Saturday, July 26, 2008

Exchange 2007 Messaging Records Management

Introduction

One major new feature of Exchange 2007 is that of Messaging Records Management (MRM). The main principle behind MRM is that it helps an organization with its legal compliance requirements, something that previous versions of Exchange aren’t particularly good at. It does this by placing the onus on the user to categorize their messages, leading to these messages being retained where appropriate. Obsolete messages are then removed. Sounds simple enough? In truth it is, although there are a few processes to understand and some terminology to become familiar with.

The MRM Process

As I just mentioned, with MRM users are able to categorize their own messages and ensure that these messages are retained. Where are they retained? One of the key components of MRM is a managed folder. There are actually two types of managed folder, namely managed default folders and managed custom folders. Managed default folders are based on folder names that already exist within users’ mailboxes, such as the Inbox or Sent Items, whilst managed custom folders are created by the Exchange administrators and are essentially additional folders seen within users' mailboxes. They can be seen via Outlook and OWA and typically they cannot be deleted, renamed or moved. For example, Figure 1 shows how managed folders appear within the OWA client. Notice how, when right-clicking the folders, that the options to delete or rename the folders are dimmed.


Figure 1: Managed Folders In OWA

We'll cover how you create these managed folders and how to set the retention settings as we go through this article. The important point to take away at the moment is that it's the users that classify their messages, placing them into the appropriate managed folder either manually or via rules. If messages are placed into managed folders for retention purposes, it follows that there must be a process for removing unwanted content. MRM gives us a way to control unwanted content based on age or message type. We'll also cover that as we go through this article.

You have already seen from Figure 1 what managed folders look like from within an OWA client. You'll notice that the managed folder names in Figure 1 are all custom names that I created, hence these are referred to as managed custom folders. Look at Figure 2 below to see a list of the managed default folders that can be configured. Note that the Action pane has been removed from the Exchange Management Console (EMC) for clarity. To view managed default folders via the EMC, follow these steps:

  1. Run the EMC.
  2. Expand the Organization Configuration node and then click Mailbox.
  3. In the result pane, select the Managed Default Folders tab.

To view this information via the Exchange Management Shell (EMS), the relevant cmdlet is Get-ManagedFolder. This is shown in Figure 3.


Figure 2: Managed Default Folders


Figure 3: Results of Get-ManagedFolder

For the remainder of this article, let's look at the first two steps of the five required to deploying MRM. In part two of this article, I’ll cover the remaining three steps.

Step 1: Create Managed Folders

Managed default folders are created automatically when Exchange 2007 is installed, although you can choose to create additional managed default folders if you wish. Creating managed custom folders is really easy, both via the EMC and via the EMS. Let’s go through the process of creating some sample managed folders and content settings as follows. Don’t forget, these are just sample folders to give you an idea of the process; they probably wouldn’t mean much in the real world!

  • Check users’ Inbox folders for items older than 90 days. Once found, these items are placed into a managed custom folder called Old Inbox Items where they are retained for a further 180 days.
  • Create managed custom folders that store documents for two different projects, namely Project X and Project Y. These documents are stored for 365 days.

The first thing to do is to create the new managed custom folders. Here's how:

  1. Run the EMC.
  2. Expand the Organization Configuration node and then click Mailbox.
  3. Either right-click the Mailbox object and choose the New Managed Custom Folder… option, or choose the same option from the Action pane.
  4. The New Managed Custom Folder wizard appears which consists of the screen that you see now, plus the Completion screen. The first screen is shown below in Figure 4.


Figure 4: Managed Custom Folder Wizard

  1. On the first screen, the following information needs to be entered:
    • The Name field is the name of the managed custom folder as seen within the EMC and EMS.
    • The Display the following name… field is the name that users see within Outlook and OWA. This field is automatically populated with the same information that you type into the Name field, but you can change this field if you like. In my case, I’ve set both of these fields to Old Inbox Items.
    • There is an optional size limit that you can set on this managed custom folder. In my case, I set this to 1024KB meaning that each user gets allocated 1MB to this managed custom folder. This is obviously too low to be meaningful, as I entered this value to make it easy for me to simulate what happens when the storage limit is exceeded.
    • There is an optional field to enter descriptive information that is shown to the users within Outlook or OWA. Figure 5 gives an example of how this looks to the users in OWA, coupled with how the storage limit allocation is progressing.
    • Finally, there is an option to prevent users from minimizing the descriptive information in Outlook or OWA.
  2. Once all the relevant information has been entered, click the New button. The Completion page is then shown which also shows you the EMS commands to create this managed custom folder via PowerShell. The cmdlet used is:

    New-ManagedFolder -Name 'Old Inbox Items' -FolderName 'Old Inbox Items' -StorageQuota '1MB' -Comment 'Inbox items older than 90 days are placed here for your review.' -MustDisplayComment $true

I’ve then repeated the above series of steps to create the Project X and Project Y managed custom folders.


Figure 5: Managed Custom Folder Comment

Incidentally, since I’ve mentioned the fact that you can set storage limits on the folders, you may be wondering what happens if you exceed these limits. Figure 6 shows you how the storage limit allocation comment looks when you’ve exceeded your limit. Figure 7 shows you the warning message you receive when attempting to add additional items to the folder that has exceeded the limit. These are how the messages are seen in the OWA client.


Figure 6: Managed Custom Folder Storage Limit Exceeded Comment


Figure 7: Warning When Storage Limit Exceeded

Step 2: Create Managed Content Settings

The next piece of our MRM jigsaw is the managed content settings. Managed content settings actually apply to either managed default folders or managed custom folders like the folders we just created. In our case, we want to apply settings to the default Inbox folder as well as our three managed custom folders which means we’ll be setting three different managed content settings (both ‘project’ folder content settings are essentially the same). Managed content settings allow you to perform various options such as moving items to the Deleted Items folder or your chosen managed custom folder, or perhaps permanently deleting the items. It follows that, since managed content settings apply to managed folders, you must either target the managed default folders or have created at least one managed custom folder before you can create managed content settings. Here's how to create our managed content settings for the default Inbox folder:

  1. Run the EMC.
  2. Expand the Organization Configuration node and then click Mailbox.
  3. Select the Managed Default Folders tab and you will now see the managed default folders list as shown above in Figure 2.
  4. Highlight the Inbox managed default folder and then either right-click it and choose the New Managed Content Settings… option, or choose the same option from the Action pane.
  5. The New Managed Content Settings wizard appears showing the Introduction screen. This is shown in Figure 8. Let’s examine the options that have to be configured:
    • In the Name of the managed content settings… field, enter a meaningful name that will be seen in both the EMC and EMS. I’ve chosen to enter ‘Inbox items older than 90 days’.
    • In the Message type drop-down list, choose the type of items that will be affected. Choices are All Mailbox Content, Calendar Items, Contacts, Documents, Faxes, Journal Items, Meeting Requests Responses and Cancellations, Missed Calls, Notes, Posts, RSS Items, Tasks and Voicemail. Since I want everything older than 90 days to be affected, I’ve chosen All Mailbox Content.
    • We require message retention to be set, so the Length of retention period (days) check box is selected and a value of 90 added.
    • Since the above option has just been selected, it’s now possible to configure when the retention period starts. I’m interested in ensuring that the retention period starts when the messages are delivered, so I’ve left it at the default option. The other option is When item is moved to the folder.
    • It’s now also possible to specify the Action to take at the end of the retention period. I’ve chosen the Move to a Managed Custom Folder option, clicked the Browse… button and then selected the Old Inbox Items managed custom folder previously created. The other options here are Move to the Deleted Items folder, Delete and Allow Recovery, Permanently Delete and Mark as Past Retention Limit.
    • Once completed, this screen looks like the one shown in Figure 8.


Figure 8: Managed Content Settings Wizard

  1. Clicking the Next button takes you to the Journaling screen, where it’s possible to forward copies to an alternative address. It’s possible to pick any type of mail-enabled recipient here, such as a mailbox, distribution list or contact. I’ve not selected this option in this example.
  2. Clicking Next takes you to a configuration summary screen, followed by the Completion screen that once again shows you the EMS command to create this configuration via PowerShell.

The cmdlet used is:

New-ManagedContentSettings -Name 'Inbox items older than 90 days' -FolderName 'Inbox' -RetentionAction 'MoveToFolder' -AddressForJournaling $null -AgeLimitForRetention '90.00:00:00' -JournalingEnabled $false -MessageFormatForJournaling 'UseTnef' -RetentionEnabled $true -LabelForJournaling '' -MessageClass '*' -MoveToDestinationFolder 'Old Inbox Items' -TriggerForRetention 'WhenDelivered'

It’s worth bearing in mind that once you’ve created your managed content settings, they appear below the relevant folder they are associated with as shown in Figure 9. Once again, the Action pane has been removed for clarity.


Figure 9: Content Settings Linked To Managed Default Folders

I’ve then proceeded to create additional managed content settings for the Old Inbox Items, Project X and Project Y managed custom folders. The ‘Old inbox items older than 180 days’ managed content settings configuration applies to all folder content and permanently deletes all items in the Old Inbox Items folder that are older than 180 days, whilst the ‘Documents relating to Project X’ and ‘Documents Relating to Project Y’ managed content settings apply only to documents and delete items older than 365 days. As you can see, things are flexible to suit your needs.

The Entire Mailbox managed default folder that you may have noticed in Figure 9. This can be used to apply managed content settings to all folders within a user’s mailbox, although managed custom folders and managed default folders already linked to a managed folder mailbox policy are excluded. I’ll be covering managed folder mailbox policies in part two of this article.

the remaining three steps required to complete the process. They are:

  • Create managed folder mailbox policies.
  • Apply the managed folder mailbox policies.
  • Schedule the managed folder assistant.

Step 3: Managed Folder Mailbox Policies

The third step is to create managed folder mailbox policies. In part one of this two-part article, we created three managed custom folders that we can ensure are deployed to users at the same time by linking them to a managed folder mailbox policy. That’s one of the key things to consider regarding a managed folder mailbox policy – all managed folders that are linked to the policy are created at the same time when the policy is linked to a user’s mailbox. To create this policy via the Exchange Management Console (EMC):

  1. Run the EMC.
  2. Expand the Organization Configuration node and then click Mailbox.
  3. Either right-click the Mailbox object and choose the New Managed Folder Mailbox Policy… option, or choose the same option from the Action pane.
  4. The New Managed Folder Mailbox Policy wizard appears which consists of the screen that you see now plus the Completion screen. The first screen is shown below in Figure 10.


Figure 10: New Managed Folder Mailbox Policy Wizard

  1. On this first screen, give the managed folder mailbox policy a suitable name in the first field. Let’s assume that all of our managed custom folders are to appear in each user’s mailbox, so we’ll call this policy Default Managed Custom Folders.
  2. In the Specify the managed folders that you want to link to this policy area, click the Add… button which then presents you with the Select Managed Folder window. Here you will see all available managed folders, including both default and custom managed folders. I’ve added the Inbox, Old Inbox Items, Project X and Project Y custom managed folders. Note that you can shift or control-select multiple folders if required. Obviously we need to add the Inbox folder in order to ensure our Inbox managed content settings are applied. This won’t create the Inbox folder of course, since this is a managed default folder that already exists. This window is shown in Figure 11. Once done, click OK which returns you back to the previous window.


Figure 11: Adding Folders to the Policy

  1. Clicking the New button then presents the Completion screen which also shows us the Exchange Management Shell (EMS) command used to create this policy. Clicking the Finish button completes the wizard.

The EMS cmdlet for creating the managed folder mailbox policy is straightforward. It is:

New-ManagedFolderMailboxPolicy -Name 'Default Managed Custom Folders' -ManagedFolderLinks 'Old Inbox Items','Project X','Project Y'

Step 4: Apply Managed Folder Mailbox Policies

The penultimate step is to apply the managed folder mailbox policy that we just created to our users. As I stated earlier in step 3, let’s assume for this article that we want to apply our policy to all users. Perhaps the easiest way to do this is via the EMS, since we can easily deploy the policies to many mailboxes in bulk. A suitable cmdlet to deploy to all users the Default Managed Custom Folders policy that we just created is:

Get-Mailbox | Set-Mailbox –ManagedFolderMailboxPolicy 'Default Managed Custom Folders'

You may remember from your PowerShell reading that in the above line we have piped the result of one cmdlet, Get-Mailbox, into the next cmdlet that sets the policies. Get-Mailbox is going to retrieve all mailboxes of course. You could do clever things like refining your selection to only include certain values set on specific Active Directory attributes. For example, you can retrieve all users who have their Active Directory ‘Title’ attribute set to ‘Manager’ via the following cmdlet:

Get-User | Where-Object {$_.RecipientType -eq "UserMailbox" -and $_.Title -eq "Manager"}

You’ll note the use of the UserMailbox recipient type, which targets all mailbox-enabled users, since we’re using Get-User this time rather than Get-Mailbox. To complete the entire cmdlet, we need to set the managed folder mailbox policy on the results, so the cmdlet becomes:

Get-User | Where-Object {$_.RecipientType -eq "UserMailbox" -and $_.Title -eq "Manager"}| Set-Mailbox -ManagedFolderMailboxPolicy "Default Managed Custom Folders"

After executing your cmdlet, you may find warnings and errors recorded depending on certain circumstances. For example, you may see the warning shown in Figure 12 informing you that clients older than Outlook 2003 SP2 are not supported.


Figure 12: Set-Mailbox Warning

What happens in the situation where Exchange 2007 is coexisting with Exchange 2003? In such a situation, there’s a strong possibility that not all user mailboxes will have been moved to Exchange 2007 by the time the administrator creates MRM policies. If these policies are applied to all users, the error shown in Figure 13 will be displayed by EMS. As you can see, it is not possible to set the policy on an Exchange 2003 mailbox.


Figure 13: Set-Mailbox Error

To apply managed folder mailbox policies via the EMC, follow these steps:

  1. Run the EMC.
  2. Expand the Recipient Configuration node and then click Mailbox.
  3. In the result pane, locate the relevant user mailbox, right-click it and choose Properties from the context menu.
  4. With the user properties displayed, click the Mailbox Settings tab.
  5. Select Messaging Records Management and then click the Properties button.
  6. In the resulting Messaging Records Management window, select the Managed folder mailbox policy check box and then click the Browse button.
  7. In the resulting Select Managed Folder Mailbox Policy window, select the relevant policy. In our case here, we select the Default Managed Custom Folders policy. Click OK.
  8. Back at the Messaging Records Management window, you should see a screen similar to the one shown below in Figure 14.


Figure 14: Policy Enabled via EMC

  1. Click OK all the way back out to the main EMC window.

Step 5: Schedule Managed Folder Assistant

Just creating the managed folder mailbox policy isn’t enough to get the managed custom folders created in each user’s Outlook or OWA client. To do this you must schedule the managed folder assistant to run on a mailbox server. In addition to creating the managed folders, the managed folder assistant also applies the managed content settings that we created in step 2 in part 1 of this article.

Here’s how to set the managed folder assistant using the EMC:

  1. Run the EMC.
  2. Expand the Server Configuration node and then click Mailbox.
  3. In the result pane, locate the relevant mailbox server and right-click it. From the context menu, choose Properties.
  4. From the resulting server properties window, click the Messaging Records Management tab. This tab is very simple as you can see from Figure 15 below.


Figure 15: Mailbox Server Messaging Records Management Tab

  1. From here it’s just a case of clicking the Customize… button and configuring when you want the managed folder assistant to run via the familiar schedule screen that you see so often when configuring Exchange.

If you don’t want to wait for the scheduled time to occur or if in the future you need to run the managed folder assistant on demand, you can perform a manual run via the following cmdlet:

Start-ManagedFolderAssistant

Without any additional parameters specified, the above cmdlet will process all mailboxes on the local server. Optional parameters that you can include with the above cmdlet are:

  • -DomainController. Use this parameter to specify which domain controller you’d like to use for the operation.
  • -Identity. With this parameter, you can specify which server you would like to process the mailboxes on.
  • -Mailbox. If you want to process an individual mailbox, use this parameter. You can specify this parameter using either the user’s email address, the user name in the domain\user format, or the mailbox GUID.

For example, to process the mailbox for User1 who’s a member of the NGH domain, you could use the following cmdlet:

Start-ManagedFolderAssistant –Mailbox NGH\User1

When deciding on a suitable schedule for the managed folder assistant, be aware that Microsoft recommends that it does not occur at the same time as your backup or online database maintenance.

Finally, I’d like to finish this article by quickly covering what happens when you delete all the managed custom folders and managed folder mailbox policies. You’d think that this would remove the folders from the user mailboxes. What actually happens is that the Managed Folders root folder, plus all subfolders, are converted to normal folders that can then be removed by the user. Note from Figure 16 the change in the folder icons from those shown in Figure 1 from part 1 of this article.


Figure 16: Managed Folders Now Removable

No comments: