Litigation hold updates in Exchange 2010 SP2

Browsing the contents of the TechNet article “What’s new in Exchange 2010 SP2”, I was interested to note something that received zero attention (as far as I can tell) from customers during the SP2 development cycle. Buried right at the end of the article we find:

In Exchange 2010 SP2, you can’t disable or remove a mailbox that has been placed on litigation hold. To bypass this restriction, you must either remove litigation hold from the mailbox, or use the new IgnoreLegalHold switch parameter when removing or disabling the mailbox. The IgnoreLegalHold parameter has been added to the following cmdlets:

  • Disable-Mailbox
  • Remove-Mailbox
  • Disable-RemoteMailbox
  • Remove-RemoteMailbox
  • Disable-MailUser
  • Remove-MailUser

Litigation hold is what you might call an emerging science in that it first appeared as a new feature of Exchange 2010 alongside “Dumpster 2.0”, a complete revamp of the way that the Information Store handles items deleted by users. Because it’s a reasonably new feature, you’d expect that Microsoft would have some tweaking to do based on customer feedback and that’s exactly what seems to have occurred here.

The whole point of litigation hold is that you want to preserve information in order to be able to respond to legal discovery actions. Clearly this can’t happen if an administrator is able to accidentally delete a mailbox that is on litigation hold, so Exchange 2010 SP2 stops this happening by requiring an administrator to explicitly request to override the litigation hold on a mailbox or mail user when they remove or disable the object. Of course, Exchange 2010 supports audit tracking for administrator actions so you can always find out exactly who deleted an object, providing that auditing is enabled and the person who deletes the object then doesn’t go and delete the audit item!

Interestingly, I don’t see the Remove-StoreMailbox cmdlet listed in the set of updated cmdlets that support the IgnoreLegalHold switch. Remove-StoreMailbox appeared in Exchange 2010 SP1 and is roughly equivalent to running Remove-Mailbox with the Permanent switch in that it will immediately and permanently remove a mailbox from its host database. By comparison, the normal use of Remove-Mailbox is to “soft delete” a mailbox so that it can be recovered and reconnected to an Active Directory user object providing that this operation occurs within the deleted mailbox retention period (usually anything from 14 to 30 days on production databases). Perhaps Microsoft decided that when an administrator runs Remove-StoreMailbox, they have already taken a decision to blow away all trace of the mailbox and therefore won’t be concerned whether it is under litigation hold. Or maybe it’s just an oversight. No doubt we shall see in the fullness of time.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish