The Exchange Server Troubleshooter - 01 Jan 1999

How can I back up and restore an individual mailbox?

This question has been a hot topic among Exchange Server administrators for a long time. In his article "Backing Up an Exchange Server" (October 1998), Mark Ott explained that backing up an Exchange Server computer is an all-or-nothing affair—either you get the entire public Information Store (IS), private IS, or directory data or you get none of it. The standard Windows NT backup tools don't offer any way to back up just one mailbox, and the Exchange database APIs don't let backup programs retrieve and store individual mailbox items.

However, some third parties have come up with creative solutions (e.g., Seagate's Backup Exec for Windows NT and Computer Associates' ARCserveIT) that let you back up one or many mailboxes, either in addition to or instead of backing up the IS and directory databases. These backups, often called brick or mailbox backups, let you restore one mailbox without having to reload the entire IS. That's the good news.

The bad news is that these solutions use Messaging API (MAPI) calls to read each mailbox's messages and then back them up. This process is very slow—the time required to back up an IS as a group of mailboxes can be as much as 50 times longer than that required to back up the same data through NT Backup. In addition, when you start backing up individual mailboxes, the backup data set expands, because you lose the storage savings of the single-instance storage model. The expansion depends on how many messages each mailbox holds and how many messages other mailboxes share. In the worst case (i.e., other mailboxes share every message in the mailbox), the increase can be a factor of four or even more.

So, you can back up individual mailboxes by choosing a third-party Exchange backup solution that supports brick backups. However, the process takes more time and space than backing up the Directory and the IS, and you might find alternative solutions more suitable. If you want to recover an entire mailbox and you don't want to spend the money or time to use a third-party brick backup solution, you can use either .pst or .ost folders or a recovery server.

If you want to be able to restore some mailboxes (e.g., those of your company's executives), you can force their clients to store mail in personal folders (.pst files) on a network server. Then, back up the .pst files as part of your usual server backup rotation. This practice lets you restore the mailbox and any deleted items (if you've enabled deleted-item recovery), but it makes you vulnerable to the loss or corruption of a .pst file. So make sure your backups are usable. You also face the political difficulty of deciding whose mailbox you'll back up.

The method also has some practical obstacles. Personal folders don't allow shared access. Usually, Microsoft's clients close the .pst file after 30 minutes of inactivity, but if other MAPI clients are running, scheduled backups might not be able to back up the file. Another drawback: Users who use .pst files can't share their calendar with server-based users.

Another folder-based strategy is to use offline storage (.ost) files. Sue Mosher's April "Outlook Tips and Techniques" column explains the use of .ost files as a recovery alternative.

Microsoft's recommended solution for individual mailbox recovery is to keep a recovery server handy. This server needs to be big enough to accommodate the entire private IS from a backup. When you need to restore a mailbox, load your latest backup onto the server, use the Exchange Administrator program to give yourself permissions on the mailbox you want to restore, and use your Microsoft Outlook client to export the recovered mailbox's contents to a .pst file. (You can export the whole mailbox or selected messages.) When you have the .pst file, you can restore it wherever necessary.

This solution—restoring a 7GB store just to recover one mailbox—seems like overkill. However, the solution works no matter what client your users have, and it avoids the potential pitfalls of .pst files. (Tony Redmond describes disadvantages of personal folders in "Storing Exchange Server Messages," December 1998.) Because many installations keep a spare server around in case the main server fails, you might already have the hardware you need on hand.

How can I back up and restore individual mailbox items?

If you want to back up mailboxes so you can recover accidentally deleted messages, Exchange Server 5.5's deleted-item retention feature (which administrators have dubbed the dumpster) might do the job for you. Deleted-item retention lets you recover messages without exploding your backup data set. The feature requires Outlook 97, version 8.03 or later—including Outlook 98. (For more information about deleted-item retention, see Jerry Cochran, "The Exchange Troubleshooter," July 1998.)

When you turn on this feature, items that users delete move to a special container in the private IS: the Deleted Items folder. During the retention period, users can recover deleted items from their Deleted Items folder—without any help from you. If necessary, you can grant yourself privileges to users' mailboxes and recover items for them. Here's how you turn on deleted-item recovery:

  1. Open Exchange Administrator, and select the server on which you want to use deleted-item recovery.
  2. Open the server's private IS properties. Select Private Information Store, then File, Properties. The General tab, which Screen 1 shows, offers two pertinent options:
    • The Deleted item retention time \[days\] field controls how long items stay in the dumpster before Exchange deletes them finally and irrevocably. Longer periods give you more time for recovery, but they also increase the amount of disk space required for storing deleted items. A 7- to 30-day range is probably adequate for most sites.
    • The Don't permanently delete items until the store has been backed up checkbox is an extra safety valve. Usually, when a deleted item reaches the end of its retention period, the IS service removes the item during the next run of the database maintenance thread. This thread usually runs every night, during the database maintenance period. When you select this option, items stay in the dumpster after their retention period has expired, until the next successful backup of the private IS. This feature is very useful, because you can always reload the backup and restore a deleted item (provided your backup is clean), even well after the retention period has expired. Set these controls to the appropriate values, and click the OK or Apply buttons.
  3. Repeat steps 1 and 2 for any other servers on which you want to enable item recovery.

Teach your users that they can use the Tools, Recover Deleted Items command in Outlook until the end of the recovery period to retrieve items they've accidentally deleted. (If they need your help, you need to have User permission on their mailbox, and you need to add their mailbox to your Outlook profile before you can use your client to recover their messages to their mailbox.) You might need to help Outlook 98 users install the dumpster.ecf add-in with the Outlook Add-In Manager, and you'll need to explain how DumpsterAlwaysOn works. For more information about DumpsterAlwaysOn, see the question Can users recover items that they delete directly and that don't go to the Deleted Items folder?

Can users recover items that they delete directly and that don't go to the Deleted Items folder?

The Microsoft article "How to Recover Items That Do Not Touch the Deleted Items Folder" ( explains that you can add a Registry key to improve how deleted-item recovery works. Usually, when you delete an item in Outlook, Outlook moves the item into the Deleted Items folder. However, Post Office Protocol 3 (POP3) and Internet Messaging Access Protocol 4 (IMAP4) clients don't have a Deleted Items folder, so messages you delete from a POP3 or IMAP4 client are gone immediately and are irretrievable. To make matters more complicated, Outlook offers a delete this immediately shortcut (Shift+Del) that removes the selected items without sending them to the Deleted Items folder. Microsoft calls each of these events an in-place deletion, because Outlook marks the message as deleted in the folder where it currently resides instead of moving the message to a Deleted Items folder.

Messages that users removed with in-place deletion are still in the store, and you can recover them—they're just not in the Deleted Items folder. Instead, the messages are still in the original folder (the Inbox or another folder where Outlook had stored the messages when the user deleted them).

Usually, the Tools, Recover Deleted Items command is available only when you have selected the Deleted Items folder in the client. To tell Outlook that you want to have access to this command from all mail folders, add the REG_DWORD DumpsterAlwaysOn to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options key and set its value to 1. This addition lets you recover items in any mail folder. (However, this Registry key doesn't let you recover deleted contacts, tasks, and other items that you deleted in place.)

The value's name (DumpsterAlwaysOn) is a little confusing—you might think it means that Outlook always stores items in the dumpster. However, the name means that the dumpster's functionality is always on.

This Registry tweak doesn't have any pitfalls, so consider adding it to your domain system policies so that it will automatically apply to all client machines in your domain. Alternatively, you can use the Outlook Deployment Kit to include the setting when you roll out Outlook to your client desktops. However, use the Registry Editor at your own risk. Using the Registry Editor incorrectly can cause serious problems that can require you to reinstall your OS.

The Total no. items column in my Exchange Administrator mailbox resources view isn't right. What is it counting?

When Exchange Administrator says total, it means total. That column reflects the total number of items in the user's private IS. You can probably guess that the total includes mail messages and attachments, but you might not be aware of all the other items that get lumped in with the messages:

  • Journal items (Many administrators discount journal items when they add the total item count, because only Outlook users have journal items available to them.)
  • Notes and contacts
  • Items in the Sent Items folder
  • Calendar entries and tasks

I removed a mailbox a few days ago. Now, any mail sent to a distribution list that included the mailbox bounces. What happened?

This behavior is a known bug in Exchange Server 5.5 (the original version and Service Pack 1—SP1). When you delete a mailbox from the private IS, Exchange expects the Directory Service (DS) to update every distribution list that contains that mailbox as a member. The bug happens because the DS doesn't update the distribution list's When-Changed attribute when the list changes. This attribute is like a modification date. If the DS doesn't mark the distribution list as updated, the Message Transfer Agent (MTA) won't update its cached list of distribution list members. Therefore, the MTA uses the old list, which contains an invalid mailbox, and the messages bounce.

Microsoft has promised to release a hotfix for this problem and to fix it in Exchange 5.5 SP2. In the meantime, to fix the problem, either stop and restart the MTA service or open the distribution list's properties dialog box and make a change so the MTA has to update its records. (Thanks to Microsoft's Steve Townsend for explaining this bug on the [email protected] mailing list.)

I just installed the Exchange Server 5.0 Key Management Server (KMS). I want to experiment with it, but I can't get it to start. What's the magic trick?

When you install the KMS, it gives you a special 15-character password. You can choose to write it down or to store it on a disk. You must have this password to start the KMS, and you can't recover or reset the KMS if you lose the password. The Exchange documentation clearly states that you must guard this password with your life. However, only one sentence in the documentation tells you what to do with the password.

This password is in addition to, not instead of, the Exchange Server service account password. Exchange Setup automatically installs the KMS service and configures it to run under the Exchange site service account, but it doesn't automatically store the KMS password. You can get the password to KMS in two ways:

  • If you're using the password disks, insert one in the A drive before you try to start the KMS service (either manually or at boot time).
  • If you've written the password down, you have to enter it in the Startup Parameters field of the Services dialog box, which Screen 2 shows. Select Microsoft Exchange Key Management Server from the Service list, type the password in the Startup Parameters field, and click Start.

For security reasons, Exchange usually sets the KMS to start automatically, but when it starts, you'll need to reenter the password. Because you need the KMS only to manage certificates—not to encrypt or decrypt messages—you can safely leave the KMS turned off unless you need to use it.

Can Microsoft Exchange Server 5.5 import my cc:Mail archives?

Exchange Server 5.5 can import cc:Mail archives if you add the cc:Mail Archive Importer. The cc:Mail Archive Importer moves existing cc:Mail archive files to Exchange Server 5.5, letting users preserve business-critical information stored within their personal email folders. The cc:Mail Archive Importer automates the migration process from cc:Mail to Exchange Server, thus saving the IS's and users' time and resources. As part of the migration process, the importer also resolves the addresses of authors as it converts messages, so that users can use Reply and Reply-all directly from Exchange without altering or reentering email addresses. You can download the cc:Mail Archive Importer from (Thanks to Microsoft Technical Sales for providing this question and answer.)

How can I use Exchange Server to copy employee email to a specified mailbox, such as an administrator's mailbox?

Message journaling, a new feature available in Exchange Server 5.5 SP1, lets you save a copy of all messages that users of your Exchange Server system, site, or organization send or receive. For example, you might need to save copies of all messages to comply with laws or regulations that apply to your business.

You can send the collected messages to a mailbox, public folder, or custom recipient. You then need to permanently store or otherwise process the message copies. For more information, see Tony Redmond, "Exchange Server 5.5 Service Pack 1," Windows NT Magazine (July 1998). (Thanks to Microsoft Technical Sales for providing this question and answer.)

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.