If you mistakenly delete a mail-enabled user account, you can recreate that user object and then, by default, reconnect that mailbox for a period of 30 days. This is because when you delete a user, Exchange retains a users mailbox for a specified period.

You configure Exchange to retain a user's mailbox in the way that you specify how many days Exchange retains mail that a user deletes. You configure a deleted-mailbox retention period at the mailbox store object level.

Configure a Deleted Mailbox Retention Period

To configure a deleted mailbox retention period:

1. In System Manager, navigate to the mailbox store group for which you want to configure a deleted-mailbox retention period.
2. Right-click that mailbox store, and then click Properties.
3. On the Limits tab, type the number of days you want Exchange to retain deleted mailboxes in Keep deleted mailboxes for __ days.

Reconnect a Deleted Mailbox to a New User Object

If you delete a user account, the user's mailbox is not actually deleted until the deleted-mailbox retention period expires. The following procedure outlines the steps for reconnecting a mailbox. In the following example, Kim Yoshida is a mailbox-enabled user that you previously deleted, and you are within the 30-day deleted mailbox retention period.

To reconnect a deleted mailbox to a new user object:

1. From Active Directory Users and Computers, create a new user object for Kim Yoshida.

   Important When creating the new user object, clear the Create an Exchange Mailbox check box. This is to create a new Microsoft Windows® 2000 account without creating a corresponding Exchange mailbox. You will connect this user account to a mailbox later is this procedure.

2. From Exchange System Manager, navigate to the mailbox store on which Kim Yoshida's mailbox is located.
3. In the details pane, locate the mailbox for Kim Yoshida.

   Note Verify that the mailbox icon appears with a red X. Mailboxes that display with a red X are mailboxes that have been deleted but will be retained in the mailbox store until the deleted mailbox retention period expires.

4. Right-click the mailbox named Kim Yoshida, and then click Reconnect.
5. In New User for this Mailbox, select the new user object you created for Kim Yoshida, and then click OK.

Recovering a Mailbox from Backup

Exchange requires that Exchange mailboxes be recovered using a method that is very similar to the one used on previous versions of Exchange. That method restores an entire server database from backup to an offline recovery server, and then reconnects a single mailbox to a user account.

Note If you have used EXMERGE to back up individual .pst files, or if you have used a third-party backup utility to extract the data from a single mailbox to a separate backup, you can use those methods to recover individual mailboxes.

The entire database must be restored because Microsoft Web-Storage System performs better when you consolidate all data into a small number of database files, rather than managing numerous files containing individual mailboxes or messages.

Considerations Before Restoring a Mailbox from Backup

The requirements and procedures you must follow to recover an Exchange 2000 mailbox are not identical to those you use to recover a mailbox from previous versions of Exchange (for example, Microsoft Exchange Server 5.5), but the requirements and procedures are similar in principle. These requirements involve creating a recovery server environment that is very similar in naming structure to the original server (including using the same names for information stores, databases, and so forth), restoring the Exchange database that contains the mailbox you want to restore to that server, and then extracting the mailbox or mailboxes from the recovery server.

You should familiarize yourself with some of the requirements and procedures for recovering a mailbox located on an Exchange 5.5 server before learning about the requirements and procedures for recovering an Exchange 2000 mailbox.

Understanding Exchange 5.5 Mailbox Recovery

When restoring a mailbox to an Exchange 5.5 recovery server, install Exchange on the recovery server by using the same logical organization and site names. The server names and service accounts do not have to match, unless you are restoring the directory service database. Exchange 5.5 servers on a site become aware of each other during the installation process, specifically, when you join a new server to a site.

Therefore, you can install a recovery server on the same network with live production Exchange servers, and the two systems will be unaware of each other, as long as you do not join the recovery server to the production site during installation.

Caution You should not uninstall a live Exchange 5.5 server and then use it as your recovery server while the server is still logically joined to the site—while the server name is still visible as a site member in the Exchange 5.5 Administrator program. If that happens, other servers on the site will try to communicate with the recovery server and may rejoin the recovery server to the live site. Always give recovery servers names that are different from those already on the site, or perform recovery on a network not connected to the live system.

When an Exchange 5.5 recovery server is created, the Exchange directory database on the recovery server has no information about the mailboxes that have been restored to the Exchange 5.5 server database. To populate the directory, and thus make the mailboxes client-accessible, create a mailbox account for each user, with the same directory name as in the live system, or use the Administrator program's DS/IS consistency adjuster function to create the accounts in bulk.

Then you can use various methods to recover mailbox data, including logging on to the mailbox with an ordinary client application, or using EXMERGE to extract mailbox data automatically to .pst files.

Understanding Exchange 2000 Mailbox Recovery

Recovering an Exchange 2000 mailbox is somewhat different from recovering an Exchange 5.5 mailbox. There is no dedicated Exchange directory database in Exchange 2000 because Exchange directory information is now stored in Active Directory. Therefore, install both Exchange 2000 and Active Directory on your recovery server.

To sufficiently isolate the recovery server from other Exchange servers in the production organization, you must install Active Directory as the root of a separate forest. It may also be necessary to configure the recovery server as a Domain Name System (DNS) server if the corporate DNS server's permissions model denies you the rights to create necessary service records in it.

The process for matching the names of your recovery server to those of your original Exchange server is different in Exchange 2000. While an Exchange 5.5 recovery server needs only to match up organization and site names with the original system, in Exchange 2000 you must match all the following:

• Organization name
• Administrative group name
• Storage group name
• Logical database name
• LegacyExchangeDN names on critical system objects

You should already be familiar with the terms "organization," "administrative group," "storage group," and "logical database." You should also be familiar with the LegacyExchangeDN attribute of the site that contains the mailbox you want to recover. The LegacyExchangeDN is an attribute carried by almost all Exchange 2000 objects, including mailbox-enabled users. It identifies Exchange objects in ways that match Exchange 5.5 naming. A typical LegacyExchangeDN value is of the form:

/O=organization/OU=site/CN=container/CN=object

If the mailbox you want to recover exists on an administrative group named First Administrative Group, and is not on an upgraded Exchange 5.5 server, the name of your LegacyExchangeDN is /O=Organization name/OU=First Administrative Group. But when the mailbox you want to recover is on an administrative group that was formerly part of an Exchange 5.5 site, you need to determine the name of the LegacyExchangeDN value. Also, when you rename an administrative group, the site portion of the LegacyExchangeDN value is not updated with the new administrative group name. If so, serious problems occur with mail delivery and replication with Exchange 5.5 servers in the organization.

Important If LegacyExchangeDN fails to update, you may have to change its values on your recovery server to match those on your production system. Perform this after installing Exchange 2000 on your recovery server, and before starting the Information Store databases.

• For more information on determining if you need to change the LegacyExchangeDN value, see step one in the "Procedures for Recovering an Exchange 2000 Mailbox from Backup" section later in this section.
• For information on the three methods you can use to change the LegacyExchangeDN, see the "Changing the LegacyExchangeDN Value on a Recovery Server" section later in this article.

It is not necessary to match Active Directory naming between the recovery server and the live system. While you must install a separate Active Directory forest, you can still run the recovery server on your live network.

Procedures for Recovering an Exchange 2000 Mailbox from Backup

The procedures in this section explain how to recover an Exchange 2000 mailbox from backup to an offline recovery server.

To recover an Exchange 2000 mailbox from backup:

Record all of the following logical names needed to recover the database:

• The Exchange 2000 organization name
• The administrative group name to which the database belongs
• The storage group name to which the database belongs
• The logical database name
• The LegacyExchangeDN value of the administrative group to which the database belongs

It is relatively easy to determine the names of the first four items in this list. It is more difficult to determine the fifth item, the LegacyExchangeDN. There are several ways to find the LegacyExchangeDN of the administrative group. The LegacyExchangeDN value has the following form:

/O=organization/OU=administrative group

If the OU= portion of the LegacyExchangeDN value is First Administrative Group, there is no need to change any LegacyExchangeDN values on the recovery server. If the OU= value is anything else, you must change the LegacyExchangeDN values. There are three methods for changing the LegacyExchangeDN values. But before you consider which method to use, you must first determine the LegacyExchangeDN value, and then determine if it is an obstacle to configuring your recovery server. There are two ways to determine the LegacyExchangeDN value:

If you are familiar with ADSIEDIT or LDP, you can view the properties of the administrative group object. This object is found in the Configuration container by expanding in the following order:

• CN=Services
• CN=Microsoft Exchange
• CN=organization
• CN=Microsoft
• CN=Administrative Groups
• CN=Administrative Group
• If you are unfamiliar with ADSIEDIT or LDP, or do not have access to these utilities, you can use the LDIFDE utility.

  To use LDIFDE, you must obtain the full DNS domain name of the root domain in your Active Directory forest, the Exchange organization name, and the administrative group name.

  Note The domain name you want is not necessarily the domain name to which the Exchange 2000 server belongs, but rather the root domain name of the entire forest.

  In the following example, the root domain in the forest is corp.mycompany.com, the Exchange organization name is Corp1, and the administrative group name is Headquarters. The full-distinguished pathname in Active Directory to the Headquarters object is:

  • CN=Headquarters
  • CN=Administrative Groups
  • CN=Corp1
  • CN=Microsoft Exchange
  • CN=Services
  • CN=Configuration
  • DC=corp
  • DC=mycompany
  • DC=com

An LDIFDE command line, such as the following, displays the administrative group object on screen. (The command line syntax must be entered as a single line, but here it is wrapped for readability.)

LDIFDE –f CON –d "CN=Headquarters,CN=Administrative Groups,
CN=Corp1,CN=Microsoft Exchange,CN=Services,CN=Configuration,
DC=corp,DC=mycompany,DC=com" –l legacyExchangeDN –p Base


This LDIFDE command gives you output similar to this:

dn: CN=Headquarters,CN=Administrative Groups,CN=Corp1,
CN=Microsoft Exchange,CN=Services,CN=Configuration,
dc=corp,dc=mycompany,dc=com
changetype: add
legacyExchangeDN: /O=Microsoft/OU=Headquarters


In this example, Headquarters is in LegacyExchangeDN, and thus objects on the recovery server must be modified, because after a pure Exchange 2000 installation, LegacyExchangeDN on the recovery server contains First Administrative Group, not Headquarters.

1. Install Microsoft Windows 2000 Server on the recovery server, and then run DCPROMO to install Active Directory on the recovery server. Ensure that you create a new forest for your recovery server topology.
2. Install and configure DNS if necessary. You can also establish a two-way trust with your production system and grant necessary access to write needed DNS information from your recovery server to your existing DNS.

   Note For more information on configuring DNS, see your Windows 2000 Server documentation.

3. Install Exchange 2000, using the same organization name as used in the production system.

   Change the name of the LegacyExchangeDN value, if applicable.

   • For information on determining if you need to change the LegacyExchangeDN value, see step one in this set of procedures.
   • For information on the three methods you can use to change LegacyExchangeDN, see "Changing the LegacyExchangeDN Value on a Recovery Server," later in this article.
4. Create a storage group with the same logical name as the production storage group from which the database backup was taken. If the database was taken from the default First Storage Group, you do not have to rename or create another storage group.
5. Create logical database names in the storage group to match the original names. Right-click the database to rename, and then click Rename. For example, if the database you are restoring is called "Mailbox Store 1A (Server 1)," you can rename the default mailbox store from "Mailbox Store" to "Mailbox Store 1A (Server 1)." This is easier than creating a new database.

   Note You do not have to match actual database filenames, unless you are restoring offline backups. Even differences in log file prefixes are handled when restoring an online backup.

6. Dismount the database to be restored. Then, in System Manager, in the properties of the database you are restoring, select the This database can be overwritten by a restore check box.
7. Use Windows 2000 to restore the database that contains the mailbox you want to recover from backup. Ensure that you select the Last Backup Set check box when restoring the last online backup set. If you fail to select this checkbox, you must run ESEUTIL /CC against the restored files before the database will start.
8. Start the database that you restored from backup.
9. In System Manager, navigate to the database you restored from backup, right-click Mailboxes, and then click Run Cleanup Agent. After Run Cleanup Agent runs, a red X appears on mailboxes that are not currently linked to an Active Directory account.

   Create a non-mailbox-enabled Active Directory user account for each mailbox that you want to recover from backup by using one of the following methods:

   • Method One Manually create user objects using Active Directory Users and Computers. When creating the new user accounts, clear the Create an Exchange mailbox check box on the third screen of the New Object - User wizard. You will connect this user account to the mailbox you restored from backup later in this set of procedures.
   • Method Two Use MBCONN to create Active Directory user accounts. MBCONN and other Exchange 2000 utilities are available on the Exchange 2000 CD-ROM, or from the http://www.microsoft.com/exchange/ Web site. MBCONN is helpful if you have more than one user account to reconnect to mailboxes. For more information on MBCONN, see the Disaster Recovery white papers available at http://www.microsoft.com/Exchange/. You can also refer to the MBCONN online documentation.

   Link mailboxes to Active Directory users by using one of the following methods:

   • Method One Manually link an individual mailbox to an Active Directory user, following the procedures shown in "Reconnect a Deleted Mailbox to a New User Object," earlier in this article.
   • Method Two Use MBCONN to link Active Directory user accounts to mailboxes. This is especially helpful if you have multiple user accounts to reconnect to Exchange 2000 mailboxes. For more information on MBCONN, see the Disaster Recovery white papers at http://www.microsoft.com/exchange/

   Extract the contents of the mailbox to the original server by using one of the following methods:

   • Method One Manually log on to the recovery server as the Active Directory user, copy the contents of the .pst file for that mailbox, and then transfer that .pst file to the mailbox on the original server.
   • Method Two Use EXMERGE to transfer the contents of the mailbox from the recovery server to the original server. EXMERGE converts the mailbox contents into a .pst file format, transfers it to the original server, and then converts it to Exchange 2000 mailbox format.

   Important You must have Receive as rights for the database that you are attempting to transfer mailboxes. You must have this before you can use EXMERGE to move the contents of the mailboxes. You can grant yourself those rights from the database object in System Manager.

Changing the LegacyExchangeDN Value on a Recovery Server

As explained in "Understanding Exchange 2000 Mailbox Recovery," earlier in this article, it may be necessary to change the name of the LegacyExchangeDN value on your recovery server. You must change the LegacyExchangeDN value if the mailbox you want to recover was located on a server that was upgraded from Exchange 5.5, or if the administrative group was originally named anything but First Administrative Group (which occurs when you create a second administrative group).

You can use one of the following three methods to change LegacyExchangeDN after installing Exchange 2000 on the recovery server, and before restoring the Exchange databases.

Manually Change LegacyExchangeDN Values

Before you manually change the LegacyExchangeDN values, you must first determine the name of the LegacyExchangeDN attribute for the administrative group in which you want to recover a mailbox. To determine the name of the LegacyExchangeDN value, see step 1 in "Procedures for Recovering an Exchange 2000 Mailbox from Backup," earlier in this article.

To manually change the LegacyExchangeDN values:

1. To change the name of the First Administrative Group on your recovery server (to match your production administrative group), open System Manager, right-click First Administrative Group, click Rename, and then type the name of the administrative group.
2. Do an LDIFDE export, with a command line similar to the following:

   ldifde -f e:\legacy.ldf -d "CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=microsoft,
DC=com" -l
legacyexchangedn -p subtree -r "(legacyexchangedn=*First*)"


   This should give you an export file with several entries similar to the following:

   dn: CN=SMTP (CHANI-{F95BFE21-D28D-4060-BC92-
41F10C940A46}),CN=Connections,CN=Microsoft,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC==microsoft,
DC=com
changetype: add
legacyExchangeDN:
/o=Microsoft/ou=First Administrative
Group/cn=Configuration/cn=Connections/cn
=SMTP (CHANI)/cn={F95BFE21-D28D-4060-BC92-41F10C940A46}


3. Change each entry to something similar to the following:

   dn: CN=SMTP (CHANI-{ F95BFE21-D28D-4060-BC92-
41F10C940A46}),CN=Connections,CN=Microsoft,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=DUNE,
DC=extest,DC=microsoft,DC=com
changetype: modify
replace: legacyExchangeDN
legacyExchangeDN:
/o=Microsoft/ou=NEW ADMINISTRATIVE GROUP
NAME/cn=Configuration/cn=Connections/cn=
SMTP (CHANI)/cn={ F95BFE21-D28D-4060-BC92-41F10C940A46}
-


   There is a dash at the end of each modified entry, and you must be sure to leave a blank line after the dash before starting the next entry—and to leave a blank line at the very bottom of the file after the final dash.

   The easiest way to change the file is with a text editor that can perform a search and replace operation across line breaks, thus replacing:

   Changetype: add


   with

   Changetype: modify
Replace: legacyExchangeDN


   And then replace the First Administrative Group name with the new administrative group name.

   Note Even if you must modify each record manually, there are typically less than a dozen records that require modification.

   After the import file is generated, import it back into Active Directory with this command:

   ldifde -i -f legacy.ldf


4. Run the original LDIFDE command again to make sure you didn't miss any entries and that the import was successful—this time it should find 0 matches.
5. Follow the rest of the recovery instructions in "Procedures for Recovering an Exchange 2000 Mailbox from Backup," earlier in this article.

Upgrade from Exchange 5.5 Server

Before you upgrade from Exchange 5.5 Server to ensure proper LegacyExchangeDN values, you must first determine the name of the LegacyExchangeDN attribute for the administrative group in which you want to recover a mailbox. To determine the name of the LegacyExchangeDN value, see step 1 in "Procedures for Recovering an Exchange 2000 Mailbox from Backup," earlier in this article.

To ensure proper LegacyExchangeDN naming by upgrading from Exchange 5.5:

1. Install an Exchange 5.5 server on your recovery domain controller, using the same organization name used in your Exchange 2000 system, and the same site name used for the administrative group to which the database belongs. Make the Domain Admins account the service account.
2. Change the Lightweight Directory Access Protocol (LDAP) port to 390 in the Exchange 5.5 Administrator program. This will prevent the LDAP service in Exchange 5.5 from conflicting with Active Directory.
3. Install Active Directory Connector (ADC).
4. Create a one-way connection agreement from Exchange to Windows. When configuring the connection agreement, set the Exchange LDAP port to 390. When specifying the containers, specify to export from the Exchange 5.5 Recipients container and to the Active Directory Users container. This connection agreement must exist before the upgrade can succeed.
5. Upgrade Exchange 5.5 to Exchange 2000.
6. When the upgrade is complete, you can follow the recovery instructions from "Procedures for Recovering an Exchange 2000 Mailbox from Backup," earlier in this article.

Use Two-Server Recovery

Before you use two servers for ensure proper LegacyExchangeDN values, you must first determine the name of the LegacyExchangeDN attribute for the administrative group in which you want to recover a mailbox. To determine the name of the LegacyExchangeDN value, see step 1 in "Procedures for Recovering an Exchange 2000 Mailbox from Backup," earlier in this article.

To ensure proper LegacyExchangeDN naming by using the two-server recovery method:

1. On the first recovery server, install Windows 2000 Server, and then run the Active Directory Installation Wizard. Ensure that you create a new forest for your recovery server topology.
2. On the first recovery server, install Exchange 2000 Server. Use logical naming that matches your Exchange organization.
3. On the first recovery server, create a second administrative group with the same logical name as the administrative group you are restoring.
4. On the second recovery server, install Windows 2000 Server, and do not run the Active Directory Installation Wizard.
5. On the second recovery server, install Exchange 2000 Server. You must install this Exchange 2000 Server in the second administrative group.
6. Follow the recovery instructions in "Procedures for Recovering an Exchange 2000 Mailbox from Backup," earlier in this article.

This article explains how to recover deleted mailboxes within a deleted-mailbox retention period. It also addresses how to recover a mailbox from backup.

In addition, it discusses how to avoid deleting mailboxes. For example, by backing up the contents of individual mailboxes with EXMERGE or by ensuring that your mission-critical mailboxes are distributed on separate databases, you can easily recover a specific database from backup.

This is a preliminary document and may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document is subject to change without notice. The entire risk of the use or the results of the use of this document remains with the user. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unpublished work. © 2000 Microsoft Corporation. All rights reserved.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.