eDiscovery in Exchange – Part 4: Restoring a mailbox database with DPM 2010

Home Blog eDiscovery in Exchange – Part 4: Restoring a mailbox database with DPM 2010

4sysops - The online community for SysAdmins and DevOps

    ,   0
In the previous three posts in this series, I discussed how to be proactive and what to do when faced with the possibility of legal inquiry. Part 4 will focus on the steps necessary to restore a mailbox database from Microsoft System Center Data Protection Manager (DPM) and prepare it for search.
Contents
  1. Exchange 2007
  2. Create Recovery Storage Group
  3. Restore Database to Recovery Storage Group from DPM
  4. Use Database Recovery Assistant to mount restored database
  5. Create mailbox for the search results
  6. Exchange 2010
  7. Create Recovery Database
  8. Restore Database to Recovery Database from DPM
  9. Mailbox for Search Results
Latest posts by Aaron Denton (see all)

If your inquiry will be done on a live database, this step of the process is not necessary. However; there are several scenarios where you’d want to perform the inquiry on a snapshot of the mailbox database from a previous point in time.

Exchange 2007

Create Recovery Storage Group

The first step is to use the Database Recovery Assistant to create a recovery storage group. This will provide a place to restore the database from DPM.

In Exchange Management Console (EMC) click Tools, Database Recovery Assistant, and Open Tool. If you have clustered mailbox servers, this should be done from the active node. Click Create Recovery Storage Group and then select a database to associate with and click Next. Specify appropriate file paths for the restored database and click Create the Recovery Storage Group. Review the details and click Go back to task center. There will now be new options available in the Manage Recovery Storage Group category.

eDiscovery Exchange - Create Recovery Storage Group

Exchange 2007 - Create Recovery Storage Group

eDiscovery Exchange - Troubleshooting Assistant with additional options in Manage Recovery Storage Group

Exchange 2007 - Troubleshooting Assistant with additional options in Manage Recovery Storage Group

Restore Database to Recovery Storage Group from DPM

Next, the database with the appropriate information should be restored. In DPM, this can be done by opening DPM Administrator Console and clicking Recovery. Locate the appropriate date and source by selecting the calendar date and backup medium. Right click the database and select Recover. In the Recovery Wizard, choose the option Recover to Recovery Storage Group. Click Browse to select the mailbox server. Type in the name of the storage group and database. Storage group name by default is Recovery Storage Group. Database name will vary but should match the associated database name. On the next screen, disable Mount Database when recovery completes and click next. On the Summary screen click Recover. Recovery time will depend on the size the database.

Use Database Recovery Assistant to mount restored database

At this point the database has been restored to the Recovery Storage Group and is ready to be mounted. In Database Recovery Assistant, click Mount or Dismount Databases in the Recovery Storage Group. Select the dismounted database and then click Mount Selected Database. Click Go Back to Task Center.

Create mailbox for the search results

At this point, you’re nearly ready to begin searching the database to move email based on keywords. Prior to doing so, we need to complete the final preparation of designating which mailbox will contain the results of the search. I’ve seen some literature in the past that suggests a folder be created in the designated user’s mailbox that will be reviewing the results. This would be appropriate for internal investigations that may not lead to the need for eDiscovery. However; when legal discovery is necessary, I feel it’s best to have a dedicated mailbox and possibly even a dedicated mailbox database for storing nothing else.

Exchange 2010

Create Recovery Database

Similar to Exchange 2007, a place needs to be prepared to restore the database from DPM. Creating the recovery database can be done through Exchange Management Shell (EMS). Type in the following command all on one line to create a place for the recovered database.
New-MailboxDatabase -Recovery -Name RDB2 -Server vEx2010 -EdbFilePath "E:\Recovery\RDB2\RDB2.EDB" -LogFolderPath "E:\Recovery\RDB2"

Restore Database to Recovery Database from DPM

Restoring the Exchange 2010 database as a Recovery Database is nearly identical to the process described earlier for Exchange 2007. The wizard in DPM only has different labeling of options. Choose Recovery Database as the restore option and otherwise follow the same directions and discussed earlier for Exchange 2007.

eDiscovery Exchange - DPM 2010 Recovery Wizard

DPM 2010 Recovery Wizard

eDiscovery Exchange - DPM Mailbox Server and Database Name specification

DPM Mailbox Server and Database Name specification

 

Mailbox for Search Results

Exchange 2010 has a built in Discovery Mailbox meant for doing legal discovery. It is no longer necessary to create a special mailbox to act as a secure place to store email matching eDiscovery search parameters.

At this point, the recovered database is ready to be searched. In the next post I’ll discuss how to perform the search by keyword and ultimately provide those search results to another party.

Articles in serieseDiscovery in Exchange
Related Articles
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account