Question on Exchange 2010 Litigation Hold and Deletion of Entire Mailbox

We use an Exchange 2010 solution.    We placed a litigation hold on every mailbox in the company.    During this period, one of the employees left.   One of the email admins Removed the end user mailbox and LDAP account  (this was not malicious, just normal procedure otherwise).    

Now when legal wanted to search this, now separated, employee's mailbox, the Mailbox is not listable from  within the Multi Mailbox  Search.    This is using Multi Mailbox Search -> New Search -> Mailboxes to Search -> Add -> Then searching for the employee name turn up no results.    I assume the 'no results' is because the mailbox and account are no longer present.  

1) Thoughts on how to retrieve/search the mailbox?

2) I would have thought that a Litigation Hold would prevent accidental Deletion.   Was this an incorrect assumption?
LVL 33
MikeKaneAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JaredJ1Commented:
Litigation hold will only stop deleted items from being purged from the mailbox i.e. the user may not see the items but they will be indexed and searchable by your legal dept (providing they've been given permissions).

Litigation hold will NOT stop an administrator from deleting the mailbox. If you can find the mailbox (Look in the EMC, Recipient Configuration, Disconnected Mailboxes), you should be able to re-connect the mailbox to an existing AD user object. Once done you should be able to search the mailbox and hopefully find what you're looking for.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MegaNuk3Commented:
If you can't see it in Disconnected mailboxes, then open EMS and do:
Get-mailboxdatabase | clean-mailboxdatabase

Then wait 5 minutes and look in EMC again under the Disconnected mailbox OU
0
endital1097Commented:
SP1 will prevent you from deleting a mailbox on litigation hole
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

MikeKaneAuthor Commented:
We are running SP1 Rollup 3.    The user was removed from within the EMC, not from AD User manager.    It seems that this removes the account and mailbox regardless of the hold.  

Seems like a hole in our procedures where any account marked for deletion will now have to be checked to see if it is in Litigation Hold unless there is another method to have Exchange check for us.  

Right now, I'm going back and restoring the USer account from LDAP backup and will try to restore the mailbox into it.  
0
MegaNuk3Commented:
Did you find the Disconnected mailbox?
0
MikeKaneAuthor Commented:
The mailbox for the end user never appeared in Disconnected mailbox.    The account and mailbox were both removed with the same action in EMC by right clicking the mailbox list and selecting remove.  

I was able to restore the end user LDAP entry (it now appears in the user lists).  

However, the restore of the mailbox is failing....   This might turn into a 3 hour Symantec BES call....    but I'll post the errors here in case anyone had any ideas.  

Restore started on 3/28/2011 at 3:29:13 PM.
Restore Set Detail Information
V-79-57344-760 - Unable to open the item Database - skipped.
V-79-57344-760 - Unable to open the item Database - skipped.
V-79-57344-760 - Unable to open the item Database - skipped.
Item <server>\hidden\Database\<user> \Top of Information Store\Inbox\<email subj>
Item <server>\hidden\Database\<user> \Top of Information Store\Inbox\<email subj>

That repeats for about 700 items in the inbox.   No items are restored.  

I did verify that I was using proper credentials (domain admin to be exact).  

Are there any additional steps after restoring an account before I can restore mailbox items into that account?
0
MegaNuk3Commented:
Did you try
Get-mailboxdatabase | clean-mailboxdatabase
0
MikeKaneAuthor Commented:
No change after that command.  

I did find a Symantec KB article related to those errors along with a HotFix.     Issue relates to attempting a mailbox restore to a CAS with SSL cert installed.    

So I'm trying it now.... will post results.
0
MegaNuk3Commented:
OK
0
MikeKaneAuthor Commented:
Turns out Symantec has a known issue that is to be resolved in the upcoming Backup exec 2010 R3 release.  

So all is restored and I learned a bit more about how symantec is slowly sucking away my life force.  


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.