Overview

Single Item Recovery adds another layer of protection for messages, protecting against accidental or malicious deletion of messages. This feature also protects against changes of items, saving the original message before applying the changes.

With this feature enabled on the mailbox, the administrators can restore messages directly from the mailbox database without restore backup. 

The Single Item Recovery uses the structure of Recoverable Items folder on user mailbox to store delete or alter messages. The Recoverable Items folder is a non-IPM store structure locate in each mailbox, this store structure contains operations information about mailbox as well as logs about mailbox auditing and is not displayed in Outlook, Outlook Web App or any other mail client. 

As Recovery Items folders store is hosted on each mailbox when the mailbox is moved from one database to another all content of Single Item Recovery is preserved. This architecture also helps Exchange Server track changes to items carry by the users. 

All deleted items are retained in Recovery Items folders for the retention period, 14 days by default. After this time the item is permanently removed from the database. 

Enable Single Item Recovery

This feature is enabled per mailbox, to activate this function it must use the cmdlet Set-Mailbox

This cmdlet bellow enables Single Item Recovery for User05

Set-Mailbox User05 -SingleItemRecoveryEnabled $true

Recover Message 

To restore messages is only possible for organization administrator is not possible for the users restore items from Single Item Recovery store.

To restore deleted items is necessary to use Search-Mailbox cmdlet, but before running this command you need to grant permission for users to perform searches in all users mailboxes of an organization. 

The user who will conduct the search must be a member of Discovery Management group. Access the Active Directory Users and Computers, in Microsoft Exchange Security Groups OU locate the Discovery Management group and add the user whom will perform the search. 

You will need to close the Management Shell for the new permission to apply. 

To perform a search on User01 mailbox looking for a deleted message send by User02 run cmdlet

Search-Mailbox User01 -SearchQuery "from:'User02'" -TargetMailbox "Discovery Search Mailbox" -TargetFolder "User01 Recovery" -LogLevel Full

This will copy the search result to -TargetMailbox "Discovery Search Mailbox". To return the message to the end user mailbox use Search-Mailbox with target mailbox User01

Search-Mailbox "Discovery Search Mailbox" -SearchQuery "from:'User02'" -TargetMailbox User01 -TargetFolder "User01 Recovery" -LogLevel Full

Check User01 mailbox, it should exist a folder named User01 Recovery with the recovered message and a log of every action taken by the system 

Another option is to export the result of the first search to a PST file. First is necessary to create a network share to store the pst. 

The administrator also must grant permission to the user connect to target mailbox and export the content to a pst. Run the cmdlet to grant user the export ability

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User “Administrator”

Close and reopen Management Shell to apply the new permissions and run the cmdlet to export the contents of the Discovery Search Mailbox

New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -SourceRootFolder "User01 Recovery" -FilePath \\hm03cas\PST\User01Recovery.pst

Changing Mailbox Creation Default

By default, the Single Item Recovery feature is disabled for every new user created. To change this behavior administrator can configure the Cmdlet Extension Agent. 

This is a global feature, the configuration of the agent is applied throughout the organization. 

Configuring XML File

Before enabling the extensions it must configure the XML file that will be use to extend the cmdlets. Navigate to the folder <Exchange Installation>\V15\Bin\CmdletExtensionAgents located the file sample XML file ScriptingAgentConfig.xml.sample. If default installation folder is used the path is C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents

Rename the file to ScriptingAgentConfig.xml and replace the content for XML string below  

<?xml version="1.0" encoding="utf-8" ?>
  <Configuration version="1.0">
  <Feature Name="MailboxProvisioning" Cmdlets="New-Mailbox">
  <ApiCall Name="OnComplete">
      If($succeeded) {
        $Name= $provisioningHandler.UserSpecifiedParameters["Name"]
      Set-Mailbox -Identity $Name -SingleItemRecoveryEnabled $true
      }
  </ApiCall>
  </Feature>
  </Configuration>

Copy the new  ScriptingAgentConfig.xml file to all Exchange Servers, otherwise the process of creating a new mailbox will fail. 

Enable Agent

 

To enable the agent for organization run the cmdlet

Enable-CmdletExtensionAgent "Scripting Agent"

To check the settings of the agent

Get-CmdletExtensionAgent "Scripting Agent"

Test Configuration

With this setting, all new users will have Single Item Recovery feature enabled. Create a new user and see the feature enabled. 

Get-Mailbox <Nome do Usuário> | FL SingleItemRecoveryEnabled,RetainDeletedItemsFor,RetainDeletedItemsUntilBackup

The time that objects are kept can be set at the database, ensuring that all users are protected.

References