Deleted Item Retention in Exchange Maintenance
Sorry for the delay in this posting - end-of-quarter stuff tends to push blogs off the table, but I'm back!
As promised in my last full posting, I'd like to talk about deleted item retention as it relates to how Exchange Online Maintenance and your users in general. As most Exchange Admins and Engineers know, if you delete an item in Outlook or a mailbox in Exchange, things don't instantly disappear. More on Mailbox retention next time, but for now, let's look at what happens when you delete a mail item.
If a user Soft-Deletes (normal delete operations) an item from their mailbox, it is moved to the Deleted Items folder in their local client. If you Shift-Delete in Outlook or otherwise delete with a non-Outlook client, this recovery method is not available for those items. It can be enabled for so-called Hard Delete operations in Outlook (See this MSFT KB article) but not for 3rd party email systems like POP3 mail. So this information only applies to those using Outlook (sorry about that).
When an email is deleted from Outlook, Exchange doesn't remove the item itself from the server-side data store. Instead, it removes the item from Outlook, but simply marks the item as ready for deletion in its own database. This is why deleting a large amount of email won't cause an immediate reduction in your database size - the data didn't go anywhere. It will not delete email from the mail store itself until the Deleted Item Retention (or Recovery) (DIR) time has passed. By default, this means that all deleted mail items will be held for 30 days before being permanently removed.
You can indeed change the time that Exchange holds onto these emails, both on a server-wide-level or for individual users. These tools are available as part of the standard Exchange tool-set, and as usual, details can be found over at TechNet. What you set your DIR to is really up to the organization in question, as many industries have regulatory requirements that may help you set policies, and your internal rules might give you guidance as well. Though the default of 30 days is fine for most, a little poking around will help you find out for sure what your numbers should be.
So, what does this have to do with Online Maintenance (OM)? Well, since Exchange just marks items for deletion in (by default) 30 days, when does it actually delete the emails? The answer is, on the first OM after the DIR time for that item has expired. During OM, the Exchange system performs several processes. One of these is to comb the databases for any items that have their DIR flags set, and ensure that any which have aged past their DIR date since the last maintenance was run. OM then deletes these items permanently and creates white-space in the database (see the last posting about what happens with white-space). If OM is not allowed to go through all its stages, or otherwise can't do them within the time you've allotted, then these items will not get deleted, taking up more and more space over time.
This is yet another reason why OM is vital to any healthy exchange server operation, as never deleting email is a bad idea all around. Note that DIR is *not* designed to remove the need for proper backup and DR strategies, as the loss of the server would result in the loss of the DIR information too - see previous posts on that topic.
Now, keep in mind that OM doesn't remove the white space that's created, it just moves it to the back of the database, but since Exchange can re-use this white space before creating more space in blank disk areas, not allowing OM to finish means your databases will grow at a much faster rate. So while your databases will not shrink as a result of OM like they would with *offline* maintenance, your databases should grow much more slowly if you're doing OM than if you were not allowing this process to complete.
On the other side of the equation, your end users can recover any item that is in the DIR cache and has not yet been removed from the server. Handy if something is accidentally or maliciously deleted. In most cases, the users just needs to click on the Deleted Items folder in Outlook and then go to Tools and select Recover Deleted Items. You can see a more detailed explanation on TechNet. This means that you do not have to manually restore the item for them, making your life a lot easier, as long as they realize they need it back within 30 days by default.
Next time - with any luck next week - Deleted Mailbox Retention - going beyond getting back one item.