Wednesday, 25 March 2015

Disabling and enabling user mailboxes and the dangers involved

The term "disabling a mailbox" in Exchange is rather misleading in my opinion - logically speaking I would assume that this kind of action would disable (heh?) the mailbox so that a user is unable to access there mailbox anymore. And to be fair this assumption is correct - although there are some serious gotchas that are important to be aware off.

Using the Disable-Mailbox command you delete the exchange attributies (e.g. assosiated display name, email address(s) and so on.)

Using the Delete-Mailbox command you delete the exchange attribuites AND the Active Directory user account assosiated with the mailbox!

But the main gotcha here is that when a mailbox is disabled or deleted - the mailbox is classed as a "Disconnected Mailbox" - and retained in the exchange mailbox database for 30 days (by default) and is then purged / permentatly deleted - even if the Delete-Mailbox option is used. So be careful if you need to temporary disable a mailbox and make sure you do NOT use the Disable-Mailbox cmdlet and rather:

You can view a list of disconnected inboxes by issuing the following with Exchange Shell:

Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -eq "Disabled" } | ft DisplayName,Database,DisconnectDate

You can increase the "deleted mailbox rentation period" by issusing:
Set-MailBoxDatabase -Identity "Mailbox DB 1" -MailBoxRentation 120

If you wish to re-connect a mailbox to a user you can issue the following:

Connect-Mailbox -Identity "Joe Bloggs" -Database "MailboxDatabase1" -User "Joe Bloggs" -ManagedFolderMailboxPolicyAllowed

Finally you can restore the mailbox by issusing (to identify the mailbox you wish to restore):

Get-MailboxStatistics -Database MBD01 | Where { $_.DisconnectReason -eq "Disabled" } | Format-List LegacyDN, DisplayName, MailboxGUID, DisconnectReason

This command will return the LegacyDN, DisplayName, MailboxGUID, and DisconnectReason values so we can identify GUID for the old mailbox in our restore request.

And finally perform the restoration:

New-MailboxRestoreRequest -SourceDatabase "MailboxDatabase1" -SourceStoreMailbox 1d20855f-fd54-4681-98e6-e249f7326ddd -TargetMailbox ""


Post a Comment