username | fl

cheers, Paul

Reply | Quote

The mailbox type is shown in the Find dialogue in the GUI. You can also show it in PS.
get-mailbox username | fl

cheers, Paul

Hi Paul,

I used the “Find” search window in the “Microsoft Exchange On-Premises -> Recipient Configuration -> Mailbox” window, and it displayed the following fields:
“Display Name”, “Alias”, “Organizational Unit”, “Recepient Type Details”, and “Primary SMTP Address”. “Recepient Type Details” for my user contained the property: User Mailbox.

I didn’t see anything about “Regular” or “Shared”. Plus I don’t know how that will help me resolve my issue even if I find either of those options. Then how to I do i change the mailbox type. And after that, will that allow me to “Connect” the mailbox? If not, what are the steps? Also, are you giving me instructions for Exchange 2010 R2?

When I ran the powershell command 100 lines popped up, and I didn’t see anything helpful either.

—

I am starting to worry that my user who is coming back on Monday won’t have a Mailbox, so I’m starting to plan other solutions, like creating a new mailbox, and just exporting mail out of the old one and into the new one.

In order for you be helpful, I really would ask if you could please be more specific and detailed in what steps I should take and why in your responses, as I am pretty new at this and am stuck. Plus I would appreciate it if instead of ignoring some of my lengthly set of questions, you could reply to my other questions with “Those steps aren’t needed”, or simply “I don’t know” or the like.

Thank you,
Peter

Reply | Quote

——
Here is how I reconnected my users mailbox. The issue was that I had diabled the user’s active directory account, and then I moved their mailbox to another mailbox database.
——

I.Procedure – Reactivating a User’s Mailbox (Exchange 2010 SP1)

1. Enable the user account in Active Directory Users and Computers (ADUC)

[/SIZE]2. Move user back to the “Staff” ADUC container from the “Non-Staff” container.

[/SIZE]3.Clear the Previous Move Requests

[/SIZE]Use the EMC to clear a move request
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the “Mailbox moves” entry in the Mailbox Permissions topic.

[*]In the console tree, navigate to Recipient Configuration > Move Request.
[*]In the result pane, select a recipient that has a Move Request Status of Completed or Completed with warning.

[TABLE]
[TR]
[TD]Note:
[/TD]
[/TR]
[TR]
[TD]You can select multiple recipients in the result pane.
[/TD]
[/TR]
[/TABLE]

[*]In the action pane, click Clear Move Request.
[*]A warning message appears confirming that you want to clear the move request. Click Yes.

4.Copy the mailbox to the primary mailbox database
Move the user’s mailbox back from the “Ex-employees” database to the “Primary Mailbox Database” database.

On the MAIL server, go to the Exchange Management Console. In the left tree window, browse to Mailbox -> Microsoft Exchange On-Premises -> Recipient Configuration -> Mailbox. Highlight the user’s mailbox. In the actions pane on the right, click “New Local Move Request”. Click Browse under the “Target mailbox database” heading. Choose “Primary Mailbox Database”. Click Ok. Click Next. Click New.

5.View the current status of the move commands
Mailbox -> Microsoft Exchange On-Premises -> Recipient Configuration -> Move Request
Use the “Refresh” button in the Actions pane to monitor the process.

6.Test opening Outlook
When on a computer while logged in as the desired user, try opening Outlook.

Reply | Quote