In the current article, we will review the following subjects: The flow of a “deleted…
In the current article, we will review the subject of Exchange single item recovery mechanism and his physical implementation – the Recoverable Items folder.
The purpose of these “Exchange components” is to provide an easy and efficient way to solve the requirement of – recovering mail in Exchange base environment.
The concept of single item recovery and Recoverable Items folder can consider as confusing and unclear. The main purpose of the current article is to explain and to clarify the structure and the concepts of this interesting Exchange architecture.
Table of contents
- The concept of single item recovery and Recoverable Items Folder
- Recoverable Items Folder architecture
- Accessibility to the Recoverable Items folder
The concept of single item recovery and Recoverable Items Folder
The Exchange mechanism named: single item recovery is a protection mechanism that enables Exchange users and Exchange administrator to deal quickly and efficiently, with the scenario of “recovering a mail item”.
The Deleted mail item folder
The most basic mechanism that enables the user to “regret” an operation of mail deletion is the famous mailbox folder called– Deleted items folder.
The Deleted items folder is the implementation of the “Recycle bin” concept.
The “Recycle bin” concept is a familiar concept that is used by the operating system and so on.
After the user has deleted a specific mail item, he has the option to access the Exchange inbox “Recycle bin” (the Deleted items folder) and easily restores the mail item.
This is the “first line of defense”.
Mail that is “sent” to the Recycle bin” (the Deleted items folder) will stay there forever until the user decides to “empty” the Recycle bin” (the Deleted items folder).
But what about a scenario, in which the user decides to “empty” the Recycle bin” (the Deleted items folder) and then regrets meaning, the user would like to recover his mail items?
Theoretically, in this scenario, the only way for recovering mail items after they deleted from the Recycle bin” (the Deleted items folder) could be using recovery from a backup tape or other kind of backup infrastructure.
Lest supposes that we have a backup infrastructure and that we technically have the option to use the “backup tape” to recover the specific mail items.
Most of the time, the restore process considers complex and requires the allocation of resources.
This is the “point” in which the Exchange single item recovery solution appears to save the day!
If we want to simplify the explanation of what is the Exchange single item recovery mechanism, we can relate to the single item recovery as a “secondary Recycle bin”.
When we implement the option of – Exchange single item recovery, each mail item that is deleted from the Deleted items folder (the “formal” Recycle bin) the mail is not permanently deleted but instead, “relocated” to the “secondary Recycle bin”.
Using the single item recovery as a “secondary Recycle bin”, enables the user and the Exchange administrator to recover mail items, even if there were deleted from the Deleted items folder (the “formal” Recycle bin).
To be able to use this “secondary Recycle bin”, all the user needs to do is – just use the option of “recovery mail item” that included as a built-in option in the Outlook or the OWA mail client.
In the following screenshot, we can see an example of the mail recovery option (Recover Deleted Items) that is available for when using an Outlook mail client.
The recovery option enables the user to see the content of the “secondary Recycle bin” (the single item recovery partition).
The option of single item recovery prevents the need for implementing the complicated process of recovering mail by using backup infrastructure such as backup tape, etc.
The physical implementation of the single item recovery architecture
The concept of single item recovery architecture is implemented by additional parathion that consists of a set of sub-directories named: Recoverable Items folder
The effective management of the Exchange single item recovery
The description of the single item recovery as a “secondary Recycle bin” sounds almost too good to believe because apparently, this is the perfect solution for all the “restore mail scenarios”.
This is almost correct because the only main disadvantage is the overload that will create on the “Exchange server side”.
This “overload” that realized as a huge amount of storage that will be needed to allocate so Exchange server could save each of the mail items that ever deleted.
Q: So… what is the best practice for using the option of single item recovery?
A: An option that will enable the Exchange administrator to restrict or set a limitation of the maximum number of days in which deleted mail will be saved in the single item recovery.
Q: How can I “tell” to Exchange to save, the delete mail items for a specific time period and at the end of this time range, delete mail items from the Recoverable Items folder?
A: By using Exchange server policy named – Deleted Item retention
Our need (the Exchange administrator need) is to be able to “enforce” some restriction or “time limitation” on the Recoverable Items folder, so a deleted mail item will not stay forever in this partition and consume additional storage on the Exchange server.
The solution for this requirement is implemented by using an Exchange policy named – Deleted Item retention
The Deleted Item retention defines a “time limitation” in which the deleted mail items will be saved in a Recoverable Items folder. At the end of this time period, the specific mail will permanently delete.
In the Exchange on-premises environment, the Exchange administrator can decide if he wants to enable the option of single item recovery and, in addition, set the number of days for the Deleted Item retention.
In the Exchange Online environment, the option of – single item recovery is configured by default, and the default value of the Deleted Item retention is 14 days.
In other words, in an Exchange Online environment a mail that was deleted from the
Deleted items folder (the Exchange mailbox “Recycle bin”) can be recovered over a time period of 14 days.
Additional information about single item recovery and Recoverable Items folder
The term “single item recovery”
The term “single item recovery” is an Exchange term that describes the ability to recover a specific mail item (single mail item).
Technically speaking, we can use the mechanism of the “single item recovery” for recovering a “bunch” or a group of mail items at the same time.
The reason for using the term “single item recovery” is, for emphasizing the fact that this mechanism, operate a “single mail item level” and, not as a mechanism that will enable us to restore a “complete mailbox” or restore user mailbox to a particular point in time.
The term – “Recoverable Items folder”
The architecture of: “single mail item recovery” is implemented by using a “set of mailbox hidden folder” that serves as a “container” for deleted mail items.
The formal term that describes this set of folders is – “Recoverable Items folder” (the former term that was used in the past is Dumpster).
Recoverable Items Folder architecture
The architecture and the structure of the Recoverable Items folder is a little confusing.
We can relate to the Recoverable Items folder as a “hidden partition”, which serves as an additional part of the user mailbox.
The Recoverable Items folder serves as a store or container for deleted mail items and can be “accessed” by the user (the owner of the mailbox) but it’s important to emphasize that although a specific user considers as the owner of his mailbox, the user (mailbox owner) can access or view only one specific folder from the set of the folders which consisted the Recoverable Items folder partition.
The Recoverable Items folder is just an additional part of the user Mailbox. Recoverable Items folder is hidden by design (the Recoverable Items folder doesn’t “appear” in the standard Outlook folder view).
The Recoverable Items folder partition includes the following set of folders:
- Deletion Folder
- Purges Folder
- Versions Folder
- Calendar Logging
In the following diagram, we can see the structure of the Recoverable Items folder partition.
By default, the Recoverable Items folder partition includes only the following set of folders:
- Deletion Folder
- Purges Folder
- Versions Folder
- Calendar Logging
- The Audits folder will be created only in the case that we (as Exchange administrator) activate the audit option for a specific mailbox.
- The DiscoveryHolds folder will be created only in the case that (as Exchange administrator) activate the option of In-Place Hold
Note: In the current article, we will not relate to the following folders: Calendar Logging (help troubleshoot and repair calendar reliability issues) and the Audit folder.
To “complete” structure of a standard user mailbox
In the following diagram, we can see the structure of a “standard user mailbox.”
The mailbox includes two different “partitions”:
- The standard mailbox folder that is exposed to the users such as inbox folder, Deleted items folder, sent items folder and so on.
- The second “partitions” of the user mailbox is the Recoverable Items folder partition.
Accessibility to the Recoverable Items folder
Q. The Recoverable Items folder can be accessed by the user or only by Exchange administer?
The answer is that a user can access a very specific folder that is a member of the Recoverable Items folder set.
The Exchange administrator can access (view) all of the different folders that described as – Recoverable Items folder.
The Recoverable Items folder is hidden from the standard user view.
The only exception to this rule is a specific folder that includes in the Recoverable Items folder “set” named – Deletion folder.
The Deletion folder doesn’t appear in the “standard mailbox folder hierarchy”. The user who considers as the “mailbox owner”, can access the content of this folder by using the recovery option in Outlook or OWA mail client.
In the following screenshot, we can see how to Outlook user can see\view the content of the Deletion folder (a specific folder from the Recoverable Items folder set).
In the following diagram, we can see the permission structure that is implemented relating to the Recoverable Items folder set.
The user (the mailbox owner), can see or access the “top partition” that includes the standard mailbox folders such as inbox, sent items and so on.
The Exchange administrator has access to the “hidden user mailbox partition” aka – Recoverable Items folder.
Note: If we want to be even more specific, by default the Exchange administrator doesn’t have access permission to the “standard user mailbox” (inbox folder, calendar, sent items, etc.).
Q: Why does the Deletion folder does not appear is a part of the standard user mailbox root folders?
A: Because this is a “special folder” that was created for a special scenario, in which mail items were deleted and in addition, was also deleted from the Deleted items folder (the Exchange mailbox “Recycle bin”).
The logic of the Deletion folder is that it’s better than this folder will be hidden and will be accessed by the user only in the special event in which a particular mail item\s need to be recovered.
Q: Why does the user have access only to the Deletion folder and not to all the rest of the folders that are included in the Recoverable Items folder set?
A: We can relate to the Recoverable Items folder partition as an “administrative partition”.
The true answer is – that are a couple of purposes for the Recoverable Items folder.
Some of these “purposes” are not related to the task of handling and managing the subject of deleted mail items. For example – in the case that we activate the mailbox audit option, the audit log files, will be saved in a dedicated folder in the Recoverable Items folder.
In the current article series, we will not relate to the other capabilities of “purposes” of the Recoverable Items folder beside the specific subject of recovering deleted mail in Exchange-based environment.
The Recoverable Items folder partition serves as a container for a deleted mail item for a specific period or, for an unlimited period. The Exchange administrator has the “privilege” to access and restore deleted mail items that stored in this special partition.
In some scenario such as a case in which the user performs illegal activity or criminal activity and tries to “cover his track” by deleting Incriminating information (mail items), we need to be able to preserve this data and in addition, prevent from the mailbox owner the ability of deleting this data (mail items).