Question on Exchange 2010 Litigation Hold and Deletion of Entire Mailbox

We use an Exchange 2010 solution.    We placed a litigation hold on every mailbox in the company.    During this period, one of the employees left.   One of the email admins Removed the end user mailbox and LDAP account  (this was not malicious, just normal procedure otherwise).    

Now when legal wanted to search this, now separated, employee's mailbox, the Mailbox is not listable from  within the Multi Mailbox  Search.    This is using Multi Mailbox Search -> New Search -> Mailboxes to Search -> Add -> Then searching for the employee name turn up no results.    I assume the 'no results' is because the mailbox and account are no longer present.  

1) Thoughts on how to retrieve/search the mailbox?

2) I would have thought that a Litigation Hold would prevent accidental Deletion.   Was this an incorrect assumption?
LVL 33
MikeKaneAsked:
Who is Participating?
 
JaredJ1Commented:
Litigation hold will only stop deleted items from being purged from the mailbox i.e. the user may not see the items but they will be indexed and searchable by your legal dept (providing they've been given permissions).

Litigation hold will NOT stop an administrator from deleting the mailbox. If you can find the mailbox (Look in the EMC, Recipient Configuration, Disconnected Mailboxes), you should be able to re-connect the mailbox to an existing AD user object. Once done you should be able to search the mailbox and hopefully find what you're looking for.
0
 
MegaNuk3Commented:
If you can't see it in Disconnected mailboxes, then open EMS and do:
Get-mailboxdatabase | clean-mailboxdatabase

Then wait 5 minutes and look in EMC again under the Disconnected mailbox OU
0
 
endital1097Commented:
SP1 will prevent you from deleting a mailbox on litigation hole
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
MikeKaneAuthor Commented:
We are running SP1 Rollup 3.    The user was removed from within the EMC, not from AD User manager.    It seems that this removes the account and mailbox regardless of the hold.  

Seems like a hole in our procedures where any account marked for deletion will now have to be checked to see if it is in Litigation Hold unless there is another method to have Exchange check for us.  

Right now, I'm going back and restoring the USer account from LDAP backup and will try to restore the mailbox into it.  
0
 
MegaNuk3Commented:
Did you find the Disconnected mailbox?
0
 
MikeKaneAuthor Commented:
The mailbox for the end user never appeared in Disconnected mailbox.    The account and mailbox were both removed with the same action in EMC by right clicking the mailbox list and selecting remove.  

I was able to restore the end user LDAP entry (it now appears in the user lists).  

However, the restore of the mailbox is failing....   This might turn into a 3 hour Symantec BES call....    but I'll post the errors here in case anyone had any ideas.  

Restore started on 3/28/2011 at 3:29:13 PM.
Restore Set Detail Information
V-79-57344-760 - Unable to open the item Database - skipped.
V-79-57344-760 - Unable to open the item Database - skipped.
V-79-57344-760 - Unable to open the item Database - skipped.
Item <server>\hidden\Database\<user> \Top of Information Store\Inbox\<email subj>
Item <server>\hidden\Database\<user> \Top of Information Store\Inbox\<email subj>

That repeats for about 700 items in the inbox.   No items are restored.  

I did verify that I was using proper credentials (domain admin to be exact).  

Are there any additional steps after restoring an account before I can restore mailbox items into that account?
0
 
MegaNuk3Commented:
Did you try
Get-mailboxdatabase | clean-mailboxdatabase
0
 
MikeKaneAuthor Commented:
No change after that command.  

I did find a Symantec KB article related to those errors along with a HotFix.     Issue relates to attempting a mailbox restore to a CAS with SSL cert installed.    

So I'm trying it now.... will post results.
0
 
MegaNuk3Commented:
OK
0
 
MikeKaneAuthor Commented:
Turns out Symantec has a known issue that is to be resolved in the upcoming Backup exec 2010 R3 release.  

So all is restored and I learned a bit more about how symantec is slowly sucking away my life force.  


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.