I have been asked numerous times if we need to back up an Exchange environment and if yes, how do we do it? Well, the answer is simple… No, there is no need to backup Exchange anymore! This is a simple answer, but the reason is more complex. Let me explain to you why this is not needed anymore.

Exchange is fully integrated into Active Directory

Exchange Server (2013–2019) uses Active Directory to store and share directory information with Windows. However, Microsoft made some changes to how Exchange works with Active Directory.

Active Directory is the core Microsoft Exchange component that allows Exchange services to create, modify, delete, and query for Active Directory Domain Services (ADDS) data. Since Exchange 2013, all access to Active Directory is done by using the Active Directory driver itself. In previous versions of Exchange, DSAccess provided directory lookup services for components such as SMTP, message transfer agent (MTA), and the Exchange store.

Exchange added new attributes to the Active Directory domain service scheme and made other modifications to existing classes and attributes.

Server ‘restore’

If we need to recover an Exchange Server, Microsoft has created an option for us so we can recover Exchange Servers without using SystemState / OS Backup.

If we run, for example, a physical Exchange Server that has crashed and we need to recover it, we can simply install a new Windows Server instance with the same naming convention and service pack level.

Note: I highly recommend that you use the same hardware components as the server you are replacing.

As I have already mentioned, the Exchange Server settings are stored in Active Directory. The Setup.exe /Mode:RecoverServer command uses that information during the installation of Exchange on a new server with the same name.

However, that means we perform the recovery using the /mode:RecoverServer during the installation.

We go to our Active Directory and we reset the old computer account. Now we join the new server to the right Active Directory domain with the same server name and we install the Exchange Server role requirements.

After performing the required server reboot, we start an elevated command prompt and change to the folder containing the Exchange ISO and run the command below:

setup /mode:recoverserver /IAcceptExchangeServerLicenseTerms

Note: It is important to set up an identical server regarding OS & ServicePack level.

Database copies

Depending on the size of our on-premises Exchange environment, we have multiple mailbox databases running in at least one DAG. However, from each mailbox database we are running on our Exchange environment, Exchange is configured to have multiple copies of each mailbox database. One of this copy is a lagged copy and we can use this to restore the database to a specific point in time during the ReplayLagTime.

To visualize this bit more, let us have a look on this example:

First, we define our databases in three categories, displayed in the legend below:

However, in our example, we are running an environment with four Exchange Servers. This is a “building block” according to the definition from Microsoft.

If we have a closer look at how the mailbox databases will be distributed, the picture could look like this:

If we take now a closer look on MDB1, which is the active mailbox database from our first Exchange Server, there is a passive copy of it on the second and third Exchange Server in our environment. On the fourth Exchange Server we have the lagged copy of it.

However, on the second Exchange we have its own active database and on the third and fourth a passive copy, the lagged copy is on the first Exchange, etc.

Of course, this is a theoretical view on the configuration — active mailboxes can be moved around the servers for several reasons, but the principal configuration stays.

Recovery of deleted mailbox

Exchange server gives us the opportunity by default to be able to recover “deleted” mailboxes with board tools.

If we delete a mailbox, it is disconnected for a default period of 30 days (the mailbox retention period), and we can reconnect it at any point during that time. Deleting a mailbox does not mean that it is permanently deleted from the information store database right away, only that it is flagged for deletion. At the end of the mailbox retention period, the mailbox is permanently deleted from the database.

If we need to recover (or reconnect) a deleted mailbox, we go to our Exchange Admin Center (EAC) and browse to recipients > mailboxes > > Connect a mailbox

A new window opens and we can select the server in which the deleted mailbox is located:

When we have chosen the mailbox we want to restore, we click on the Icon and follow up the last steps.

To connect to a deleted mailbox we can also use the Exchange Management Shell.

To create a mailbox restore request using PowerShell, we have to use the display name, legacy distinguished name (DN), or mailbox GUID of the deleted mailbox. We use the Get-MailboxStatistics command to display the values of the DisplayName, MailboxGuid, and LegacyDN properties for the deleted mailbox that we want to restore.

For example, we run the following command to return this information for all disabled and deleted mailboxes in our organization.

Get-MailboxDatabase | Get-MailboxStatistics | Where {$_.DisconnectReason -eq "Disabled"} | Format-List DisplayName,MailboxGuid,LegacyDN,Database

After identifying the right source store mailbox we can start the restore of the user. In this example we want to restore the mailbox of Desmond Miles:

New-MailboxRestoreRequest -SourceStoreMailbox e1156ee7-79a2-4f94-2304-31e61eyu432b -SourceDatabase MBXDB23 -TargetMailbox "Desmond Miles" –AllowLegacyDNMismatch

Another example is to restore the deleted archive of Desmond Miles, and this can be done with the following PowerShell command example:

New-MailboxRestoreRequest -SourceStoreMailbox "Personal Archive – Desmond Miles" -SourceDatabase "MDB81" -TargetMailbox desmond@contoso.com -TargetIsArchive

We are also able to connect a deleted user mailbox to a user that isn’t mail enabled. To do that, we can run the command below. The Identity parameter specifies the name of the deleted mailbox and the user parameter the AD user account, we want to connect the mailbox:

Connect-Mailbox -Identity "Desmond Miles" -Database MBXDB23 -User "Ezio Auditore" -Alias robinw

Recover deleted messages (retention policy)

One of the most common operating tasks is when a user contacts the helpdesk to restore single items like emails or tasks. Since Exchange 2013, there is no expensive third-party tool needed to do that. Each user is now able to restore his own single item during the retention time we have set in the policy. The retention policy is by default set to keep the single item for 14 days.

Using the single item recovery as a “secondary Recycle bin” enables the user and the Exchange administrator to recover mail items, even if there were deleted from the Deleted items folder (the “formal” Recycle bin).

To be able to use this “secondary Recycle bin,” all the user has to do is just to use the option of “recovery mail item” that is a built-in option in the Outlook or the OWA mail client.

In the following screenshot, we can see an example of the mail recovery option (Recover Deleted Items) that is available when using the Outlook mail client.

The recovery option enables the user to see the content of the “secondary Recycle bin” (the single item recovery partition).

This feature can also be used in the Outlook Web App (OWA). After logging in to our mailbox through OWA, we hit the right click on the Deleted Items folder and select Recover deleted items

From this point, we are able to restore our Items we had deleted.

‘Backing up’ with PST

An old-school way to save the mailbox content is exporting (and importing) PST files. This way is very common and I wrote in the past articles about exporting and importing PSTs on my own blog.

There is some additional information that you will find good to know about Exchange and recovery.

Enable/disable single item recovery

When we create a new mailbox in Exchange, by default the single item recovery is disabled. However, if we enable the single item recovery, we are able to restore items of the mailbox until the retention period expires.

By the way, the same works for modified messages, if single item recovery is enabled, the administrator can retain a copy of the original item.

To show how to handle single item recovery, we can have a look on the following examples:

Enable single item recovery for one user (Desmond Miles).

Set-Mailbox –Identity ‘Desmond Miles’ –SingleItemRecoveryEnabled $true

Note: To disable the single item recovery, we can use $false instead of $true.

If we don’t know if single item recovery is enabled for a user we can go with the following command to figure it out:

Get-Mailbox –Identity ‘Desmond Miles’ | select SingleItemRecoveryEnabled

The result could look like the example below:

The next example allows us to set the number of days — how long items should be retained before deleting. For the command example, we set the retention for up to 60 days.

Set-Mailbox –Identity ‘Desmond Miles’ –SingleItemRecoveryEnabled $true –RetainDeletedItemsFor 60

Creating this setting for a single user is good to show examples of the cmdlet. However, if our company has 20 or more users, enabling or disabling single item recovery by each user is no fun. However, in this case, we can filter for all user mailboxes and enable or disable single recovery for all with one simple command:

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq ‘UserMailbox’)} | Set-Mailbox -SingleItemRecoveryEnabled $true -RetainDeletedItemsFor 30

Litigation Hold / In-Place Hold

Litigation Hold can be applied to mailboxes or distribution groups. When a user’s mailbox is put on Litigation Hold, they are still able to delete items, but Exchange retains the deleted items indefinitely with immutability.

Litigation Hold does not create a copy of data in a secondary physical location. It does not allow us to delete emails or attached files, so our storage capacity needs to increase exponentially over time.

Litigation Hold is mostly needed for companies, which are required to preserve electronically stored information (ESI) including email, when there is any judicious expectation of litigation exists.

However, Litigation Hold is not designed to restore emails or user accounts. The administrator can export data and go through a manual recovery process using a discovery search, but there is no direct restore option.

Have a look at the PowerShell command below that will help you manage Litigation Hold. In this example, we see how we can enable Litigation Hold for all user mailboxes in our company and we set the Litigation Hold duration for five years (1825 days)

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -LitigationHoldEnabled $true -LitigationHoldDuration 1825

In-Place Hold preserves all mailbox and public folder content, including deleted items and original versions of modified items. All such items can be returned in an In-Place eDiscovery search. When a user’s mailbox is placed on an In-Place Hold, the contents in the corresponding archive mailbox are also placed on hold and returned in an eDiscovery search.

We are allowed to place multiple In-Place Holds on a mailbox, but Litigation Hold is either enabled or disabled for a mailbox.

The PowerShell command below creates a new In-Place Hold object (InPlaceHold-Human-Resources) and applies it to mailboxes in the HR-CH distribution group. Items are preserved for five years (1,825 days) and a filter is applied using boolean logic and a proximity operator (NEAR) to search for items that contain the word dismissal.

New-MailboxSearch ‘InPlaceHold-Human-Resources’ -SourceMailboxes HR-CH -InPlaceHoldEnabled $true -ItemHoldPeriod 1825 -SearchQuery “(Acme NEAR(9) dismissal*) AND (Confidential OR Privileged)”

Backup Exchange? No, use the other solutions

As we have seen in this article, Exchange gives us multiple solutions to recover elements of Exchange with board tools. Even by reinstalling Exchange (disaster scenario) it will always find the main settings because of Active Directory. Of course, there will be some additional things to do, such as reapplying certificates.

However, even if we backup Exchange with classical backup tools, we will never be able to restore Exchange in a way that everything will be working fine.

Designing a new Exchange environment is the key to building a redundant infrastructure — if possible, a geo-redundancy and multiple database copies. If we configure our retention policies in the way that it fits with the company’s objectives, there is absolutely no need to ever backup Exchange.

Featured image: Shutterstock

Drago Petrovic @https://twitter.com/_DragoPetrovic

Drago is a Microsoft professional for Office365, MSExchange, PowerShell and Cloud services. He is the owner of the Tech Blog www.msb365.blog and he also works as senior System Engineer and Consultant in a leading Swiss IT company.

Published by

Recent Posts

Google faces probe for GDPR data protection violations

In what may be a landmark case, Google faces a hefty fine if it is found guilty of violating GDPR…

14 hours ago

IT security practices that have stood the test of time

Sometimes, old wisdom is the best wisdom. Protect your data with these IT security best practices that have proven effective…

18 hours ago

Xtreme Podcast: Has Big Data been overshadowed by dark data?

Today’s Xtreme Podcast: Shining a light on dark data, legacy security tools, and hacking stats that will leave you more…

20 hours ago

Cryptojacking: Don't let your system perform for someone else

In most cyberattacks, hackers want you to know you’ve been compromised. But in cryptojacking, hackers want you to live in…

2 days ago

System feeling down? Architect your enterprise apps for high availability

Businesses want to improve uptime, and optimizing every part of their technology stack for high availability is a significant step…

2 days ago

10 hacking stats every business leader and IT pro must know

Cybercrime is bad and getting worse. Yes, these 10 hacking stats will scare you, but knowing about them can help…

2 days ago