Exchange Online Archive and Single Item recovery

We are currently looking to implement online archiving in Exchange 2010.

From my perspective,  we are doing it to relocate the older messages to some cheaper storage,  while making primary mailbox sizes are little more manageable.

Management however,  want to ensure that once an item is moved to the online archive that it cannot be permanently deleted until after a 7 year retention period (for discovery purposes).

Journaling isn't an option at this point..

We have an Archive RPT which moves the items to the users archive after 90 days.
We have another RPT which will Delete items from the Archive after 7 years (Delete no Recovery).

We then have "Keep deleted Items for", set to 30 Days on the Primary Mailbox Database.
and then have "Keep deleted Items for", set to 7 years (2555 Days) on the Archive Database(this is so that items are not immediately deleted if the user manually deletes from the archive).

Obviously with this setup,  users will be able to purge items from the "Deletions" sub folder (Recover Deleted Items) if they want to remove it from the archive.

My understanding is that if I enable Single Item Recovery for everyone,  then the items that the user might remove from the "Deletions" sub folder will be transparently moved to the "Purges" sub folder, and are therefore discoverable if required,  up until the retention period of each database (30 days for Primary mailbox, 7 years for archive).

This sounds like exactly what we are after.

Thus my questions;


Apart from the obvious storage implications of doing this (7 years is alot of email),  are there any other issues\risks associated with going down this method for email retention?


Is there a better way of achieving what we are after?  I dont suppose we could completely restrict deletion access to the users archive completely for example?


If a user was to drag an item back into their primary mailbox.. and then delete it before the Managed Folder Assistant moved it back to the archive..  Would that be a potential hole in the retention requirement?


What are others out there doing to ensure that there are permanent records of all email communication within your organisations?  I mean,  putting a mailbox on litigation hold is great.. but what happens if the incident in question was 6 months ago.. and we are only now being made aware that the mailbox is under investigation?
Thanking you all in advance for your insight..
Who is Participating?
adcassAuthor Commented:
Thanks again for your comments Simon.

Are you able to confirm that my understanding of the feature is in fact correct, in that it abides by the retention policies applied to the mailbox and database?

Im taking this comment from the above article;

The time period by which the deleted data is maintained is based on the deleted item retention window. The default time period is 14 days in Exchange 2010 and is configurable per database or per mailbox. The following cmdlets let you alter this behavior:

So if I have recover deleted items set to 30 days on the database, the deleted items will in fact be purged from the database at the end of that retention period?

So for short term preservation of data.. Singe Item Recovery is the solution..
For long term preservation of data.. Litigation Hold should be used.

Simon Butler (Sembee)ConsultantCommented:
If you really must retain everything for seven years (and the advice is that if you do not HAVE to, then you shouldn't do), then I would just put everything on legal hold for seven years. Then it is impossible for the end user to delete anything completely. Don't tell the end users that is happening though, so if someone tries to do something naughty, they get caught trying to cover their tracks.

Do what you have already done, so that you have some degree of management of the database sizes, particularly with migrating the data across to cheaper storage, but with the legal hold functionality there to ensure you have everything.

I usually advocate a more restrictive anti-spam regime in these scenarios, with the users getting a quarantine email at least once a day. The last thing you want is a lot of junk clogging up the database, but if they cannot delete anything then that is what will happen. If you quarantine everything, then if something is caught it can be released, but the true garbage is kept out of the live database.

adcassAuthor Commented:
Thanks for that.

The 7 year requirement is only on the archive.  I know its a little strange,  but the idea is apparently to give the users the ability to clean out their junk\personal email before archiving..  

Realistically,  this isn't going to happen, I know.

But then once its archived, its locked.. but then automatically removed at the end of the 7 years (via the Permanently Delete RPT).

I understand that if a mailbox is placed on legal hold, then outlook will reflect this as per the following, no?  so the users will be aware of it?

Litigation Hold Notification
And legal hold cannot be put on an automatic hold "period",  so if someone was with the organisation for say 10 years.. then there would be no way to automatically purge those items that had exceeded 7 years?

My understanding is that Single Item Recovery,  would at least adhere to the pre configured deleted item retention period on the actual mailbox database,  so once that 7 year deleted item retention expired, the items would purge?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Simon Butler (Sembee)ConsultantCommented:
I believe that message is optional - so if you don't set a message then it isn't seen.
The legal hold feature is to ensure that all content is held, lawyers would go mad if it allowed content over a certain age to be removed. I was only suggesting legal hold as a work around if you are concerned about users deleting the content. The other option is to use a third party tool to archive the content so a copy is kept outside of Exchange.

adcassAuthor Commented:
Thanks Simon,  I certainly appreciate you taking the time to comment.

Do you have any thoughts on using "Single Item Recovery"?
Do you have any experience with that?  Do you think it will achieve what we are after?
Simon Butler (Sembee)ConsultantCommented:
Never used any kind of single item recovery, and I don't believe Microsoft support it either when used with a third party product.

If you must keep a copy of the content then journal it.
For recovery of content, I use a combination of full mailbox backups and deleted item recovery, with the option to not delete the item until a backup is successful enabled.

adcassAuthor Commented:
Thankfully there are no third party products in play here.
This is the feature im referring to...

Enable Single Item Recovery in Exchange

Single Item Recovery in Exchange Server 2010

I would love to hear from anyone who has enabled it in their environment
Is there a reason it seems that this is not a very widely used feature?

Simon Butler (Sembee)ConsultantCommented:
I forgot about that feature. Checking my notes, I have two clients with it enabled, as far as I am aware it has never been used. At it isn't enabled by default, most sites aren't even aware of its existence.

It will cause significant bloat in the database if you intend to use it for the purpose designed, because the content will never be deleted from the mailbox. That will include spam and other garbage. Knowing how many monitoring and other alerts I can delete from my own mailbox, if it was enabled for me my database would be about six times the size it is now.

adcassAuthor Commented:
Accepting my own answer because the exact questions around whether the feature adhered to the retention policies applied was not actually answered.
Further research and in depth testing was required on my own part to confirm this.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.