MS Exchange mailbox recovery from the Virtual Drive

You can use the Virtual Drive in combination with Microsoft tools to recover deleted MS Exchange mailboxes and storage groups. The feature is not suitable for the recovery of Public Folder data.

Pre-recovery instructions

1. Install the Virtual Drive

Install the Virtual Drive tool if it is not installed yet. You can do it with the help of an installation wizard or perform a silent installation.

After the installation a new local drive appears in your system, along with the regular "C:", "D:", and "E:" (DVD) drives. The drive is named "B:". If "B:": is taken, the next available letter is used.

2. Check the status of the mailbox database

Check the status of the mailbox database on the virtual drive (further referred to as the "B:" drive). This is done using eseutil.exe (Extensible Storage Engine Utility), a program included into all MS Exchange server installations. Here are steps to follow:

  1. Start Command Prompt as an administrator.
  2. Run the following command:
eseutil /mh "<EDB_file_path>"

<EDB_file_path> is where the backed up mailbox database file is stored, for example B:\Exchange\2016-07-26\Exchange Server\First SG\Mailbox Database\Mailbox Database.edb.

Check the following fields in the response:

  1. "State". If the state of the mailbox database is Dirty Shutdown, you must change it to the clean shutdown state. See step 4 for instructions.
  2. "Log required". If the value is 0-0, it means that no logs are required so the database can be safely put into the clean shutdown state. Otherwise you will get the range of required log files (note that the names are in hexadecimal numbers). In that case please refer to step 3 below.

3. Check the state of log files (if applicable)

If the Log required field had the name of a log file, make sure that file is available.

eseutil /ml <log_file_name>

For example, the response is 111-111. It means that just 1 log file is required ("6F" in the decimal format).

eseutil /ml "B:\Exchange\2016-07-26\Exchange Server\First SG\Logs\E000000006F.log"

Ideally, you will get the list of log files with the "OK" state next to each one. Find the log files required for the clean shutdown. Copy all other logs (especially logs created before the required logs) to a temporary folder on your hard drive, for example to D:\Exchange\2016-07-26\Exchange Server\First SG\Logs. Please be aware that the logs will be copied (restored) from the cloud, so the process can take a little longer that regular copying/pasting from a local drive.

4. Put the database into the clean shutdown state (if applicable)

If the state of the mailbox database is "Dirty Shutdown", you must change it to the clean shutdown state to make it fully functional as a single EDB file.

  1. Start Command Prompt as an administrator.
  2. Run the following command:
eseutil /r <Checkpoint_file_name> /s "<Log_folder_path>"; /l ";<Log_folder_path>" /d "<EDB_folder_path>"

Here is a brief explanation of the parameters to submit:

  • /r stands for the "recovery mode"
  • <Checkpoint_file_name> is the name of the checkpoint file (*.chk) automatically created by MS Exchange, for example "E00".
  • <Log_folder_path> is the location of the folder where transaction log files for the current mailbox database are stored. You can identify transaction logs by their names and extensions, for example "E0000000060.log".
  • <EDB_folder_path> is where the primary database file is stored. It coincides with the log folder in some versions of MS Exchange, for example in Exchange 2010.

Here is an example:

eseutil /r E00 /i /a /s "D:\Exchange\2016-07-26\Exchange Server\First SG\Logs\" /l "D:\Exchange\2016-07-26\Exchange Server\First SG\Logs\" /d "B:\Exchange\2016-07-26\Exchange Server\First SG\Mailbox Database\"
  1. Make sure the database state has changed to "Clean Shutdown".
eseutil /mh "<EDB_file_path>"

Recovery instructions

MS Exchange 2007 recovery

MS Exchange 2007 is recovered with the help of recovery storage groups. They are created by Microsoft Exchange Troubleshooting Assistant (extra.exe).

  1. Start Command Prompt as an administrator.
  2. Launch extra.exe.
  3. In the Welcome screen, click Select a task.
  4. From the Related Functions list, select Database Recovery Management.
  5. Fill out server and user information to establish connection to the Exchange server.
  6. Under Manage Recovery Storage Group, click Create a recovery storage group.
  7. Select the storage group that contains the database.
  8. Specify a path to the EDB database on the "B:" drive and click Create the recovery storage group.
  9. In the results screen, click Go back to task center.
  10. Under Manage Recovery Storage Group, select Mount or dismount databases in the recovery storage group.
  11. Select the database you want to restore and click Mount selected database.
  12. In the results screen, click Go back to task center.
  13. Under Manage Recovery Storage Group, select Merge or copy mailbox contents.
  14. Click Gather merge information.
  15. Select the mailbox and click Perform pre-merge tasks.
  16. Select the mailboxes you want to merge. Click Save.
  17. Hold on till the backup version is merged with the production database.

Important

Recovered mailboxes can be merged only with existing mailboxes. If you are recovering a deleted mailbox, it is necessary to create a new mailbox first. It can have the same name as the original.

The GUID of the new mailbox will differ from the GUID of the original mailbox. That is why the automatic merging described above will not work. You will need to mount the recovered contents to the new mailbox manually.

MS Exchange 2010 recovery

MS Exchange 2010 is recovered with the help of a recovery database. It is created by the Exchange Management Shell.

  1. Launch the Exchange Management Console. Open the Start menu. Under Microsoft Exchange Server 2010, click Exchange Management Shell.
  2. Run the following command:
New-MailboxDatabase -Recovery -Name <Recovery_database_name> -Server "<Exchange_server_name>" -EdbFilePath "<EDB_file_path>" -LogFolderPath "<Log_folder_path>"

Here is a brief explanation of the parameters to submit.

  • New-MailboxDatabase is a cmdlet that creates a mailbox database object in the database container in Active Directory (view Microsoft instructions)
  • -Recovery – specifies that the new database will be a recovery database.
  • <Recovery_database_name> – the name of the new database (must be unique within your organization).
  • <Exchange_server_name> – the name of the server the new database will be created on.
  • <EDB_file_path> – the path to the restored mailbox database file.
  • <Log_folder_path> – the path to the folder that will be used for transaction log files.

For example:

New-MailboxDatabase -Name RecoveryDatabase01 -Server TestExchange-2010 -Recovery -EdbFilePath "B:\Exchange\2016-07-26\Exchange Server\V14\Mailbox\DB\DB01.edb" -LogFolderPath "D:\Exchange\2016-07-26\Microsoft\Exchange Server\V14\Mailbox\DB\Logs"
  1. In the Exchange Management Console, go to Organization Configuration > Mailbox > Database Management. Select the recovery database that you’ve just created and click Mount Database.
  2. In the Exchange Management Shell, get the list of mailboxes in the recovery database:
Get-MailboxStatistics -Database <Recovery_database_name>
  1. To restore one of the mailboxes from the recovery database, use the following command:
Restore-Mailbox <Mailbox_name> -RecoveryDatabase <Recovery_database_name>
  1. Repeat the command for all other mailboxes that you want to restore.

Post-recovery instructions

MS Exchange 2007

Dismount the database and remove the recovery storage group.

MS Exchange 2010

Dismount the recovery database and remove it from the Exchange Management Console.