Exchange 2013 - Archive RESTRICTION
Hello All my Exchange MS Expert,
I have a customer requirement --> My customer want to restrict all user in their organization not to delete archive item from their archived mailbox? can we achieve this through security
option / from ADSI edit??? I have suggested them to go with inplace-hold but not wanted in-pace feature instead they need if a user want to delete any archived item they should get message saying "you don't have appropriate" permission
/ unable to delete.
I have open a Microsoft advisory Case: they told me to give some time to work on this requirement for test and will comeback to me.
Friends if you have any suggestion pls pass me. Much appreciate your valuable input.
Hello All my Exchange MS Expert,
I have a customer requirement --> My customer want to restrict all user in their organization not to delete archive item from their archived mailbox? can we achieve this through security
option / from ADSI edit??? I have suggested them to go with inplace-hold but not wanted in-pace feature instead they need if a user want to delete any archived item they should get message saying "you don't have appropriate" permission
/ unable to delete.
I have open a Microsoft advisory Case: they told me to give some time to work on this requirement for test and will comeback to me.
Friends if you have any suggestion pls pass me. Much appreciate your valuable input.
Exchange doesn't work that way. Using litigation hold/ Single Item Recovery is the only supported method.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
Similar Messages
-
Exchange 2013 Archive mailbox best practise
Current senario:
Migrating to Exchange 2013 CU3 from lotus Domino
in lotus domino the customer is having huge archive files(nfs file size is around 30 GB, like wise users are having multiple archive file with same size.)
Requirement is all these file need to migrated to exchange 2013 CU3. whcih we are taking care by using thrid party tool.
My concern is exchang e2013 support for huge mailbox size. if so what maximum size supported for online mailbox and archive mailbox.
can I assign multiple archive mailbox to users.
we have got separate Exchange 2013 archive server in place
We would like know the best practise/guide line for archive mailbox/live mailbox size.
refered below link:
http://blogs.technet.com/b/ashwinexchange/archive/2012/12/16/major-changes-with-exchange-server-2013-part-1.aspxThe key decision is that the content in the primary mailbox is synchronized with the client when in cached mode, while the content in the archive is not. So I'd want to keep the primary mailbox populated with the content the user needs on a daily basis,
and put the rest in the archive. Unfortunately, that answer is not a number, and it isn't the same for all users.
Each user can have zero or one archive mailboxes, not multiple.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Exchange 2013 Archiving question
Hi all,
I have a question on Exchange 2013 Archiving.
In the Default MRM Policy it has the Default 2 year move to archive tag.
When this runs it moves any emails over 2 years old to the users Archive mailbox.
I also know it will recreate the folder structure that was in the inbox.
My question is once it's moved to the users Archive what policy is applied to the emails and folders by default?
When you look at them it just says Using Parent folder Policy.
Would the parent folder be the Archive - %username it's self? Or is nothing applied and the users must go in a assign a tag to it?
ThanksHi,
If you apply one retention policy to a mailbox, then this retention policy will be applied to the primary and archive mailbox, this means that the archive mailbox have the same retention policy as primary mailbox.
Here is an example to help you to understand this.
You can use a DPT with the Move to Archive action to move items to the archive mailbox in two years, and a DPT with a deletion action to remove items from the mailbox
in seven years. Items in both primary and archive mailboxes will be deleted after seven years.
You can refer to the following article for more information.
http://technet.microsoft.com/en-gb/library/dd297955(v=exchg.150).aspx
Best regards,
Belinda Ma
TechNet Community Support -
Hello,
i have a problem with exchange 2013 in-place archiving.
Archive mailbox is in different database that mailbox database.
Yesterdey i have activated archiving for a first mailbox; when i activated archive many "Not read" message were sent.
Seem that when archive is active message sent to user that have request of read but that have not answer like "read" for the user when they are stored in archive mailbox send out reply to sender with "Not read: " in the subject.
I have checked "retention policy" and "retention tags" properties via exchange management shell but i did not find any field to disable unread in archive or something like.
Please can i have support for this problem?
Thanks in advance.Hi,
Before going further, I’d like to confirm how many senders are affected by the issue.
Please check if there is any Outlook rule about the unread message notification.
And we can also check if the sender select the option “always send read receipt”:
File>options>mail>tracking
Best regards,
Angela Shi
TechNet Community Support -
Exchange 2013 OWA - Restrict External access to OWA, while keeping internal access open
I'm looking for the best way to restrict users who can access OWA externally, while keeping internal access to OWA open to everyone. We would preferably like to control who has external access to OWA with an AD group. Users who have external access,
would need both external and internal access to OWA. Internal users would only have internal access to OWA.
TMG is off the table since it is EOL. Reverse proxy might be a possibility, but I'm running into issues with the security setup and passing credentials.
Does anyone know the best way of restricting external access without disabling internal access?
ThanksNot sure if this still applies to 2013 or not, haven't tried yet...
http://blog.leederbyshire.com/2013/03/13/block-or-allow-selected-users-depending-on-location-and-ad-group-membership-in-microsoft-exchange-2010-outlook-web-app/
Blog |
Get Your Exchange Powershell Tip of the Day from here -
Exchange 2013 - Folders missing when importing PST to archive mailbox
Hello,
I'm having an issue when importing PST files to an Exchange 2013 archive mailbox using the command "New-MailboxImportRequest
test -FilePath '\\server\e$\ArchiveExport\test.pst' -IsArchive -BadItemLimit 5 -ErrorAction Stop"
The import is running without an error and shows the status complete. The size of the archive mailbox is exactly the same like the size
of the PST file!
But when I check the users archive mailbox some folders are missing. It seems that this happens only to default folders like "Inbox"
or "Sent Items". Other folders are visible.
The mailbox import log shows the following:
16.01.15 16:31:56 [server] Merging folder '/Top of Personal Folders/Inbox [Inbox]' into '/Inbox [Inbox]'.
16.01.15 16:31:56 [server] Copying 3 items, 4.789 KB (4,904 bytes). Skipping 0 items, 0 B (0 bytes).
If I start the import process again the log says the following:
16.01.15 16:46:54 [server] Merging folder '/Top of Personal Folders/Inbox [Inbox]' into '/Inbox [Inbox]'.16.01.15
16:46:54 [server] Copying 0 items, 0 B (0 bytes). Skipping 3 items, 4.789 KB (4,904 bytes).
So it seems that the mails are really there but just not visible.
I did some tests:
When I import the PST file directly to the users mailbox (without parameter -IsArchive) I can see all content of the PST file.
When I add the parameter -TargetRootFolder "Testfolder" the whole PST content shows up correctly under that folder.
Can anyone explain this?
RegardsHi PhilippMair,
Thank you for your question.
If all subfolders were merged, we could use OWA to check if the missing folders is appeared. If we could see missing folders by OWA, I suggest we recreate outlook profile and reset outlook view.
In order to troubleshooting, I suggest we collect the import log to analysis if the subfolder of Inbox or Sent Item is exported.
In my test lab, inbox has three subfolders, there are 123,456,789; when I import PST file, I will see the following log:
1/20/2015 7:32:31 AM [EXCH2-CU1] Merging folder '/Top of Outlook data file/Inbox' into '/Top of Information Store/Inbox'.
1/20/2015 7:32:31 AM [EXCH2-CU1] Copying 18 items, 302.3 KB (309,594 bytes). Skipping 0 items, 0 B (0 bytes).
1/20/2015 7:32:32 AM [EXCH2-CU1] Merging folder '/Top of Outlook data file/Inbox/123' into '/Top of Information Store/Inbox/123'.
1/20/2015 7:32:32 AM [EXCH2-CU1] Copying 5 items, 62.21 KB (63,699 bytes). Skipping 0 items, 0 B (0 bytes).
1/20/2015 7:32:33 AM [EXCH2-CU1] Merging folder '/Top of Outlook data file/Inbox/456' into '/Top of Information Store/Inbox/456'.
1/20/2015 7:32:33 AM [EXCH2-CU1] Copying 1 items, 6.908 KB (7,074 bytes). Skipping 0 items, 0 B (0 bytes).
1/20/2015 7:32:33 AM [EXCH2-CU1] Merging folder '/Top of Outlook data file/Inbox/789' into '/Top of Information Store/Inbox/789'.
1/20/2015 7:32:33 AM [EXCH2-CU1] Copying 1 items, 21.31 KB (21,820 bytes). Skipping 0 items, 0 B (0 bytes).
We could check if there are any subfolder which would not be merged and copied. If your import log has any abnormal, I suggest you send log file to
[email protected] for our troubleshooting.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim -
Archiving migration from Symantec EV to Exchange 2013
Hi all,
We have a customer who has Exchange 2007 email system and Symantec EV 7 for archiving email. We need to migrate their email from Exchange 2007 to Exchange 2013 and activating Exchange 2013 archives. The customer asks to use this tool "Archive
2-Anywhere" from Archive360 to migrate archives from Symantec EV to Exchange 2013.
My question is I need to do this (migrating a user mailbox archive) in parallel with moving his mailbox to new exchange?Search the Internet for a phrase like "Migrate Enterprise Vault to Exchange 2013". You should get some hits for ideas for third-party solutions.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
What is the best backup plan for Archive Databases in Exchange 2013?
Hi,
We have Exchange 2013 with Hybrid setup with O365.
We have On premise exchange 2013 servers with 3 copies of primary Database & Single Copy of Archival DBs.
Now we have to frame backup policy with Symantec Backup Exec which has to backup our primary & Archival DBs
In 2007 exchange, before migration to 2013, we had policy of DBs - Weekly Full backup & Monthly Full Backup
Please suggest what would be the best possible backup strategy we can follow with 2013 DBs.
That too, especially for Archiving DBs
Our Archiving Policy are - 3 category - Any emails older than 6 month OR 1 Year OR 2 Year should go to Archive mailbox.
Keeping this in mind how to design the backup policy ?
Manju GowdaHi Manju,
you do not find best practice different from the common backup guidelines, as there is no archive db specific behaviour. Your users may move items to their archive at any time as well as your retention policies may move items that machted the retention policies
at any time. The result is frequently changing content to both, mailbox and archive mailbox databases, so you need to backup both the same way. You also may handle archives together with mailboxes together in the mailbox db
Please keep in mind that backup usually means data availability in case of system failure. So you may consider to do a less frequent backup with your archive db with dependency to the "keep deleted items" (/mailboxes) setting on your mailbox database.
Example:
keep deleted items: 30 days
backup of archive db: every 14 days
restore procedure:
* restore archive DB content
* add difference from recover deleted items (or Backup Exec single item recovery) for the missing 14 days.
So it depends more on your process than on a backup principle.
Regards,
Martin -
Outlook 2010 clients cannot access their Online Archive mailbox in Exchange 2013??
Hello,
I have an issue where my Outlook 2010user cannot see/access their Archive mailbox when they are migrated from Exchange 2010 to Exchange 2013.
Both the live and archive mailbox is in Exchange 2013, the user can launch Outlook but if they click on their Archive mailbox it is unavailable.
Once the user is upgraded to SP2 or Outlook 2013 they have no issues accessing their archive mailbox.
These users have the minimum required Outlook version (14.0.6126.5000),
they are running 14.0.6129.5000.
Is there a different requirement on the Outlook client if the user has an archive mailbox in Exchange 2013 as well?
Thank you.Hi,
Is there any update on this thread?
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If
you have feedback for TechNet Subscriber Support, contact [email protected]
Simon Wu
TechNet Community Support -
In what way Exchange Server 2013 archiving is better than the other 3rd party application ?
Hi All,
Can anyone here please share some thoughts and comments regarding of which feature of Exchange Server 2013 archiving is better than the 3rd Party application like Symantec Enterprise Vault ?
Any comments and suggestion would be greatly appreciated.
Thanks
/* Server Support Specialist */It's free.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
yes, as long as we are using the Exchange Server 2013 Enterprise Edition.
/* Server Support Specialist */ -
Hi everyone,
our group (which uses mobile sales system) is actually on Lotus notes and i am exploring features of exchange 2013 so that we can have necessary arguments to move to it. (Any help on that would be most welcome)
Actually we have our archives locally (on the clients) and no back is done . So if we have a hardware issue or any of the kind we lose all the mails.
I would need from exchange to have the archive available from anywhere and also available offline from the client side.
Is it possible and how can we do it?You cannot use Exchange archive, because they dont fullfill one of your need : "also available offline ".
Exchange Archive cant be cached on client side, so you can only access them being connected to Exchange (trough OWA or OA). They arent avalaible as well in ActiveSync (and probably BES).
Bruce Jourdain de Coutance - Consultant Exchange http://brucejdc.blog.free.fr
So when user using iPad or iPhone through Active Sync, they cannot access the archived item on Exchange Server 2013 ?
/* Server Support Specialist */ -
Current environment is Exchange 2010 SP3 RU5 supporting 4,000 Users. Client estate is Outlook 2010 SP1 going on SP2.
We're pulling our Archiving solution away from 3rd party and back into Exchange. Implementing a new set of Exchange 2010 Servers (old DAG or in a new Archive DAG) would be easy. But is there Exchange 2013 stepping stone potential?
Can the Archive DAG / Archive mailboxes be on 2013? i.e. for any given User, leave their primary mailbox on Exchange 2010 and create new Archive mailbox on 2013.
I want to avoid implementing 2010 Archive Servers and then go 2013 Archive 6 months or a year later.
This article suggests 'no':
http://technet.microsoft.com/en-gb/library/dd979800(v=exchg.150).aspx
"Locating a user’s mailbox and archive on different versions of Exchange Server is not supported."
I've found little info but the odd statement here / there.
Is this the latest position? Is it that cut & dry? Anyone tried it? Why won't it work (or will it but it's not supported)?
Thanks!<I had a response from MS>
Below is a summary of the case for your records:
Symptom:
=============
Is it possible to implement a 2013 environment to host the Archive mailboxes? i.e. for any given User, their primary mailbox is on Exchange 2010 and their Archive
mailbox is on 2013.
Resolution:
=============
It’s not supported to have a user’s primary mailbox reside on an older Exchange version than the user’s archive. If the user’s primary mailbox is still on Exchange
2010, you must move it to Exchange 2013 before or at the same time when you move the archive to Exchange 2013.
http://technet.microsoft.com/en-us/library/jj651146(v=exchg.150).aspx
as per the repro in our lab, having the archive mailbox in higher version of exchange would fail with the error above
<the scenario isn't completely relevant, looks like he's trying to put the Primary on 2013 and not the Archive, no matter, we've established there are problems, question is whether they are looking into this area / to patch, they go on...>
At this point in time we don’t have a conformation from the product team, if the above would change in the future exchange versions.
<MS did say on the call that they were not looking at fixing it, naturally this isn't a "never", as per previous statement - they can't commit 100% to the future, but they've provided me the answer - they are not currently looking at resolving/providing
this as a migration scenario, end.> -
Exchange 2013 autodiscover not working from Externally
Hi
i have exchange 2010 sp3(2Mb, 2hub/cas). I installed exchange 2013 servers(2MB, 2CAS). For coexistence i generated new certifcate with new cas from third party. I installed that certificate in that cas and assigned all services. i changed all my virtual
directories service url. I didnt import the new certificate to exchange 2010 cas server and i didnt change url to legacy link.But still iam able to check exchange 2010 user mailbox owa, activesync and autodiscover without any certificate error.
If i try to browse owa, its going to 2013 server, if user is exchange 2010 user and its redirecting to exchange 2010 owa with same link.
But i dont know how above things is working without importing to new certificate...
Main problem is i am not able to configure exchange 2013 users outlookanywhere, Autodiscover from externally...
So in tmg i pointed the outlook anywhere ip address new cas server, now both exchange 2010 and exchange 2013 users while OA from external, its keep on asking password... Not accepting it...
Please help me to fix this issue..Hi ,
On TMG please have the outlook anywhere rule like below and check the status.
Step
1 :
On the TMG rule - >authentication delegation ---> select the option "no delegation users can authenticate directly"
Step
2 :
on the users tab in the TMG rule - just add "all users" group on that rule.
By having the above settings we have avoided the issues in your environment.
Note : Based on the above setting's , Each and everyone in exchange will have a access to the outlook anywhere from external world , because there would not be having any restriction on the TMG rules.
Please have a look in to the below link , it will give you some ideas which is related to TMG
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Thanks & Regards S.Nithyanandham -
Exchange 2013 OWA internal only
Hi all,
Does anyone know how to restrict Exchange 2013 OWA for internal only, but can't impact Exchange ActiveSync service?
I guess IP Address and Domain Restrictions can make it, but it may impact ActiveSync.
Any good solution?
Thank,
IanHi,
Based on my research, we can install the CAS and Mailbox roles in separate two servers. Then we can create new website with a unique IP and only adding ActiveSync to that website. That would give us a website hosted on the box that served the ActiveSync
devices but nothing else, leaving the OWA open for internal access. The firewall would point to this website/IP on the CAS. We could also create a virtual directory under there for /OWA and /Exchange which would serve up the generic ““this service is no longer
available, please contact the help desk” message as the default webpage
http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
Thanks,
Angela Shi
TechNet Community Support -
Hello everyone
I have a network infrastructure consisting of 3 sites, site A, site B, and site C. i have 2 domain controllers on every site, and the AD roles are on the primary domain controller on site A. On site A I have an Exchange 2013sp1 CU6.
I want to create a second Exchange on Site B, with the roles of mailbox (the exchange on Site A will be first DAG member and the Exchange on Site B will be the second member of the DAG) and CAS.
First question: Is my thought correct about installaing on the same server mailbox and CAS server?
Second question: how many DAG witnesses I need for the DAG? One per site, or one in general (for example located on site A)
Third question: When I am trying to perform “Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” I receive the error
“ Setup encountered a problem while validating the state of Active Directory:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema can't be executed. See the Exchange setup log for more information on this error. For more information, visit:
http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
I tried to run the PrepareSchema from the ISO of Exchange 2013 SP1 and form the extracted content of Exchange 2013SP1 CU6 archive, but still receive the same error. Any ideas?
Thanks in advance.Thank you for your answer,
I have tried to run "Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms” from
Exchange 2013 CU6 media, but I still receive the error:
The Active Directory schema version (15303) is higher than Setup's version (15292). Therefore, PrepareSchema
can't be executed. See the Exchange setup log for more information on this error. For more information, visit:http://technet.microsoft.com/library(EXCHG.150)/ms.exch.setupreadiness.AdInitErrorRule.aspx “
any ideas?
Maybe you are looking for
-
I would like to know how to print a 8 1/2 X 11 sheet of the same 2 x 2 photo.
Printer is HPPhotosmart C5280 All in One: OS is Windows XP Professional 32-bit I would like to know how to make a full 8 1/2 x 11 page of the same 2x 2 borderless photo. I can add other photos but not the same phot to the same page. Is this possib
-
HELP! iCal is deleting events, seemingly at random. It is also deleting everything more than a month old. Since I have no other record of my calendar, this is a disaster. This has nothing to do with icloud, as my Mac is showing the identical calend
-
Crypto/pre-shared keys to crypto/pki worth doing?
Hi, I have 10 VPN's that come into my ASA 5520, they all use pre-shared keys (and AES-256/sha), is it worth moving to pki instead?
-
Can you download raw image files to iPad2?
Can you download raw image files from a compact flash card onto iPad2?
-
Hi! I just did an animation on Flash CS5. I used the bone tool on several symbols and I saved it properly, although now that i tried to open it, I can't see the symbols that I animated but I can see the bone tool animation. Please tell me what happen