recover deleted mail items in the exchange online environment | single item recovery | 2#7
DESCRIPTION
Recover deleted mail items in the Exchange Online environment | Single item recovery | 2#7 http://o365info.com/recover-deleted-mail-items-in-the-exchange-online-environment-single-item-recovery-part-2-7 In the current article, we will review the subject of Exchange single item recovery mechanism and his physical implementation – the Recoverable Items folder. The purpose of these “Exchange components” is to provide an easy and effective way to solve the necessary requirement of – recovering mail in Exchange base environment. Eyal Doron | o365info.comTRANSCRIPT
Page 1 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
Recover deleted mail items in the
Exchange Online environment | Single
item recovery | 2#7
In the current article, we will review the subject of Exchange single item recovery
mechanism and his physical implementation – the Recoverable Items folder.
The purpose of these “Exchange components” is to provide an easy and effective
way to solve the necessary requirement of – recovering mail in Exchange base
environment.
The concept of single item recovery and Recoverable Items folder can consider
as confusing and unclear. The main purpose of the current article is to explain and
to clarify the structure and the concepts of this interesting Exchange architecture.
Page 2 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
The concept of single item recovery and Recoverable
Items Folder
The Exchange mechanism named: single item recovery is a protection mechanism
that enables Exchange users and Exchange administrator to deal quickly and
efficiently, with the scenario of “recovering a mail item”.
The Deleted mail item folder
The most basic mechanism that enables the user to “regret” an operation of mail
deletion is the famous mailbox folder called– Deleted items folder.
The Deleted items folder is the implementation of the “Recycle bin” concept.
The “Recycle bin” concept is a familiar concept that is used by the operating system
and so on.
After the user has deleted a specific mail item, he has the option to access the
Exchange inbox “Recycle bin” (the Deleted items folder) and easily restores the
mail item.
This is the “first line of defense”.
Mail that is “sent” to the Recycle bin” (the Deleted items folder) will stay there
forever until the user decides to “empty” the Recycle bin” (the Deleted items
folder).
Page 3 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
But what about a scenario, in which the user decides to “empty” the Recycle bin”
(the Deleted items folder) and then regrets meaning, the user would like to
recover his mail items?
Theoretically, in this scenario the only way for recovering mail items after they have
been deleted from the Recycle bin” (the Deleted items folder) could be using a
recovery from a backup tape or other kind of a backup infrastructure.
Lest supposes that we have a backup infrastructure and that we technically have
the option to use the “backup tape” to recover the specific mail items.
Most of the time, the restore process considers as complex and requires the
allocation of resources.
This is the “point” in which the Exchange single item recovery solution appears to
save the day!
Page 4 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
If we want to simplify the explanation of what is the Exchange single item
recovery mechanism, we can relate to the single item recovery as a “secondary
Recycle bin”.
When we implement the option of – Exchange single item recovery, each mail
item that is deleted from the Deleted items folder (the “formal” Recycle bin) the
mail is not permanently deleted but instead, “relocated” to the “secondary Recycle
bin”.
Page 5 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
Using the single item recovery as a “secondary Recycle bin”, enables the user and
the Exchange administrator to recover mail items, even if there were deleted from
the Deleted items folder (the “formal” Recycle bin).
To be able to use this “secondary Recycle bin”, all the user needs to do is – just use
the option of “recovery mail item” that included as a built-in option in the Outlook
or the OWA mail client.
In the following screenshot, we can see an example to the recovery mail option
(Recover Deleted Items) that is available for when using Outlook mail client.
Page 6 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
The recovery option enables the user to see the content of the “secondary Recycle
bin” (the single item recovery partition).
The option of single item recovery prevents the need of implementing the
complicated process of recovering mail by using backup infrastructure such as
backup tape, etc.
The physical implementation of the single item recovery
architecture
The concept of single item recovery architecture is implemented by an additional
parathion that consists a set of sub-directories named: Recoverable Items folder
Page 7 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
The effective management of the Exchange single item recovery
The description of the single item recovery as a “secondary Recycle bin” sound
almost too good to believe because apparently, this is the perfect solution for all
the “restore mail scenarios”.
This is almost true because the only main disadvantage is the overload that will be
created on the “Exchange server side”.
This “overload” that is realized as a huge amount of storage that will be needed to
allocate so the Exchange server can need to save each of the mail items that were
ever deleted.
Page 8 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
Q: So… what is the best practice for using the option of single item recovery?
A: An option that will enable the Exchange administrator to restrict or set a
limitation of the maximum number of days in which deleted mail will be saved in
the single item recovery.
Q: How can I “tell” to Exchange to save, the delete mail items for a specific time
period and at the end of this time range, delete mail items from the Recoverable
Items folder?
A: By using Exchange server policy named – Deleted Item retention
Our need (the Exchange administrator need) is to be able to “enforce” some
restriction or “time limitation” on the Recoverable Items folder, so a deleted mail
item will not stay forever in this partition and consume additional storage on the
Exchange server.
The solution for this requirement is implemented by using an Exchange policy
named –Deleted Item retention
The Deleted Item retention defines a “time limitation” in which the deleted mail
items will be saved in a Recoverable Items folder. At the end of this time period,
the specific mail will permanently delete.
In Exchange on-Premises environment, the Exchange administrator can decide if he
wants to enable the option of single item recovery and, in addition, set the
number of days for the Deleted Item retention.
Page 9 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
In Exchange Online environment, the option of – single item recovery is
configured by default, and the default value of the Deleted Item retention is 14
days.
In other words, in an Exchange Online environment a mail that was deleted from
the
Deleted items folder (the Exchange mailbox “Recycle bin”) can be recovered over a
time period of 14 days.
Additional information about single item recovery and
Recoverable Items folder
The term “single item recovery”
The term “single item recovery” is an Exchange term that describes the ability to
recover a specific mail item (single mail item).
Technically speaking, we can use the mechanism of the “single item recovery” for
recovering a “bunch” or a group of mail items at the same time.
The reason for using the term “single item recovery” is used for emphasizing the
fact that this mechanism, operate a “single mail item level” and, not as a
mechanism that will enable us to restore a “complete mailbox” or restore user
mailbox to a specific point in time.
Page 10 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
The term – “Recoverable Items folder”
The architecture of: “single mail item recovery” is implemented by using a “set of
mailbox hidden folder” that serves as a “container” for deleted mail items.
The formal term that describes this set of folders is – “Recoverable Items folder”
(the former term that was used in the past is Dumpster).
The term – Recoverable Items folder could mislead because apparently the term
relates to a specific folder when, in reality, it is the set of folders.
Recoverable Items Folder architecture
The architecture and the structure of the Recoverable Items folder, is a little
confusing.
We can relate to the Recoverable Items folder as a “hidden partition”, which
serves as an additional part of the user mailbox.
The Recoverable Items folder serves as a store or container for deleted mail items
and can be “accessed” by the user (the owner of the mailbox) but it’s important to
emphasize that although a specific user considers as the owner of his mailbox, the
user (mailbox owner) can access or view only one specific folder from the set of the
folders which consisted the Recoverable Items folder partition.
The Recoverable Items folder is just an additional part of the user
Mailbox. Recoverable Items folder, is hidden by design (the Recoverable Items
folder doesn’t “appear” in the standard Outlook folder view).
The Recoverable Items folder partition includes the following set of folders:
Deletion Folder
Purges Folder
Versions Folder
Calendar Logging
Audits
DiscoveryHolds
Page 11 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
In the following diagram, we can see the structure of the Recoverable Items
folder partition.
By default, the Recoverable Items folder partition includes only the following set
of folders:
1. Deletion Folder
2. Purges Folder
3. Versions Folder
4. Calendar Logging
The Audits folder will be created only in case that we (as Exchange
administrator) activate the audit option for a specific mailbox.
The DiscoveryHolds folder will be created only in case that (as Exchange
administrator) activate the option of In-Place Hold
Page 12 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
Note – in the current article, we will not relate to the following folders:
Calendar Logging (help troubleshoot and repair calendar reliability issues) and the
Audit folder.
To “complete” structure of a standard user mailbox
In the following diagram, we can see the structure of a “standard user mailbox”.
The mailbox includes two different “partitions”:
1. The standard mailbox folder that is exposed to the users such as: inbox
folder, Deleted items folder, sent items folder and so on.
2. The second “partitions” of the user mailbox is the Recoverable Items folder
partition.
Page 13 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
Accessibility to the Recoverable Items folder
Q. The recoverable Items folder can be accessed by the user or only by
Exchange administer?
The answer is that a user can access a very specific folder that is a member in
the Recoverable Items folder set.
The Exchange administrator can access (view) all of different folders that described
as –Recoverable Items folder.
The Recoverable Items folder is hidden from the standard user view.
The only exception to this rule, is a specific folder that includes in the Recoverable
Items folder “set” named – Deletion folder.
The Deletion folder doesn’t appear in the “standard mailbox folder hierarchy”. The
user who considers as the “mailbox owner”, can access the content of this folder by
using the recovery option in Outlook or OWA mail client.
Page 14 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
In the following screenshot, we can see how to Outlook user can see\view the
content of the Deletion folder (a specific folder from the Recoverable Items
folder set).
In the following diagram, we can see the permission structure that is implemented
relating to the Recoverable Items folder set.
The user (the mailbox owner), can see or access the “top partition” that includes the
standard mailbox folders such as inbox, sent items and so on.
Page 15 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
The Exchange administrator has access to the “hidden user mailbox partition” aka –
Recoverable Items folder.
Note – if we want to be even more specific, by default the Exchange administrator
doesn’t have access permission to the “standard user mailbox” (inbox folder,
calendar, sent items etc.).
Q: Why does the Deletion folder does not appear is a part of the standard user
mailbox root folders?
A: Because this is a “special folder” that was created for a special scenario, in which
mail items were deleted and in addition, was also deleted from the Deleted items
folder (the Exchange mailbox “Recycle bin”).
The logic of the Deletion folder is that it’s better than this folder will be hidden and
will be accessed by the user only in the special event in which a specific mail item\s
need to be recovered.
Page 16 of 16 | Recover deleted mail items in the Exchange Online environment | Single
item recovery | 2#7
Written by Eyal Doron | o365info.com | Copyright © 2012-2015
Q: Why does the user have access only to the Deletion folder and not to all the
rest of the folders that are included in the Recoverable Items folder set?
A: We can relate to the Recoverable Items folder partition as an “administrative
partition”.
The true answer is – that are a couple of purposes for the Recoverable Items
folder.
Some of these “purposes” are not related to the task of handling and managing the
subject of deleted mail items. For example – in the case that we activate the
mailbox audit option, the audit log files, will be saved in a dedicated folder in
the Recoverable Items folder.
In the current article series, we will not relate to the other capabilities of “purposes”
of the Recoverable Items folder beside the specific subject of recovering deleted
mail in Exchange based environment.
The Recoverable Items folder partition, serves as a container for a deleted mail
item for a specific period or, for an unlimited period. The Exchange administrator,
has the “privilege” to access and restore deleted mail items that stored in this
special partition.
In some scenario such as a scenario in which the user performs illegal activity or
criminal activity and tries to “cover his track” by deleting Incriminating information
(mail items), we need to be able to preserve this data and in addition, prevent from
the mailbox owner the ability of deleting this data (mail items).
Additional reading
Recoverable Items folder
Holy COW! Changes to Recoverable Items versioning in Exchange 2010 SP2
RU3