IT tutorials

Microsoft Exchange Server 2013 : Preserving information (part 1) - Putting a mailbox on litigation hold

11/21/2014 3:06:00 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

An important part of being able to achieve a compliance strategy is the ability to preserve information. Retention policies help somewhat because they can automatically move information into archive mailboxes. However, they also remove information through tags that require items to be moved into the Recoverable Items folder or permanently deleted. Items held in the Recoverable Items folder will eventually be removed from the database and permanently deleted.

Some method is therefore required to limit the work of the MFA as it attempts to keep user mailboxes under control. The mechanism available in Exchange is called holding; any MFA processing that might delete an item is restricted, and (sometimes more importantly) users are also prevented from interfering with items.

Exchange 2010 introduced two kinds of holds. A retention hold has nothing to do with the preservation of information except insofar as it is used when an administrator wants to make sure that items are not removed from a mailbox for a temporary period, usually a number of weeks. The classic example of when a retention hold is used is when a user is on vacation for an extended time, and you don’t want the user to come back to find his mailbox emptied because the MFA has removed many items in his absence. Usually, people get a chance to rescue items (if they remember) after the MFA has cleaned up their mailbox by using Recover Deleted Items, but if someone is on vacation and probably not thinking about email, he won’t be interested in checking his mailbox. Furthermore, if the vacation lasts longer than the deleted items retention period set on the mailbox database (the default is 60 days), items will be permanently deleted while the user is still away. A retention hold solves the problem by instructing the MFA to ignore any delete processing for a specified period. In this case, you might set the retention hold for 65 days to allow the user a few days following his vacation to check the mailbox. Another common example of when a hold might be used is described in It occurs when a company is starting to use retention policies and wants to take a cautious approach. By implementing a retention hold on the mailboxes covered by retention policies, it ensures that any items the MFA deletes are retained and can be recovered. When users have become accustomed to the type of automatic mailbox housekeeping enabled through retention policies, the retention holds can be released from mailboxes, and the retained items will be removed.

The second kind of hold used in Exchange 2010 is a litigation hold (sometimes called a legal hold).

You can make the case that a legal hold is similar to a retention hold in some respects in that the MFA is prevented from removing items from a mailbox. However, the concept behind a legal hold is very different because the focus is entirely on the need to preserve information for what could be an extended period (months or even years). Instead of simply making sure that the MFA doesn’t remove something important while a user is on vacation, a legal hold ensures that any deletes or edits that occur within the mailbox are preserved while the hold is in effect. This is done to ensure that all possible information that might be required to satisfy a legal discovery action is preserved and remains discoverable, even if a user—by error or deliberately—attempts to remove that information.

When a legal hold is in force, the Store tracks any attempt that the user might make to edit or otherwise alter items in the mailbox and will capture versions silently in such a way that the edits are retained, indexed, and remain available to investigators if an eDiscovery search is performed. These edits are retained in a special location within the Recoverable Items folder. Unless they are informed, users are unaware that items are being preserved.

Placing a mailbox on retention hold can be regarded as a commonplace activity. Wise administrators take advice and guidance from the company’s legal department before they place a mailbox on litigation hold to ensure that the action complies with any legal requirements that are in force and does not compromise any document retention policies that are in effect. There’s no point in enabling a feature that collects unneeded or unwanted data.

The older forms of hold are there for backward compatibility with Exchange 2010 servers and because they do provide a specific kind of hold that might be useful in some circumstances. However, the general advice is that you should use in-place hold whenever possible because that is where the focus and development effort is now concentrated.

Putting a mailbox on retention hold

You cannot set retention hold through EAC. To put a mailbox on retention hold, you need to run the Set-Mailbox cmdlet through EMS. For example:

Set-Mailbox –Identity 'Tony Redmond' –RetentionHoldEnabled $True
–StartDateForRetentionHold "10/10/2013" –EndDateForRetentionHold "11/11/2013"
–RetentionComment "Mailbox placed on retention hold by A.N. Administrator following instruction by Legal Department"

This command puts the nominated mailbox on retention hold from 10 October 2013 through 11 November 2013. If you want to be more specific, you can include hours and minutes along with the date and provide a value such as 10/10/2013 09:00 to start the hold at 9 A.M. on 10 October 2013. If you don’t provide start and end date values for the retention hold, the mailbox is placed on an indefinite hold starting immediately. The retention comment is intended for two purposes: so the administrator can enter a note about why the mailbox was placed on retention hold and to provide the mailbox owner with a notification that the hold is in effect. The text entered for the comment is shown to the user in the backstage area of Outlook 2010 and Outlook 2013, so you should keep this in mind when you compose the comment. The text becomes available to the user after the next time the MFA processes the mailbox.

Another point to remember when you put a mailbox on retention hold is that extra quota is consumed to hold items that would otherwise be removed by the MFA. Given the size of mailbox quotas allocated today, this might not be an issue in your deployment, but it’s wise to check whether a user is close to her quota before you enable the hold and to adjust quotas if necessary.

To remove the retention hold, you run Set-Mailbox again to set the hold parameter to $False. For example:

Set-Mailbox –Identity 'Tony Redmond' –RetentionHoldEnabled $False –RetentionComment $Null

Putting a mailbox on litigation hold

When you place a mailbox on litigation hold, Exchange stops removing items from the database when their deleted items retention period expires, and any attempts by the user to delete or change items are retained in the Recoverable Items folder. Items are retained indefinitely until the litigation hold is released, subject to the recoverable items quota not being exceeded. Because items are retained, they remain available to be indexed and can be retrieved by searches.

You set litigation hold on a mailbox with EAC by editing the mailbox properties, where the option is available in the Mailbox Features section (Figure 1). When you save the new setting, EAC warns you that litigation hold has been replaced by in-place hold. When saved, the new settings become active as soon as the notice that litigation hold has been enabled on the mailbox has replicated throughout the organization.

Two screen shots illustrate how to put a mailbox on litigation hold. The left-side screen is displayed when you edit the properties of a mailbox and select Mailbox Features. To enable litigation hold, click the Enable link, which reveals the right-side screen, enabling the administrator to insert a note about the hold and details of a URL the user can consult to find out what being on hold means to him.

Figure 1. Putting a mailbox on litigation hold

Alternatively, you can put a mailbox on litigation hold using the Set-Mailbox cmdlet. For example:

Set-Mailbox –Identity 'Ruth, Andy (VP Sales)' –LitigationHoldEnabled $True
-RetentionComment 'Mailbox placed on litigation hold on 16 May 2013' -RetentionURL '' –LitigationHoldDate '12/25/2012 09:00'
–LitigationHoldOwner 'Legal Department'

EMS issues the same warning and advises that you should use an in-place hold if possible. After running the command, you can examine the updated settings with:

Get-Mailbox –Identity 'Ruth, Andy (VP Sales)' | Format-List Retention*, Litigation*

The RetentionComment and RetentionURL properties are used to populate the Account Settings section of the Outlook backstage area and inform users that their mailbox has been placed on hold. The –LitigationHoldDate and –LitigationHoldOwner parameters hold the date and time when the hold was enforced and the account that enforced the hold. Exchange completes these details automatically with the current date and time and the primary email address of the user who runs the command to place a mailbox on litigation hold using EAC or EMS.

Litigation hold: What about the user?

Exchange doesn’t automatically inform users that their mailbox has been placed on litigation hold and, unless they visit the Outlook backstage area and notice the retention comment, they will be unaware that their mailbox is in a hold status. Indeed, if they don’t use Outlook 2010 or Outlook 2013, users might never be aware of this fact. For this reason, you might want to incorporate a step in the hold process to inform whomever authorizes the litigation hold that he is responsible for sending users an email notification to inform them of why the hold is being placed on their mailbox and provide some information about what being on litigation hold means for a mailbox.

Releasing the mailbox from litigation hold is done by reversing the process:

Set-Mailbox –Identity 'Akers, Kim' –LitigationHoldEnabled $False –RetentionComment $Null

When a mailbox that is on retention or litigation hold is moved from an Exchange 2010 server to Exchange 2013, the hold remains in place. The same happens when a mailbox moves in the reverse direction. Setting any hold on a mailbox—retention or litigation—could take up to 60 minutes to become effective because the hold is respected after Exchange refreshes the cache it uses to hold Active Directory account information. The exact delay depends on your Active Directory infrastructure and how quickly updated mailbox settings are replicated. Two influences are in play. First, Active Directory must replicate the updated settings to all global catalog servers before you can be assured that the hold applies across the forest. Second, the Store caches Active Directory data about mailbox properties for performance reasons and therefore will not know that a hold setting has changed for the mailbox until the next time the Store refreshes its cache. The updated hold setting is fetched from Active Directory and becomes effective the next time the Store refreshes its cache. The complete cycle of Active Directory replication and Store cache refreshes could take up to an hour. Therefore, it is a good idea to implement holds, if possible, at a time when users are not actively using their mailboxes.

- Microsoft Exchange Server 2013 : How the Managed Folder Assistant implements retention policies (part 2) - Retention date calculation
- Microsoft Exchange Server 2013 : How the Managed Folder Assistant implements retention policies (part 1) - Behind the scenes with the MFA
- Sharepoint 2013 : Security and Policy - SharePoint Security Groups (part 4) - Assigning New Visitor, Member, and Owner Groups at Site Creation
- Sharepoint 2013 : Security and Policy - SharePoint Security Groups (part 3) - Creating a New Group, Deleting a Group
- Sharepoint 2013 : Security and Policy - SharePoint Security Groups (part 2) - Removing Users from a Group, Group Settings and Permissions
- Sharepoint 2013 : Security and Policy - SharePoint Security Groups - Adding Users to a Group
- Microsoft Exchange Server 2013 : Messaging records management (part 7) - Setting a retention policy on a folder
- Microsoft Exchange Server 2013 : Messaging records management (part 6) - Customizing retention policies for specific mailboxes, User interaction with retention policies
- Microsoft Exchange Server 2013 : Messaging records management (part 5) - Applying a retention policy to mailboxes
- Microsoft Exchange Server 2013 : Messaging records management (part 4) - Creating a retention policy
Top 10
Technology FAQ
- Microsoft ebs security server configuration
- IIs7 on Windows server 2003
- How to Configure Failover Clusters With Win 2008 Server R2?
- Windows 2008 Network Load Balancing
- Windows Server 2008 - Group Policy Management - Remove Computer Management
- Remove shortcuts possibility in a web page or to put in favorite
- HTA Dynamic Drop Down List
- IIS host header and DNS
- VMware or MS Virtual Server?
- Adobe Acrobat 9 inserting tab pages
programming4us programming4us