DPM 2012 - SP 2010 - Recovery Single item to network Share

Similar Messages

• Backup DPM 2012 SP1 from Recovery console

  Hi
  I have a problem. I have a server with Windows Server 2008 R2 and DPM 2012 SP1. Because of a recent RAID controler crash i am unable to fix this server to boot to windows. I can only get into recovery console. I see the volumes normaly! So here is a million
  dolar question. How can i backup DPM databases from recovery console so that i can make a full restore when i freshly install new windows and DPM?
  Thanks for all your help in advance.
  Boštjan

  Hi,
  only Thing you need ist MDF and LDF files from DPMDB.
  Try to copy These two files.
  Install your new Serve with same Name and same DPM version
  Restore DB with SQL Management Studio and overwrite the new and existing one
  present DPM Backupstorage to the new server
  Run dpmsync -sync
  Seidl Michael | http://www.techguy.at |
  twitter.com/techguyat | facebook.com/techguyat

• Unable to save MS Word and Excel 2010 and 2013 onto the network share

  Hi,
  I have read similar cases, but did not work out on the problems we face.
  We are using Office 2010 and Windows 7 and it seems like only this combination will encounter saving problem on the networe share (but local / removable disks are fine) - 
  Other combinations:
  Windows XP and Office 2010 - no problem
  Windows XP and Office 2003 - no problem
  Windows 7 and Office 2003 - no problem
  In Microsoft Word 2010, when saving a new document, it will save but create a 0KB file in the network share drive and I notice the blue menu bar of the Microsoft Word 2010 still displays "Document1" instead the new file name.
  And only when I click save icon or exit button, Word actually prompts another "Save As" dialog to save the file, and as a result, I have to save the same file and answer MS Word prompt to replace the existing file - and this is the real time that
  the document and its contents really got saved. And the blue menu bar then displays the actual file name.
  In Microsoft Excel 2010 (also Powerpoint I suppose so), in saving a new excel file, after typing in a file name for the new file in the network share location, it will prompt a dialog box indicating the "File is currently in use"
  Similar to MS Word, it will still create a 0KB file in the network share, and only a second time saving and replace the 0KB file, is able to save the file again. 
  I have tried a lot of ways from Safe Mode, Disable Add-in, Added Trusted Locations to the network share in MS Word and Excel, Uninstall Antivirus software, redo NTFS permission on the network share server folder, etc but the problem cannot
  be solved.
  Any help is appreciated. Thank you in advance.
  Kind regards,
  Daryl

  Thank you Max.
  I have tried various storage configurations and share the folders out in Windows Servers and grant user accesses with AD.
  These drives configuration involves iSCSI drives, using NAS drive, using internal SAS RAID drives in Windows 2008 servers, all having the same errors, but the latter one was having the most errors almost every first time the users
  save their files (includes saving from email attachments), the files will get 0KB.
  I have tested LAN cables, switch LAN points in panels and switches, and comes to no avail.
  I have patched with the latest office updates (the latest being Office 2010 SP2) also to no avail.

• DPM 2012 End User Recovery - Extending AD Schema tool crashes with error

  Hi everyone,
  I deployed SCDPM 2012 R2 in my test environment, but it is an issue. When I'm trying to extend AD Schema by DPMADSchemaExtensionTool.exe, it stops to working with an appcrash message:
  Problem signature:
  Problem Event Name: APPCRASH
  Application Name: dpmdsacl.exe
  Application Version: 4.2.1092.0
  Application Timestamp: 51b1e89d
  Fault Module Name: KERNELBASE.dll
  Fault Module Version: 6.3.9600.16384
  Fault Module Timestamp: 5215fa76
  Exception Code: e0434352
  Exception Offset: 0000000000008384
  OS Version: 6.3.9600.2.0.0.272.7
  Locale ID: 1033
  Additional Information 1: 7644
  Additional Information 2: 7644cee486badc818e8a96bb7aba3bfd
  Additional Information 3: 2ddc
  Additional Information 4: 2ddcde93bf91b9ddbb6e1a89fb9b5892
  When I'm trying to do the same with cmd I get an error:
  C:\diagEUR>dpmdsacl.exe sc.local CN=MS-ShareMapConfiguration,CN=System,DC=sc,DC=
  local /A sc\dpm$
  Unhandled Exception: System.IO.FileLoadException: Could not load file or assembl
  y 'dpmdsacl, Version=1.0.523.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
  ' or one of its dependencies. Strong name validation failed. (Exception from HRE
  SULT: 0x8013141A) ---> System.Security.SecurityException: Strong name validation
  failed. (Exception from HRESULT: 0x8013141A)
  --- End of inner exception stack trace ---
  How can I fix this error?

  Hi Seth,
  I think your script will be useful, please share them
  Here it is. It does the same items that the DPM tool does to the domain, with a few extra steps noted at the top.
  We create a group that has the permissions on the container, with the hope that one day, this feature will be available (DCR submitted).  In our support model, we would rather delegate permissions to support personnel to modify group membership than
  modify ACLs on system containers.    Your opinion on this may differ, so, feel free to remove it.
  It also gives our support personnel permissions to modify the sharemap container - so they can enable DPM EUR servers later.
  Both of these have been working fine for preparing a domain / enabling EUR.  Preparing the domain is run by domain admin, then, we leave enabling EUR to our support staff.
  Remember, this is not supported, this just makes the same changes that the EUR tool does.  You should use the EUR tool from Microsoft.
  #Requires -version 2.0
  # File:      DPMEndUserDomainPrep.ps1
  # Version:   0.1
  # Purpose:   Domain Preparation for DPM End User Recovery
  # Tasks compelted by this script:
  #      -Create MS-ShareMapConfiguration container in System container of the domain
  #            -Create the security group (NETBIOS Domain Name) DPM End User Recovery servers
  #      -Give Create,Delete MS-srvShareMappingObjects, ListChildren permissions for the newly created group, on the new MS-ShareMapConfiguration container
  #      -Find <SUPPORT GROUP> group in the forest root, and grant full permissions to the MS-ShareMapConfiguration container
  Param(
    [string]$domain
  if ($domain -eq "")
   write-host ""
   write-host "Script Usage" -foreground cyan
   write-host "-----------------" -foreground cyan
   write-host "./DPMEndUserDomainPrep.ps1 -domain domain.com" -foreground cyan
   write-host ""
   exit
  $Title = "DPM End User Recovery Domain Prep"
  $Message = "Do you want to continue with domain prep for " + $domain + "?"
  $Yes = new-object system.management.automation.host.choicedescription "&Yes","Continue with Domain Prep for $domain"
  $No = new-object system.management.automation.host.choicedescription "&No","Exit the script"
  $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
  $result = $host.ui.PromptForChoice($title, $message, $options, 0)
  If ($result -eq 1){exit}
  # Load the AD module
  Import-Module ActiveDirectory
  # Figure out our domain
   $root = (Get-ADRootDSE -server $domain).defaultNamingContext
  #Get netbios domain name
   $domainname = (Get-ADDomain -Identity $domain).NetBIOSName
  #SchemaIDGuid for MS-SrvShareMapping Class
   $ShareMapGUID = new-object guid c356f65b-5540-4d85-9aef-3a7ecae7a878
   $guidNull = new-object Guid 00000000-0000-0000-0000-000000000000
          $guidGroupObject = new-object Guid BF967A9C-0DE6-11D0-A285-00AA003049E2
  # Get or create the MS-ShareMapConfiguration container
   $ou = $null
   try
       $ou = Get-ADObject "CN=MS-ShareMapConfiguration,CN=System,$root"
   catch
       Write-host "MS-ShareMapConfiguration container does not currently exist." -foreground yellow
   if ($ou -eq $null)
       $ou = New-ADObject -Type Container -name "MS-ShareMapConfiguration" -Path "CN=System,$root" -Passthru
       write-host "Created Container $ou" -foreground yellow
       start-sleep -s 10
  #Create DPM End User Recovery servers group
   write-host "Creating group $domainname DPM End User Recovery Servers" -foreground yellow
   new-adgroup -path "cn=builtin,$root" -name "$domainname DPM End User Recovery Servers" -groupscope universal -groupcategory security -description "Members of this group are delegated permissions to change contents of the System\MS-ShareMapConfiguration
  container"
          start-sleep -s 10
   $ServerGroup = get-adgroup "$domainname DPM End User Recovery Servers"
   $ServerGroupsid = [system.security.principal.securityidentifier] $ServerGroup.sid
   write-host ""
   write-host "Created group $ServerGroup" -foreground yellow
  #Get <SUPPORT GROUP>in Forest Root
   $forestname = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Name
   #Check to see if <SUPPORT GROUP> group exists
   $SupportGroup = $null
   $SupportGroup = get-adgroup -server $forestname "<SUPPORT GROUP>"
   if ($SupportGroup -eq $null)
    write-host ""
    write-host "WARNING - <SUPPORT GROUP> Group does not exist in the forest root" -foreground red
    write-host "Permissions must be manually assigned to the MS-ShareMapConfiguration Container for the <SUPPORT GROUP>" -foreground red
    write-host ""
   $SupportGroupSID = [system.security.principal.securityidentifier] $SupportGroup.sid
  #Get current ACL for the MS-ShareMapConfiguration Container
   $OUacl = get-acl "ad:cn=ms-sharemapconfiguration,cn=system,$root"
  #Create ACE for adding permissions to newly created group to MS-ShareMapConfiguration container
   $ace1 = new-object system.directoryservices.activedirectoryaccessrule $ServerGroupsid, "CreateChild,DeleteChild", Allow, $sharemapguid,"all"
   $ace2 = new-object system.directoryservices.activedirectoryaccessrule $ServerGroupsid, "ListChildren", Allow,$guidNull,"all"
   $ace3 = new-object system.directoryservices.activedirectoryaccessrule $SupportGroupsid, "GenericAll", Allow,$guidNull,"all"
   $OUacl.addaccessrule($ace1)
   $OUacl.addaccessrule($ace2)
   $OUacl.addaccessrule($ace3)
  #Apply ACL
   write-host ""
   write-host "Setting ACLs on cn=ms-sharemapconfiguration,cn=system,$root" -foreground yellow
   set-acl -aclobject $OUacl "ad:cn=ms-sharemapconfiguration,cn=system,$root"
  #Get current ACL for the DPM End User Recovery Servers group
   $ServerGroupDN = $servergroup.distinguishedname
   $Groupacl = get-acl "ad:$servergroupdn"
   $groupace = new-object system.directoryservices.activedirectoryaccessrule $SupportGroupsid, "GenericAll", Allow,$guidNull,"all"
   $Groupacl.addaccessrule($groupace)
   write-host ""
   write-host "Setting ACLs on $servergroupdn" -foreground yellow
   set-acl -aclobject $Groupacl "ad:$servergroupdn"
   write-host ""
   write-host "Script Complete" -foreground yellow
  Seth Cohen

• Single item recovery in Exchange 2013

  I am looking for some help in identifying the simplest process to recover a single item in Exchange 2013 in a scenario where the item is no longer available in the dumpster (i.e. a retained deleted item).
  In Exchange 2010 the process was:
  Restore the mailbox database from backup to the Recovery database
  Restore the item using the Restore-Mailbox cmdlet with the -AllContentKeywords parameter to identify and restore the individual item (or items) to a target folder in the user's mailbox.
  The Restore-Mailbox cmdlet is no longer available in Exchange 2013. 
  I guess one possible option is the following:
  Restore the mailbox database from backup to the Recovery database
  Restore the mailbox to a dummy mailbox (or Discovery Mailbox) using New-MailboxRestoreRequest.
  Use the Search-Mailbox cmdlet to find the item in the dummy mailbox and restore it to a target folder in the user's mailbox.
  It just seems like a very long-winded method to restore a single item. Any way to do this better?
  Alexei

  Hi ,
  In exchange 2013 single item recovery work as follows .
  Scenario 1 : Items from the deleted items folder and also the hard deleted items (shift + delete) will move it to the dumpster (i.e deletions folder) which is an sub-folder in recoverable deleted items folder.On that deletions folder items will be retained
  based upon retention period .
  Scenario 2 : In case if we move the items from the deletions folder it will get move in to the purges folder (if single item recovery is enabled) .purges folder is also one more sub folder for recoverable deleted items folder .
  In purges folder items will be again started to get retain for the whole retention period (I mean to say retention period count will not get calculated from the day when it moves from the deletions folder to purges) instead again that particular email item
  start to get retained till the whole retention period get's over .
  You can use  mfcmapi tool and e-discovery search in exchange 2013 to recover the items which is moved from deletions folder to purges folder.
  Reference blog : http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/single-item-recovery-part1.html
  For an additional information litigation and In place hold is one of the feature in exchange which will retain emails for the years that you want .
  http://blogs.technet.com/b/exchange/archive/2013/12/11/litigation-hold-and-in-place-hold-in-exchange-2013-and-exchange-online.aspx
  Note : from 2010 on wards single item recovery feature is available.
  http://blogs.technet.com/b/exchange/archive/2009/09/25/3408389.aspx
  Regards
  S.Nithyanandham

• Upgrade from DPM 2010 to DPM 2012 R2

  Dears,
  is it possible to upgrade DPM from 2010 to 2012 R2.
  Thanks

  from
  https://social.technet.microsoft.com/Forums/en-US/18db5fd3-213b-4d60-b853-646daf780e3e/upgrade-from-2010-to-2012-r2?forum=dpmsetup
  I recommend to watch the video to upgrade DPM
  Update DPM 2010 to DPM 2012 -
  http://www.youtube.com/watch?v=v6hUyg5ePww
  Update DPM 2012 to DPM 2012 SP1 -
  http://www.youtube.com/watch?v=4VcN1jv_q_g
  and read the articles (you can translate using
  http://itools.com/tool/google-translate-web-page-translator)
  Обновление System Center DPM 2010 до DPM 2012 (текст)
  Обновление System Center DPM 2012 до DPM 2012 SP1 (текст)
  Обновление System Center DPM 2012 SP1
  до DPM 2012 R2 (текст)
  Have a nice day !!!
  DPM 2012 R2: Remove Recovery Points
  DPM blog

• DPM 2012 setup to remote SQL 2012. SSL cert error

  First of all, the category I selected, which was for SQL server reporting services was as close as I could get. There wasn't a way to select System Center DPM server from the list. As this relates to the Report Server portion of the setup, I chose this category.
  I am setting up DPM 2012 SP1 on a single use server (Windows Server 2102 R2 Standard) and remotely connecting to a new DB server (MSSQL 2012). I keep getting error ID:812 when trying to install, and the logs show that it is trying to set up report server,
  but that it cannot establish a trust relationship for SSL/TLS.
   * Exception :  => System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
  secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
  I'm not clear on how to proceed. Invalid cert means it wants something very specific.
  I have installed a domain issued cert from the DC on the SQL reporting server and have bound that cert to SSL using report server configuration. I then imported the cert into the DPM server in the trusted and personal certs. The DPM server has our DC as
  a trusted source. That clearly doesn't work.
  Thinking I may not be able to use a self-signed cert, I then installed our wildcard cert onto both the SQL server and the DPM server. I ran through the Report Server configuration again and bound that wildcard. This is a Godaddy wildcard cert.
  Same problem no matter what I do. Clearly, this is matter of a cert issue, but I'm lost. There are zero instructions I've found on how to ensure Windows server 2012 cert requirements are met as it relates to SQL and DPM.
  Thanks for your advice.
  Kaden

  Hi Kaden,
  This thread is for reporting service and I hope i can provide some useful informaiton from reporting service side while i don't work on DPM at all. You may still need to find out the forum for the DPM and check there.
  Regardingless of DPM, Reporting Service can usually create HTTP link and HTTPS link together. For the HTTP one, a certificate is needed. HTTPS is not needed excep you have the concern with  security.
  Usually application like DPM/SCOM will connect to the web service link provided by Reporting Service and work on that.
  If the application requires a HTTPS link, then same thing has to be setup on reporting.
  You need to install a certificate and add it to trust store and then configure reporting service to listening on HTTPs 443 port from the reporting service configuration manager.
  You can find the steps here.http://technet.microsoft.com/en-us/library/ms345223(v=sql.110).aspx
  After you create the HTTPS link successful, try to open the https web service link both remotely or locally from IE. If you can open it there without any error, reporting service is working fine.
  For some applications, they would need special  certificates installed on reporting service and used. You may check with the related product on this then.
  In a summary, if you can configure a HTTPS link for reporting service can open it correctly, configuration steps on reporting service is fine.
  If there is still any error from DPM, you would need check additional resource from DPM part.
  Thanks,

• Enable single item recovery with two retention settings at the database level.

  Hello All,
  We have an Exchange 2010 SP3 RU4 environment and planning on moving from third party archives solution to Native Exchange archives for cost reduction purposes, upgrading to Exchange 2013 to benefit from added in place features is not within scope at
  this stage.
  We are looking at implementing the following steps and want to know if it will work:
  1-Create archive DB(s) as per our usage and growth projections
  2-Enable archives for all our users and migrate current archive content to it.
  3-Create Retention Tag/Policy to move all records from live to archive "Age limit for retention" 90 days (no retention tags on the policy)
  4-Enable Single Item recovery for all of our users (script the same to run twice daily to enable SIR for newly created accounts)
  5-Set the "Keep Deleted Items" on the Live DB(s) to 90 days and the Archive DB(s) to 7 Years
  6-We are NOT using Legal Hold or plan to use it except on per as need basis
  Are we accomplishing the following:
  1-Items are automatically archived after 90 days
  2-Items archived now have a 7year retention based on the "keep deleted items" set for the archive DB(s)
  3-Items copied back to the live mailbox by a user will be returned to the archive database the next time the folder assistant runs against this user account (based on load or if run manually)
  4-Hard deleted items by a user is recoverable as long as the email record is within the retention period set at the database where it resides.
  5-Hard deleted items are recoverable using MFCMapi or by a restore.
  6-Items are permanently purged on the archive DB(s) after 7 years.
  Any input, ideas, recommendations, clarifications would be greatly valued and appreciated.  
  Ash

  Thanks CodexCZ,
  So, SIR will "kind of" do the same as the retention tag except I can use different durations based on the limits on each DB? am I correct?
  thanks again.
  Ash

• Enabling Single Item Recovery per databse

  Hello,
  I am trying to find a command that will set "Single Item Recovery" to be true for all mailboxes in a database. I know how to set it for a single mailbox but I can't seem to find the correct syntax to make it work for each mailbox in a particuliar database.
  This is what I have come up with so far but it tries to set it on all mailboxes in all databases:
  [PS] C:\Get-Mailbox | Where{$_.Database -eq servername\databasename} | Set-Mailbox -SingleItemRecoveryEnabled $true
  Also, is there a way to set it as the default for all new mailboxes created in a database?
  TIA.
  Mark

  Addition to what Jonas said :)
  For a scheduled script you can use the same command as you already did: Get-Mailbox -Server
  servername| Set-Mailbox -SingleItemRecoveryEnabled $true. If you run that command once every night you would have to wait no more then one day before the new users have the correct settings.
  And if you want to make it a bit more complex you can add a where function and the command will only configure the mailboxes that has been created in the last 24h: Get-Mailbox -Server
  servername | Where { $_.WhenCreated -gt (get-date).adddays(-1) } | Set-Mailbox -SingleItemRecoveryEnabled $true
  Martin Sundström | Microsoft Certified Trainer | MCITP: Enterprise Messaging Administrator 2007/2010 |
  http://msundis.wordpress.com

• DPM 2012 R2 catalog failing, not all database items are available for restore

  I recently started protecting my SharePoint 2013 site using DPM 2012 R2.  I was able to get item level recovery working, but not all of the database items are showing in the recovery section.  I go get the warning "DPM failed to gather item
  level catalog for 1 database(s) of the SharePoint Farm Some of the recovery points for these databases in the farm would be associated with an earlier successful catalog. (ID 3133)"
  I have looked on the SharePoint front end web server in the WssCmdletsWrapperCurr log file and I do not see any exception there.
  It it is strange because I do get the option to restore some items, just not all of them.  Any help would be greatly appreciated.

  Hi,
  Resizing the boot partition (usually C:) should not effect DPM in any way.  DPM writes directly to it's volumes contained in the storage pool and not through the mount points on the C: drive.    So is the DPM UI showing
  missing volume next to some data sources ?   Try doing a DPM disk rescan and see if that removes the missing volume flag. 
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.

• Use of Single Instance Store (SIS) in DPM 2012 R2

  Hi,
  Please help me to understand use of installing Single Instance Store (SIS) feature while installation of DPM 2012 R2 or reason
  behind installing it.

  DPM is using Single Instance Storage (SIS) for optimizing storage space.
  Single-instance store, or SIS, is an architecture designed to maintain duplicate files with a minimum of disk, cache, and backup media overhead.
  Single-instance store backup, or SIS backup, is  an API that  backup applications call to access the SIS architecture.
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa362538(v=vs.85).aspx
   Single Instance Store (SIS) service to reduce the storage overhead of storing duplicate files.
  Single Instance Store
  Before you install DPM on your server, it is important to install a technology called Single Instance Store (SIS). SIS will ensure you get the maximum performance out of your disk space and reduce bandwidth needs on DPM.
  SIS is a technology that keeps the overhead of handling duplicate files low. This is often referred to as
  de-duplication. SIS is used to eliminate data duplication by storing only one copy of files on backup storage media. SIS is used in storage, mail, and backup solutions such as DPM. SIS helps to lower the costs of bandwidth when copying data
  across a network as well as needed storage space.
  Microsoft has used a single installation store in Exchange since version 4.0. SIS searches a hard disk and identifies duplicate files. SIS then saves only one copy of the files to a central location such as a DPM storage pool. SIS will then replace other
  copies of the files with pointers that direct you to the copy of the files the SIS repository already has stored.
  http://www.buchatech.com/2011/06/installing-data-protection-manager-2010-2/
  Have a nice day !!!

• DPM 2012 still requires put end users into local admin groups for the purpose of end user data recovery?

  On client computers that are protected by DPM 2010 and prior versions, you had to put the end users account in the local administrators group. If you did not add the end user account to the local administrators group you would get this error after opening
  the recovery tab in the DPM client: “DPM found no recovery points which you are authorized to restore on the specified DPM server. You can restore only those recovery points for which you were an administrator at the time the
  backup was taken. To restore other recovery points, contact your DPM administrator, or attempt to restore from another DPM.”  This is not ideal on many networks because the end users are not allowed to have local administrator access.
  Ths fix to this was included in hotfix 2465832 found here: http://support.microsoft.com/kb/2465832.
  This hotfix (a hotfix rollup package for DPM 2010) resolves other issues with DPM 2010 as well. You can find the full list of what this hotfix corrects on that link.
  One would think this issue should have been resolved in DPM 2012, however I am encountering the same exact issue, had to include end-users into the workstation local admin group before they can search for recovery points on the DPM server. This is not acceptable
  practice.
  Is there a new hotfix for the same issue on DPM 2012? I am hesitated to apply KB2465832 since it also includes many other fixes for DPM 2010, which may not appicable for version 2012.
  Please help.
  Thanks,

  This is a hands off solution to allow all users that use a machine to be able to restore their own files.
  1) Make these two cmd files and save them in c:\temp
  2) Using windows scheduler – schedule addperms.cmd to run daily – any new users that log onto the machine will automatically be able to restore their own files.
  <addperms.cmd>
  Cmd.exe /v /c c:\temp\addreg.cmd
  <addreg.cmd>
  set users=
  echo Windows Registry Editor Version 5.00>c:\temp\perms.reg
  echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection]>>c:\temp\perms.reg
  FOR /F "Tokens=*" %%n IN ('dir c:\users\*. /b') do set users=!users!%Userdomain%\\%%n,
  echo "ClientOwners"=^"%users%%Userdomain%\\bogususer^">>c:\temp\perms.reg
  REG IMPORT c:\temp\perms.reg
  Del c:\temp\perms.reg
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.
  That's a good one! Thanks for that.
  I've been scripting on KIX for some time, so here is mine, hope it helps to someone... (it's probably not the best, but it works)
  ========================================================================
  $RC=setoption("WOW64AlternateRegView","on") 
  $DPMkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection"
  $uservariable = "%userdomain%\%username%"
  If KeyExist ($DPMkey)
  $Userstring=ReadValue($DPMkey, "ClientOwners")
  If $Userstring == ""
  WriteValue($DPMkey,"ClientOwners", $uservariable, "REG_MULTI_SZ")
  ? "Key created"
  else
  If not instr($Userstring,$uservariable)
  $Userstring = "$Userstring,$uservariable"
  WriteValue($DPMkey,"ClientOwners", $Userstring, "REG_MULTI_SZ")
  EndIf
  Endif
  EndIf
  ==========================================================================
  The problem actually is that you still need to use an admin account to write on the registry, so ensure you configure it properly on the schedule task.
  In case you use a service account on the schedule task... the "$uservariable" will get populated with that account. As a work around to this... I changed it for the following line:
  =========================================================
  $uservariable = ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI", "LastLoggedOnSAMUser")
  =========================================================
  The only problem with that, is that key gets created/updated only if user gets logged phisically on that PC, but will not work for anyone connecting through RDP.

• Exchange Online Archive and Single Item recovery

  We are currently looking to implement online archiving in Exchange 2010.
  From my perspective,  we are doing it to relocate the older messages to some cheaper storage,  while making primary mailbox sizes are little more manageable.
  Management however,  want to ensure that once an item is moved to the online archive that it cannot be permanently deleted until after a 7 year retention period (for discovery purposes).
  Journaling isn't an option at this point..
  We have an Archive RPT which moves the items to the users archive after 90 days.
  We have another RPT which will Delete items from the Archive after 7 years (Delete no Recovery).
  We then have "Keep deleted Items for", set to 30 Days on the Primary Mailbox Database.
  and then have "Keep deleted Items for", set to 7 years (2555 Days) on the Archive Database(this is so that items are not immediately deleted if the user manually deletes from the archive).
  Obviously with this setup,  users will be able to purge items from the "Deletions" sub folder (Recover Deleted Items) if they want to remove it from the archive.
  My understanding is that if I enable Single Item Recovery for everyone,  then the items that the user might remove from the "Deletions" sub folder will be transparently moved to the "Purges" sub folder, and are therefore discoverable
  if required,  up until the retention period of each database (30 days for Primary mailbox, 7 years for archive).
  This sounds like exactly what we are after.
  Thus my questions;
  Apart from the obvious storage implications of doing this (7 years is alot of email),  are there any other issues\risks associated with going down this method for email retention?
  Is there a better way of achieving what we are after?  I dont suppose we could completely restrict deletion access to the users archive completely for example?
  If a user was to drag an item back into their primary mailbox.. and then delete it before the Managed Folder Assistant moved it back to the archive..  Would that be a potential hole in the retention requirement?
  Thanking you all in advance for your insight..

  You may want to use Litigation Hold to have users unable to delete the item permanently.
  http://blogs.technet.com/b/exchange/archive/2011/08/16/retention-hold-and-litigation-hold-in-exchange-2010.aspx
  I know it works on Active mailbox but not sure if the same attributes available for Archive Database. Just run the cmdlet and see if it can be done.
  Where Technology Meets Talent

• Exchange 2013 - Public Folder Mailbox and Single Item Recovery

  Hello,
  I recently had a request to recover some messages that an ex-employee deleted from the "recover deleted items" folder in their public folder. Since this resides on a public folder mailbox and it does have the option for
  "Single Item Recovery" to be enabled on the box (which I enabled not knowing if this really works or not), is there a way I can still recovery these items or do I have to go to a backup to obtain those messages. Since ExFolders does not work that
  is not an option. I've seen commands to restore a public folder that was deleted but not items that were deleted directly from a public folder. I checked using MFCMAPI and I do see the dumper root and the public folder dumpster for each folder but it
  looks to be only the "deletions" folder and don't see anything similar to a "purges" type folder. Any ideas or am I stuck recovering from backup? Thanks in advance!

  So I think you are stuck and will need to restore the EDB to a Recovery Database to restore the items because when the end user purged the items from the "Recover Deleted Items" it removes them from the Recoverable Items/Deletions folder. 
  Check out this article
  http://blogs.technet.com/b/exchange/archive/2013/08/23/recovering-public-folder-information-in-exchange-2013.aspx
  I have not played with the recoverable items settings on the 2013 public folder enabled mailbox EDB  but you might try checking out Litigation or In Place Hold to use as a safety mechanism moving forward.  That said this will also increase the
  DB size so consider all the options before implementing
  Search, Recover, & Extract Mailboxes, Folders, & Email Items from Offline Exchange Mailbox and Public Folder EDB's and Live Exchange Servers or Import/Migrate direct from Offline EDB to Any Production Exchange Server, even cross version i.e. 2003 -->
  2007 --> 2010 --> 2013 with Lucid8's
  DigiScope

• Litigation Hold, Single Item Recovery, & Mailbox Database Deleted Items Retention

  Hello
  I'm looking for a simple explanation of how the three features mentioned in the subject line interact and affect one another.
  Specifically, I'm after the answer to the following question:
  If a users mailbox has litigation hold enabled, and the mailbox database it lives on has a deleted items retention value of 365 days, does that users "Recoverable Items" get deleted after 365 days, or does litigation hold, as I supspect bypass the retention
  value?
  If Single Item Recovery is enabled for said user as well, and added to the scenario above - how does this affect the retention of the deleted items?
  I cannot find a definitive article that describes mailbox database deleted items retention, litigation hold and single item recovery and their behaviours when used together.
  Regards
  Matt
  Matt

  Hello again,
  Just wanted to open this thread up again, and gain some further clarification, specifically on the behaviour of items in "Recoverable Items\ Deletions" folder.
  In the following scenario how will items be processed:
  -SingleItemRecoveryEnabled -True
  -LitigationHoldEnabled - True
  -UseDatabaseRetentionDefaults -True
  -Items in the Deletions folder have passed the retention value date as specified on the database.
  Given the parameters above, when the I run the Managed Folder Assistant against a mailbox, I'm expecting to see the items in the Deletions folder move, and be placed in Purges folder.
  This is not happening however, items are only removed from the Deletions folder when LitigationHold is disabled. Then, items bypass the Purges folder altogether and are removed from the mailbox/database altogether.
  I referred to the article below for clarification:
  http://blogs.technet.com/b/exchange/archive/2009/09/25/3408389.aspx#_Short-Term_Preservation_of
  "...the message was not purged from the mailbox store. Instead the message was moved from the Recoverable
  Items\Deletions folder to the Recoverable Items\Purges folder. All store hard-deleted items end up in this folder when single item recovery is enabled. The Recoverable Items\Purges folder is not visible to the end user, meaning that they do not see data retained
  in this folder in the Recover Deleted Items tool.
  When the message deletion timestamp has exceeded the deleted item retention window, Records Management will purge the item."
  Can anyone assist in explaining the behaviour I'm observing?
  I'm in a transition period where by our organisation has been journalling all
  email to an Online service since 2008 and this service will continue to be used solely as our archiving and compliance mechanism.
  Since Exchange 2010 was adopted by the company around 18 months ago, the previous mail administrator had litigation hold enabled on all mailboxes
  from the outset, so I'm in the position now where by I have two retention methods running side by side.
  Long story short, the online archiving will be used moving forward and litigation hold will be disabled within Exchange. 
  What I want to do is transition from long term data
  preservation inside Exchange, to short term preservation - hence the reason for now enabling SIR.
  Currently I have mailboxes with 10's of GB's of mail sat in the "Recoverable Items\Deletions" folder, and very little, if anything in some
  cases, in the respective "Purges" folder.....
  Can anyone advise on a "correct" procedure for making this transition?
  Regards
  Matt
  Matt