In the current article, we review the possible causes that lead to a scenario, in…
Restore deleted Exchange Online mailbox in Office 365 environment | Prefix | Part 01#23
The current article series deal with the subject of – restoring or recovering a deleted mailbox in Office 365 (Exchange Online) environment. The interesting thing about “Restore deleted mailbox” in an Office 365 based environment is, that most of the time, most of us (including me), not fully understand what is happening behind the scenes of the “deleted mailbox land.”
Table of contents
The problems (the challenges) of restoring Exchange Online mailbox
1. Level of knowledge
There is no appropriate correlation between, the high importance of the “restore Exchange Online mailbox need” vs. the level of knowledge, and available public information about this important subject.
This lack of knowledge is causing frustration, “restore mailbox mistakes” in the worst of all – loss of data stored in the Exchange Online mailbox.
2. Complex environment
Most of the small organizations (SMB) use a very basic mail infrastructure in which all the user account and the mail infrastructure is “Fully hosted and manage” by Office 365 management infrastructure.
Regarding medium and large enterprise organization, most of the time, the implementation of Office 365 and Exchange Online infrastructure can be considered as complex infrastructure that is based on – on-Premises infrastructure that includes:
- On-Premises infrastructure – local Active Directory (On-Premise Active Directory) and local Exchange infrastructure.
- Cloud infrastructure – that includes the Office 365 directory infrastructure (Azure Active Directory) and the Office 365 mail infrastructure (Exchange Online).
This type of implementation described as Directory synchronization environment, and Exchange Hybrid infrastructure.
The outcome of this “complex environment” produces a large space of possible Exchange Online mailbox recovery scenarios and large space of – possible Exchange Online mailbox “recovery mistake’s scenarios.”
3. A wide variety of mailbox restores scenarios.
The current article series include 23 articles
The reason for this “Unreasonable” number of articles is:
- There are a lot of information and details that we need to know about the characters of 365 environments and the relationship that exists between the On-Premises Infrastructure and the Office 365 and Exchange Online infrastructure.
- There are many types of “restore options, ” and procedures that are used in some specific scenarios, and many types of a possibility to deal with a scenario of “Exchange Online mailboxes restore mistakes.”
As usual, knowledge is power!
- The knowledge about, how to implement the “best practice” procedure of the Exchange Online restores mailbox.
- The knowledge about, what are the available restore mailbox options and when to choose the best recovery option for a particular need.
- The knowledge about, how to recover or fix a scenario of Exchange Online mailboxes restore mistakes.”
For example, to prepare better for the scenario of “restoring Exchange Online mailbox,” it’s recommended to:
- Enable the option on – Active Directory Recycle Bin.
- Educate your IT staff about:
- The ramification of deleting Active Directory users in Directory synchronization and Exchange Hybrid environments.
- The Office 365 default recycle bin “30 days” limitation that will save deleted user accounts, and Exchange Online mailboxes for a restricted period of – 30 days”.
- The option of purchasing an E3 license that will enable to define a scenario in which deleted Exchange Online mailbox will saved for an unlimited amount of time, a feature that described as – “inactive mailbox.”
- About the specific characters of Directory synchronization environment.
What is the relationship which exists between the user object and mailbox object?
In the following section, I would like to review the nature of the relationship that exists between an Active Directory user account and Exchange mailbox.
Although most of the time we use the term “restore an Exchange mailbox,” It is very important that we understand that Exchange mailbox, is not an independent entity but instead, must be connected to “Active Directory User object.”
In other words, when we deal with a scenario of – “deleted Exchange mailbox” that we need to restore, we will also need to deal with the user account that will be “linked” to the Exchange mailbox.
Case 1 – Exchange mailbox and the mailbox owner deleted
In case that the user account that considered as the – Exchange mailbox owner also deleted, we will need to start the “restore process,” with the restoration of the user account, and only then deal with the restoration process of the Exchange mailbox.
Case 2 – Exchange mailbox deleted; the user account is “active.”
The other case is a scenario in which we need to restore deleted Exchange mailbox but this time; the user account is “alive” (not deleted). In this case, we will need to start the “restore process,” with the process of “binding” the deleted Exchange mailbox to an existing user account and only then complete the restore mailbox process.
Another aspect that will highlight the unique nature of the relationship that exists between Exchange mailbox, and a user account is the outcome of deleting one of the spouses:
- Scenario 1 – a deletion of the user who has an Exchange mailbox (consider as the mailbox owner), will lead to a deletion of the Exchange mailbox.
- Scenario 2 – a deletion of Exchange mailbox, will lead to a deletion of the user account that is associated with Exchange mailbox (mailbox owner).
Active Directory user account
- The “User object,” is stored in the Active Directory database.
- A “User object,” can exist independently without an Exchange mailbox.
The “Exchange mailbox,” is stored in the Exchange database.
An “active Exchange mailbox,” cannot exist independently without being connected or associated with an existing user account.
It’s important to “sharpen” this delectation – Exchange mailbox can exist without being connected to a user account.
In this case, the Exchange mailbox status is a special status which described as – Disconnected (Non-Active) Exchange mailbox.
Connected vs. non-connected Exchange mailbox
The “standard status” of Exchange mailbox can describe as a connected mailbox.
When we say that the user is the owner of Exchange mailbox, the mailbox connected to the user.
Another type of Exchange mailbox status is a Disconnected mailbox.
Connected (active, “alive”) Exchange mailbox
The term “Connected Exchange mailbox,” describe Exchange mailbox that has an owner meaning – a user account that is associated or “bound” to the Exchange mailbox.
- Exchange mailbox can have only one “owner” (User account).
- The user account can “own” only one Exchange mailbox.
Disconnected (Non-Active) Exchange mailbox
The term Disconnected mailbox, relate to an Exchange mailbox that is not connected or, not associated with a user account.
In other words, Exchange mailbox which doesn’t have an “owner.”
I sometimes use the term “Non-Active” for describing Disconnected mailbox, to emphasize that this particular status of Exchange mailbox.
From the Exchange users point to view, a Disconnected mailbox is not accessible (“Non-Active”)
Only the Exchange admin can access the unique store that is allocated for storing this special type Exchange mailbox. The Exchange administrator can “view” this type of Exchange mailboxes (Disconnected mailboxes), and decide if he wants to “fetch” information from the Disconnected Mailbox or choose to re-associate the Disconnected mailbox with an existing user account.
The way that we turn an active Exchange mailbox to a – Disconnected Exchange mailbox is implemented by “cutting” the link between the user account that was considered as the mailbox owner and his Exchange mailbox.
The various types of “Disconnected Mailbox.”
The term “Exchange Disconnected mailbox,” is a comprehensive term, that defines many types of “Disconnected mailboxes.”
The major classification of a Disconnected mailbox is:
- Disabled mailbox
- Deleted mailbox
A. Disabled mailbox
The option of “Disabled mailbox,” was created for enabling Exchange administrator, to disconnect the “link” between Directory user and his Exchange mailbox, and to keep the Exchange Online mailbox separately from the user.
When using the option on – disabling Exchange mailbox, the Exchange mailbox, and the Active Directory user account, continue to exist “separately,” without the “link” that exists between them.
In other words, after the process of disabling Exchange mailbox is complete, the user is no longer the owner of the Exchange mailbox, and the Exchange mailbox doesn’t have any owner. In this scenario, we can say that the mailbox is open.
A possible example of using the option of “disabling Exchange mailbox,” could be a scenario in which the Exchange administrator, want to “disconnect” the association between a particular Directory user account and Exchange Online mailbox (the user account that considered as the owner of the Exchange mailbox).
The Exchange administrator doesn’t want to delete the Exchange mailbox but instead, he seeks to keep the Exchange mailbox for future use.
The Exchange administrator has the option of “attaching” the Disabled mailbox to “other” Directory user accounts (user account without a mailbox).
The another side of the equation is the “user account.”
When we use the option of “Disabled mailbox,” the user account that was associated with the mailbox is not disabled or deleted. Instead, the user account continues to operate as a “standard user account.”
The only difference is that the Directory user doesn’t consider anymore as the mailbox owner.
Note: Exchange Online partially supports, the option of “Disabled mailbox.” The use of the “Disabled mailbox” option, is relatively rare in an Office 365 environment.
B. Deleted mailbox
The another type of Exchange “Disabled Mailbox” is released as – Deleted mailbox or of we want to be more accurate Soft Deleted Exchange mailbox.
Q: What happened when we delete an Exchange mailbox?
A: The term “Deleted Mailbox,” define a scenario in which the business requirement is different from the previous scenario (Disabled mailbox).
When we choose the option of “deleted Exchange mailbox,” the following chain of events occurs:
- The association between the Active Directory user account and the Exchange mailbox is “removed.”
- The Exchange mailbox deleted, if we want to use the more accurate term, the Exchange mailbox is Soft Deleted.
- The Active Directory user account that was the mailbox owner is also deleted!
A possible example of using the option of deleting Exchange mailbox could be a scenario in a specific user organization resigns.
In this specific example, we don’t need to keep the information stored in the Exchange mailbox and in addition. We don’t want to keep the Directory user account.
In this case, the option of – deleting the Exchange mailbox will fulfill this requirement.
It is important to mention is that if we delete a user account that was associated with Exchange mailbox (the mailbox owner), the Exchange mailbox will also be deleted.
In my humble opinion, I don’t like this default behavior in which deletion of one of the spouses automatically activate the deletion of the ‘other spouses”, but this is how it works, and we should be familiar with this behavior, whether we like it or not.
Exchange deleted mailbox
In Exchange Online based environment, the term “Deleted mailbox,” relate to three types of deleted mailbox type:
- Soft Deleted mailbox
- Hard deleted mailbox
- Inactive mailbox
In the current section, we will briefly review the difference between this type of “deleted Exchange mailbox.”
Soft Deleted mailbox
The term “Soft Deleted mailbox” define an Exchange mailbox that was deleted and doesn’t consider as “Active mailbox” anymore.
In Exchange based environment, when we deleted the mailbox, the mailbox is not really deleted (not permanently deleted). Instead, the “deleted mailbox” is relocated, and saved in a special store named – the Exchange recycle bin.
Deleted mailbox retention policy
We can relate to the Exchange recycle bin as a “temporary store” that contains Soft Deleted mailboxes.
I use the term “temporary store” because theoretically, the Exchange recycle bin was not created for storing the deleted mailbox forever but instated for a specific period.
The Exchange component that defines for how long the deleted mailbox will be kept in the Exchange recycle bin is defended by the Deleted mailbox retention policy.
- In Exchange on-Premises environment, the Deleted mailbox retention policy is configured to save the deleted Exchange mailboxes for a period of 30 days by default. Exchange on-Premises administrator, can change the default value and define any other required value.
- In Exchange Online (Office 365) environment, Deleted mailbox retention policy is also configured to save the deleted Exchange mailboxes for a period of 30 days by default. The main difference is that the Exchange Online administrator, cannot extend the specified time
Hard deleted mailbox
The term “Hard Deleted mailbox,” define a Soft Deleted Exchange mailbox that has reached the age of 30 days. When the Soft Deleted mailbox reaches the age of 30 days, the Exchange mailbox will be permanently deleted, and will be described as “Hard Deleted”.
The term “Inactive mailboxes” describe a specific status of a “Soft Deleted mailbox,” which exists only in Exchange Online (Office 365) based environment.
As mentioned, the Exchange Online recycles bin, Deleted mailbox retention policy is conjured to save Soft Deleted mailbox for a limited period of 30 days.
The feature of “Inactive mailbox” in an Office 365 environment, enable us to bypass the “30 days” limitation and extend the period in which the Soft Deleted will be kept in the Exchange recycle bin for an unlimited amount of time.
The mechanism that classified a Soft Deleted mailbox as an “Inactive mailbox,” is the Exchange Online services named – a Litigation Hold or In-Place Hold.
We will not provide a detailed description of the Exchange Online feature named – a Litigation Hold or In-Place Hold but instead just briefly mentioned that in case that we “apply” the option of a Litigation Hold or In-Place Hold to a specific Exchange Online mailbox; this option overrides any existing Deleted mailbox retention policy.
For example, when using the option of Litigation Hold or In-Place Hold, the Exchange Online administrator can define a configuration in which data that is stored in the mailbox will never be deleted or define a required time frame such as weeks, years and so on.
In case that we apply Litigation Hold or In-Place Hold on a specific Exchange Online mailbox, and then delete this mailbox, the mailbox will be considered as – Soft Deleted.
The main difference is that because the mailbox was configured with Litigation Hold or In-Place Hold, the “Soft Deleted mailbox” will be kept in the Exchange recycle bin for the period that defined in the Hold or In-Place Hold.
For example, if the mailbox that deleted was configured with the Litigation Hold option, and the Litigation Hold period was configured for 7 years, the Soft Deleted Exchange Online mailbox will be kept in the Exchange recipient for 7 years.
A summary table – Exchange on-Premises vs. Exchange Online
In the following table, we can see a summary of the supported types of
Disconnected mailbox in Exchange on-Premises vs. Exchange Online environment.
- Exchange on-Premises support the option of Disabled mailbox but Exchange Online partially supports the option of “Disabled mailbox.”
- Exchange Online supports the option of an Inactive mailbox, but Exchange on-Premises doesn’t support this option.
The next article in the current article series
Directory Object Deletion and the restore “domino effect + little bit about the concept of the Active Directory Recycle bin | Part 2#23
This Post Has 0 Comments