Here are some things you’ll need, for sure, before you get started:
- Access to the Exchange Server
- A backup of the exchange database (.edb) file and its logs
- The name of the mailbox you wish to recover and a second mailbox in case you’d like to copy data from the recovered mailbox to a random mailbox so you don’t overwrite anything
Here are the steps to the recovery:
- Add the Exchange Database to the Exchange Server as a “Recovery Database”
- Correct an issues with the database, possibly repair the database if it was in a dirty shutdown state
- Mount the database
- Recover the mailbox items from the Recovery Database in a number of different ways
- Dismount the database
- Remove the Recovery Database
Add the Exchange Database to the Exchange Server as a “Recovery Database”
Note: You need the .edb file and the logs. There’s no sense in going forward with this tutorial unless you have both.
We use Barracuda Backup appliances for all of our backup needs. I found the files I needed and restored them to a directory. For this tutorial it will be called E:\Recovery on my Exchange Server. Both of the logs and the .edb file reside in E:\Recovery.
Use the following command to add the database to the Exchange Server as a Recovery Database. In this command, my .edb file is called db1.edb, my server is called exchange01, and the name of my Recovery Database will be called db1:
New-MailboxDatabase -Recovery -Name db1 -Server exchange01 -EdbFilePath "E:\Recovery\db1.edb" -LogFolderPath "E:\Recovery"
Once added, you’ll be able to see the database in the EMC located under Microsoft Exchange > Organization Configuration > Mailbox > Database Management Tab. It will be unmounted. Before we can mount the database, we need to check to see if its status is a clean or dirty shutdown.
Check the shutdown status and correct, if necessary
In Exchange Management Shell, type the following command to check on the status of the database:
ESEUTIL /mh E:\Recovery\db1.edb
This will give you a long readout of the stats regarding the database. The state of the database will say either clean or dirty shutdown. If it’s clean, you can mount the database. If the state is dirty, you’ll need to repair the database by running the following command:
ESEUTIL /p E:\Recovery\db1.edb
Note: Keep in mind that some items may be lost during this repair. For large databases, this process can take a few hours.
Once repaired, run the /mh script again to make sure the database is in a clean shutdown state. I’ve never had a database fail to change the state to clean after running the /p command.
Mount the database
This can be done by refreshing the view of the database in the EMC, right clicking, and choosing to mount. If the state of the database is clean, it should mount without an issue. Keep in mind that this task may take up to minute after you click “Mount Database”. Be patient.
Recover the mailbox items from the Recovery Database
This can be acommplished in a number of different ways. For these scripts, the mailbox we will be recovering will be called “Dan Lee”.
To recover a mailbox, overwriting the old one (not recommended as it will overwrite everything), run the following:
Restore-Mailbox -ID 'Dan Lee' -RecoveryDatabase db1
To recover the contents of the mailbox to a subfolder of a different mailbox, have a mailbox already created and think of a folder name that you can remember. For this example, the Recovery Mailbox is called Admin Mailbox and the target folder of the Recovery Mailbox will be ‘dlee’:
Restore-Mailbox -ID 'Dan Lee' -RecoveryDatabase db1 -RecoveryMailbox 'Admin Mailbox' -TargetFolder 'dlee'
If you have a big mailbox or just want a certain folder recovered, you can use the ‘-IncludeFolders’ switch. Using it will only recovery the contents of the folders listed, nothing else. Separate the list of folders using a comma and space. In this example, the restore will only recovery the items of Inbox, Sent, and 2010 Budget folders to a sub folder called dlee underneath the mailbox Admin Mailbox:
Restore-Mailbox -ID 'Dan Lee' -RecoveryDatabase db1 -RecoveryMailbox 'Admin Mailbox' -TargetFolder 'dlee' -IncludeFolders \Inbox, \Sent, \2010 Budget
Last, you can do a recovery based on keywords by using -SubjectKeywords and -ContentKeywords switches, both able to take more than one word, again separated with a comma and space. To restore items that only have the word ‘budget’ and ‘marketing’ in both the subject or the body of the email:
Restore-Mailbox -ID 'Dan Lee' -RecoveryDatabase db1 -RecoveryMailbox 'Admin Mailbox' -TargetFolder 'dlee' -SubjectKeywords budget, marketing -ContentKeywords budget, marketing
I hope the examples help. There are tons of other methods to doing the restore, plenty of switches with lots of options. Get as specific as you want or just restore the whole mailbox and move what you need.
Dismount the Database
This can be done as quickly as mounting the database. Find it in the EMC, right click, and dismount. It will ask you if you are sure. When you are sure, click yes.
Remove the Database
Once dismounted, right click and choose to remove. The task will run and the Recovery Database will disappear from the list. Keep in mind, no files have actually been deleted. You’ll have to head into the file structure of the Exchange Server and delete the .ebd file and log files manually.
Links and Documentation:
I hope this helps everyone! Cheers!
