Managing Compliance in Microsoft Exchange Server 2010

  • 11/24/2010

Personal archives

A personal archive is an extension of a user’s primary mailbox that provides an online archive facility. It is also referred to as an archive mailbox. The name might cause some confusion with the personal archives that users create with PST files for Outlook. The big difference is that the Exchange archive is integrated into the Information Store, and the data held in the archive are therefore accessible using all the features available to mailboxes, including discovery searches. By comparison, PST archives are confined to a PC, and the data that they contain are inaccessible to server-based processing. Indeed, Outlook’s AutoArchive feature can be argued to conflict with the archiving functionality now available in Exchange because it focuses on moving items from server-based folders into PSTs, whereas a central point of Exchange-based archiving is the elimination, whenever possible, of PSTs. For that reason, you might want to consider using group policy settings to disable the use of AutoArchive.

Exchange 2010 originally restricted the location of the personal archive to the same database that hosts the primary mailbox. From Exchange 2010 SP1 onward you can elect to have the archive in a separate database that can be on a completely different server, provided that the database is located on a server in the same Active Directory site as the primary mailbox. The archive can be in a database managed by a different Database Availability Group (DAG) if the Active Directory site supports multiple DAGs.

Finally, if you use the Microsoft Exchange Online service (part of the Office 365 suite), the personal archive can be stored “in the cloud,” an option that might prove increasingly attractive as companies gain more experience and confidence with cloud-based services (this feature will be made available after Microsoft upgrades its Exchange Online service to use Exchange 2010, expected in early 2011). It is attractive to be able to hive off personal archives to a cloud-based service because this allows you to remain focused on the care and maintenance of production mailboxes while the hosting provider takes care of the archives. Whatever option is chosen, a mailbox can have just one personal archive, and each personal archive requires that the mailbox has an enterprise CAL.

Microsoft views personal archives as the natural replacement for PSTs, which were never designed to function as user archives. The growth of messages and the reluctance of administrators to increase mailbox quotas—coupled with the inability of Exchange and its clients to deal elegantly with very large mailboxes (5 GB and upward)—meant that most organizations were forced to use PSTs to offload data from the online store. Users do like to behave like human pack rats and keep messages, even if they never look at them again (some estimate that a message filed into a PST has a 99 percent chance of never being looked at again after six months). Other problems with PST management typically cited in corporate messaging deployments include the following.

  • Reduced security PSTs are personal stores, but users keep just about anything in them, including sensitive and usually unencrypted corporate information ranging from budgets to presentations about new products to performance reviews. If someone loses a laptop—or even a USB device that has a PST on it—that information is immediately exposed and potentially available to anyone who finds the device and accesses it. Even if protected by a password, the PST file structure is insecure and can be quickly cracked using utilities commonly available on the Internet. Once the password is bypassed, a PST can be opened using any Microsoft Outlook client.

  • Inability to respond to discovery actions Information held on a PST is usually invisible to searches that a company performs to respond to discovery requests. This is fine if the information is personal or irrelevant to the discovery request, but it could be very expensive if required information is not disclosed to a court and is subsequently discovered.

  • Inability to apply policy Many companies have a data retention policy that requires users to delete documents and messages after a certain period. The period may vary depending on the type of information contained in different items. In any case, the company loses any ability to apply policy centrally once a user moves an item from his mailbox into a PST.

  • Exposure to data loss Laptop disks are notoriously prone to failure. If users don’t back up their data, any disk crash exposes them to potential data loss, and that information might be important.

The alternative solution to increasing disk quota for mailboxes in previous versions of Exchange was to buy and deploy a dedicated third-party archiving solution such as Symantec Enterprise Vault. Using PSTs is obviously far cheaper for a company. It’s also easier for users because they control how many PSTs they create and how they use them. Some create a separate PST for each year; some create a PST for each major project. However, the big downside is that PSTs then expose the company to the risks previously described. Even so, it will take time to pry user fingers from their beloved PSTs.

Exchange personal archives are not perfect, and a number of limitations exist that could hinder deployment, including the following.

  • Exchange 2010 does not support delegate access to a personal archive. Users can delegate access to their primary mailbox, but the same delegation does not carry through to the archive. This is an issue for assistants who support executives. You can impose retention policies to force items to move into the archive, but the mailbox owner is the only person who can manage the items afterward (and few executives will have the time or interest for this work). Exchange 2010 SP1 supports delegate access to the personal archive; when you enable delegate access to a mailbox, delegates are automatically granted access to the mailbox’s personal archive.

  • You cannot transfer an archive to another mailbox. If a user leaves and you delete her mailbox, the archive disappears, too. You can save data by exporting items from the archive (and the primary mailbox) to a PST and then importing them back into the personal archive of another user, but it would be more elegant to be able to transfer the archive intact.

  • You cannot copy or move sections of the archive to transfer it to another user. For example, a user who wants to transfer responsibility for a project to another user has to extract and provide the folders and other items relating to the project from his archive and provide them to the other user. Again, the workaround is to export selected folders from the personal archive to a PST and provide the PST to the other user (or import the PST into her archive).

  • You cannot assign permissions on a folder level within the archive to allow users to give access to parts of their archive to other users. In fact, there is no permissions model for the archive yet.

These are examples of areas where Microsoft will doubtless consider enhancements in the future. It’s likely that they will wait to see how archives are used in practical terms within customer deployments before they plan how archives will evolve in future releases of Exchange.

Enabling a personal archive

Before you can create and use personal archives with Exchange 2010, you have to deploy clients that support the feature. When first introduced, Microsoft Outlook 2010 (Figure 15-1) and Outlook Web App were the only clients that supported personal archives. The need to deploy a new version of Outlook proved to be a significant deployment blocker for many companies, so Microsoft announced their intention to provide an upgrade for Outlook 2007 with the code necessary to detect that a mailbox had an associated personal archive and then display it in the list of available mailbox resources. At the time of writing, Microsoft has not yet released the upgraded code for Outlook 2007, but it is expected to work in much the same way as Outlook 2010 interacts with personal archives.

The easiest way to assign a personal archive to a mailbox is when you create the mailbox (Figure 15-2). The SP1 version of Exchange Management Console (EMC) allows you to select a different database to host the personal archive, providing that the database is not mounted on an Exchange 2010 RTM server. Interestingly, if you place the personal mailbox in a different database, Exchange automatically transfers the dumpster to the personal archive to minimize the size of the primary mailbox.

Figure 15-1

Figure 15-1 Archive mailbox in Outlook Web App.

Figure 15-2

Figure 15-2 Creating a personal archive with a new mailbox.

To enable an archive when you create a mailbox with EMS, you simply add the –Archive parameter to the New-Mailbox cmdlet. See Chapter 6, “Managing Mail-Enabled Recipients”, for a full discussion about how to create new mailboxes.

You can also enable a personal archive for existing mailboxes by selecting a mailbox in EMC and then selecting the Enable Archive option in the action pane. EMC warns you that enabling this feature requires an enterprise CAL, and if you click OK, the mailbox is enabled. You can also enable a personal archive for an existing mailbox with Exchange Management Shell (EMS). For example:

Enable-Mailbox -Identity 'Tony Redmond' -Archive

Scanning mailboxes that are in managed folders

As part of your preparation for the deployment of personal archives, you can scan for mailboxes that are assigned a managed folders policy. On the surface, you’d expect that using some code to look for any mailbox that doesn’t have a null value in its managed folders mailbox policy property would do the trick. For example:

Get-Mailbox -Filter {ManagedFolderMailboxPolicy -ne $Null} | Select Name,
ManagedFolderMailboxPolicy

This code returns a list of mailboxes, but it’s flawed because it includes any mailbox that was assigned a managed folders mailbox policy in the past, even if the managed folders policy was subsequently removed from the mailbox and replaced by an archive mailbox. Better code that produces the right results by filtering out archive-enabled mailboxes is:

Get-Mailbox -Filter {ManagedFolderMailboxPolicy -ne $Null -and ArchiveName -eq $Null}
| Select Name, ManagedFolderMailboxPolicy

You can remove the MRM 1.0 policy from a mailbox with a command like this:

Set-Mailbox -Identity 'Andersen, Thomas' -ManagedFolderMailboxPolicy $Null

Filtering for archived mailboxes

EMC includes a canned filter to allow you to see the mailboxes that already have archive mailboxes (Figure 15-4). The filter is changed slightly in SP1 from the one used in the original release of Exchange 2010 (Has Archive = Yes) because SP1 can host personal archives on an on-premise or hosted service.

You can also use the Get-Recipient or Get-Mailbox cmdlets to search for mailboxes that have an archive. For example:

Get-Mailbox -Filter {ArchiveName -ne $Null} | Select Name, ArchiveName
Figure 15-4

Figure 15-4 Displaying the list of personal archives in EMC and EMS.

Enabling the archive and its properties

Behind the scenes, EMC calls the Enable-Mailbox cmdlet to enable an archive. These commands first enable the personal archive for a mailbox and then retrieve the properties that Exchange maintains for an archive.

Enable-Mailbox -Identity 'Andy.Ruth@contoso.com' -Archive
Get-Mailbox -Identity 'Andy.Ruth@contoso.com' | Select Name, Arch*

Name                : Ruth, Andy
ArchiveGuid         : f7552939-8185-4634-824e-d4cd6241d674
ArchiveName         : {Online Archive -Ruth, Andy)}
ArchiveQuota        : unlimited
ArchiveWarningQuota : unlimited
ArchiveDomain       :
ArchiveDatabase     :
ArchiveStatus       : none

The first four properties listed here are always present for a mailbox after its archive is enabled. The globally unique identifier (GUID) identifies the archive mailbox within the database where it is stored. The default name for the archive is derived from the prefix “Online Archive” plus the mailbox’s display name and can be changed afterward to whatever name you prefer. The archive quotas are inherited from the default values set for the database and reflect the values that Exchange uses to limit the amount of information in the archive and the point when it starts to issue warning messages.

You can alter these values with the Set-Mailbox cmdlet. For example:

Set-Mailbox -Identity 'Andy.Ruth@contoso.com' -ArchiveName "Andy's Splendid Online
Archive" -ArchiveQuota 2GB -ArchiveWarningQuota 1.9GB

The last three of the archive properties listed for the mailbox are introduced in Exchange 2010 SP1.

  • ArchiveDomain is only used if the personal archive is stored on an Exchange Online server (Office 365). If used, the property holds the Simple Mail Transfer Protocol (SMTP) name of the hosted domain.

  • ArchiveStatus contains a status value to indicate whether the personal archive has been created on an Exchange Online server.

  • ArchiveDatabase is blank if the personal archive is stored in the same mailbox database as the primary mailbox; otherwise the property contains the name of the mailbox database that holds the archive.

Checking space usage

The amount of space used in an archive mailbox can be checked with the Get-MailboxStatistics cmdlet, which supports the –Archive parameter to tell it to report details of the archive mailbox rather than the primary mailbox. For example:

Get-MailboxStatistics -Identity 'John Smith' -Archive | Select DisplayName,
ItemCount, TotalItemSize, LastLogonTime

DisplayName                      ItemCount  TotalItemSize                 LastLogonTime
--------------                   --------   -------------                 -------------
Online Archive - Smith, John...  128        31.51 MB (33,037,293 bytes)   4/14/2010 3:30:26 AM

Updating the name of an archive mailbox

You can also update the name of the archive mailbox through EMC. To do this, select the mailbox, click Properties, select Mailbox Features, and then select Archive from the list of mailbox features. However, although you can update the name (Figure 15-5), you can’t update archive quotas through EMC, nor can you view details of the items stored or quota used in the archive mailbox.

Figure 15-5

Figure 15-5 Updating the name of a personal archive through EMC.

Default archive policy

When you enable a personal archive for a mailbox, Exchange assigns a retention policy called Default Archive and Retention Policy to the mailbox to help the mailbox’s owner use the archive by automatically moving items from the primary mailbox into the archive as their retention period expires. The retention period applied by the default tag in the policy is two years, so the effect of applying the policy is that any item that is not stamped with another tag will be moved into the archive after it is two years old. The retention policy assigned to the mailbox becomes effective the next time the Managed Folder Assistant processes the mailbox. The default policy is not assigned if the mailbox is already under the control of another retention policy. We discuss how to manipulate retention policies and tags in the “Messaging Records Management” section later in this chapter.

Originally, the RTM version of Exchange 2010 applied a different retention policy called Default Archive Policy that only contained archive tags. You’ll find both policies are available, but Exchange 2010 SP1 now only uses the Default Archive and Retention Policy. As the name implies, the big difference between the two retention policies is that the Default Archive and Retention Policy contains both retention tags (those that affect how long an item is kept by Exchange) and archive tags (those that affect when an item is archived). Table 15-1 describes the retention and archive tags that are included in the default archive policy. You can add or delete retention and archive tags to the default archive and retention policy if required. You do not need to delete the older default archive policy. However, after upgrading an organization to Exchange 2010 SP1, you can check for mailboxes that have the older policy assigned to them and replace these assignments with the new default archive and retention policy.

Table 15-1. Tags included in default archive policy

Tag name

Type

Purpose

Default 2 year move to archive

Default

Automatically move items to the personal archive when they are two years old. This tag is applied to any item in the mailbox that does not have an explicit tag applied by the user or is inherited when an item moves into a folder that has a default policy.

Personal 1 year move to archive

Personal

Tag that the user can apply to items to instruct the Managed Folder Assistant to move the items into the personal archive after they are one year (365 days) old.

Personal 5 year move to archive

Personal

Tag that the user can apply to items to instruct the Managed Folder Assistant to move items into the personal archive after they are five years (1,825 days) old.

Personal never move to archive

Personal

Tag that the user can apply to items to block the Managed Folder Assistant from ever moving the items into the personal archive.

Recoverable Items 14 days move to archive

Recoverable Items folder

Move items placed in the Recoverable Items folder to the personal archive after 14 days.

1 Month Delete

Personal

Move items into the Recoverable Items folder after one month.

1 Week Delete

Personal

Move items into the Recoverable Items folder after one week.

6 Month Delete

Personal

Move items into the Recoverable Items folder after six months.

1 Year Delete

Personal

Move items into the Recoverable Items folder after one year.

5 Year Delete

Personal

Move items into the Recoverable Items folder after five years.

Never Delete

Personal

Disabled tag that prevents the Managed Folder Assistant from processing the item; the effect is to stop the item from ever being deleted.

The major impact of the application of the Default Archive and Retention Policy is that the Managed Folder Assistant will begin to move items into the personal archive after they are two years old. This leads to the “disappearing items” syndrome where users log problem reports that their mailbox is missing items. In the vast majority of cases, the missing items are found safe and sound in folders in the archive mailbox. It just takes time for users to realize that Exchange will move items automatically after they reach a certain age, so this underlines the importance of communication with the user community as you implement archive mailboxes.

Disabling a personal archive

You can disable an archive with the Disable-Mailbox cmdlet. For example:

Disable-Mailbox -Identity 'Smith, John' -Archive

EMS prompts for a confirmation before it proceeds unless you add the –Confirm:$False parameter. This is not a good idea unless you are absolutely sure that you want to disable the archive. When it disables an archive mailbox, the Store disconnects it from the primary mailbox and keeps it in the database until the deleted mailbox retention period expires.

Using a personal archive

Assuming that a personal archive is in place and a suitable client is at hand, working with items in a personal archive is just like working with items in the primary mailbox. You can create new items, reply to messages, move items around, and so on. After the archive mailbox is created, it is up to the user to populate it, most likely by using drag and drop to move folders or items from his primary mailbox. Administrators can import the complete contents of PSTs into a mailbox, but there are some limitations with this approach, as we discussed previously.

Exchange doesn’t support offline access for data held in personal archives. In other words, when Outlook is configured to use cached Exchange mode, it has access only to the offline copies of the folders from the primary mailbox that are stored in the OST and uses background synchronization to keep those folders updated. This arrangement allows Outlook to continue to work through transient network interruptions. Outlook has to be able to connect to the server before it can work with a personal archive.