1. Planning Backup and Recovery
The first thing I’ll say about dealing with backup and recovery is to mitigate. Now, what does “mitigate” mean? Mitigate means to lessen the impact of something, right? So if I want to avoid or try to reduce or lessen the impact of me having to deal with having to restore from backups and go through recovery, I could put features in place—mitigation measures—that can help me get things back up and running quickly or prevent something from happening altogether. Okay, so I want to look at some of these little features that Exchange comes with that can be implemented.
The first feature you’ll see there is the “Deleted Items Recovery” feature. Essentially, what happens is that a user goes and deletes an email, and it goes into their Deleted Items folder, and that is called a soft delete. All right? And eventually, something will appear in the Recovery Items folder. They can go to the recovery items folder, and they can retrieve things from that recovery items folder. Now, by default, the retention period for the recovered items in your users’ Outlook is going to be 14 days. Okay? Now, for calendar items, it’ll be 120 days; for the other items, it’ll be 14 days. Unless you change the retention settings, that’s going to be the default. Now, after that, Exchange is going to do what’s called a “hard delete” on the item. Okay? So one thing you can do is adjust those retention settings, and that will help in conjunction with recovery as well. Then you’ve got what’s called single-item recovery.
Single item recovery is a feature that can be enabled in your mailbox database. It is disabled by default, but if you enable single item recovery on your database, then it makes it so that single items can be pulled back from the database if an item is deleted. So a single email or single object can be recovered very easily. Okay? Another thing we can do is place a hold. Place holds are now typically used for forensic purposes, such as discovery and evidence collection. But what happens in an in-place hold? If we put a mailbox in an in-place hold state, then anything the user deletes in that mailbox is actually retained. It does not get deleted unless we go through and manually delete it. This allows administrators to go through the process of searching and recovering emails, for one, in conjunction with trying to do some kind of evidence collection or forensics investigation. Okay, then we’ve got deleted mailbox retention. So this is not just a single item getting deleted. This is an entire mailbox getting deleted. By default, Exchange will retain your mailboxes for 30 days. You can alter that if you need to. So you can very easily recover a mailbox even if it’s been deleted for up to 30 days. Okay? Of course, we have Dags.
We’ve talked about those before. That’s one of our most powerful features for protecting our entire mailbox. And there’s also something called “shadow redundancy.” Now, our client Access Services role has a great little feature called Shadow Redundancy. So when an email is being delivered, your Client Access Services communicate with your transport service, and every copy of the message is backed up into what’s called “Shadow Redundancy” until it is 100% confirmed that the message was received. Okay? So once the message is confirmed by the mailbox server as having been received, shadow redundancy can wipe that out. But that’s great. In the event that a mailbox server fails and you don’t have Dags or anything else to help you, shadow redundancy is another solution that can help. Now I also want to look at this idea of planning for disasters. We have to think in terms of time. And there are two acronyms that are pretty important here, and these are definitely a couple of acronyms you could see if you’re planning to take the exam as well. So it’s important to understand a little bit about each one of these. And of course, it’s important for the real world as well. The first acronym is RTO. R
TO stands for Recovery Time Objective. And the recovery time objective involves how long it takes to get things back up and running when a disaster occurs. And if you think about it, anytime something goes wrong, anytime we lose something, something goes down. That’s always the question everyone wants answered, right? They want to know: What is the RTO? What is the recovery time objective? How long is it going to take to get things back up and running? Okay, so this is going to involve, if we’ve backed up a bunch of stuff, a bunch of data, and we have a server failure or something, the question is, “How long does it take the RTO?” So let’s say that it’s going to take you 45 minutes to get everything back up and running. Well, that’s your RTO. That’s your recovery time objective. Now it is the RPO that is the more confusing of the two terms for people. Usually, RPO is the recovery point objective. And this is going to be an acronym that essentially means, “How up to date can I be after a recovery?” So the question is, how up-to-date can you be if you’ve lost data, if you’ve lost something and had to recover it? For example, with a Dag, your RPO is almost zero. That means that you have no real recovery.
Your database can go down, and a database server can go down, but you’re not going to lose any data. Okay, but let’s say we’re looking at this in terms of backups. Let’s say that you back up. Well, we’ll stretch it out. Let’s say you back all of your data up during the weekend, and that’s it. You only back up on weekends. You don’t have Dags helping. You don’t have anything else, but you back up your databases and your transaction logs. You’ve got all that stuff backed up. Okay? So Monday rolls around, and things happen. Tuesday rolls around. Wednesday, Thursday, and Friday roll around. and you lose all your data. Okay? Then you go ahead and restore all of your backups. And your backups were done over the weekend.
So that was your RPO. Your recovery point objective basically means you can only get things as up-to-date as the weekend at that point, okay? So you will lose any changes that occurred Monday through Thursday. So it’s a little scary when you look at it from that standpoint. If you backed up everything in a 24-hour cycle, so you backed everything up every night, then that’s your RPO. If we backed everything up last night and then lost it today at 5:00, we would have lost everything. But luckily, we had everything backed up last night. Well, that was our RPO. That’s a recovery point objective from last night. We would lose everything that has changed between last night and now. So when you look at RPO, you want to be looking at, well, how much data loss are we talking about here? I want to make that RPO. I want to lower that time period to as low a number as I can. Okay, so they tell you that with RTO and RPO, there are a couple of things you can do. You create multiple databases. That’s the idea of a dag. Have your transaction logs stored on separate hard drives. Set it up with raid, redundant RAID, and independent disks.
And that way, remember, you can actually recover your database from your transaction logs and keep your backups for short periods of time. Okay, so those are going to be some of the things you want to think about in terms of RTO and RPO. Now, what exactly are our backup solutions with regards to software for Exchange? Well, for one, we have the Windows Server backup, all right, and the Windows Server backup is free. It includes Microsoft Server. It’s included as part of the deal. You just have to enable it, and you can use it to back up Exchange. Now, if you are going to do a Windows Server backup, there are a couple of things to consider. You’re going to install Windows Server Backup directly on the exchange server. It must run on the exchange server. You can’t use the Windows Server backup to back up a different Exchange server. It’s got to be on the server that’s being backed up. Another thing is that you must back up the local disc or network share.
And you’ve got to back up to your local disc or network share. You cannot back up a tape drive. Fortunately, or unfortunately, depending on how much you despise tape drives, And then the other thing is that you can’t do what’s known as “brick level restores” and “brick level backups,” where you’re just backing up little pieces of data, you have to back up your entire database. And when you do a restore, you have to restore your entire database. The other thing is that server backup cannot back up passive tags. It can back up the active database, but it cannot back up passive databases. Okay? So there’s also System Center Data Protection Manager, also known as DPM. That’s Microsoft, sort of like Premier backup product.It’s got all the bells and whistles, so pretty much anything and everything you might want to be able to do Backing up tapes, backing up to the network, backing up to the cloud, Azure backup, all of that is possible, as are brick-level backups. And then you’ve got non-Microsoft software. There’s lots and lots of third-party stuff out there that can actually get the job done as well. So if you want to do individual item backups and brick-level backups, you have the capability to really get down and dirty with the different items that can be backed up. If you’ve got third-party backup software, there’s a lot of really fancy stuff out there that people like to use. All right? And then the last thing we want to look at here with you is just some of the backup requirements that we’ve got. When you are backing up things, these are the things that you want to have in your brain in regards to backup. So all of the roles would come first.
So your mailbox server role and your edge server role—all that to back up your roles If you’re doing this in the traditional Microsoft way, you’re going to back up the system state. So you’re going to use the backup tool. You’re going to restore the system state. The system state backs up the registry. It backs up the critical system files. It backs up boot files on the server, okay? It backs up drivers on the server. So it’s going to back up a lot of your critical resources on that server. Then, if you want to backup a domain controller, you’re backing up Active Directory. You’re going to back up the system state on a domain controller. By backing up the system state on the domain controller, it backs up Active Directory. Of course, keep in mind that Exchange stores a significant amount of data within Active Directory.
So that’s sort of a critical thing that you’ve got to get backed up, okay? Now, as far as the mailbox server itself, you want to back up your databases and your transaction logs. Remember that you can replay those transaction logs to get your database back and your message tracking logs. You want to back up your certificates and your server certificates, which also means you want to back up your certificate authority and keep that backed up. And then the other thing would be the IIS configuration. So in IIS, you want to know where your IIS files are by backing up the system state. That’s also going to be very important on that server as well, because it’s going to be backing up some of the registry settings that are going to be needed for your mailbox server. And the main thing is that I have a backup system. You’ve definitely got to back up your databases. Transaction logs or certificates Those are the big things that you could lose if an entire server, or maybe an entire set of servers, was to fail.Those are all things that you’re going to want to be thinking about in regards to having backed up so that you can do a restore. Okay. Okay. So those are the rundowns in terms of how we would perform a backup in exchange.
2. Implementing and Performing a Backup
Here, I’m going to log on as a user named Zack Smith. So Zac smith at exam lab practise is his email address. We’re going to put his password in. We’re logging on to our little Outlook web app here. And then we’re going to fire off an email to a user named Jan Williams. Okay, so Zack Smith is going to email Jan Williams. Now I’m going to click “New” to create a new email, and we’re going to email [email protected]. All right, so there’s Jan Williams. We’re going to say the subject is that this is a test. I’m just going to say hello, world, to Jan Williams. We’re going to hit send. And we’ve now sent this off to Jan Williams.
Okay? So now we’ll log off of Zack Smith and logon as Jan Williams enters the password. All right, so as you can see, I’ve got the email from Zach Smith here. Okay? So I just wanted to verify that we’ve got it. I’m going to minimize the web browser. Now we’re going to jump into EMS, the exchange management shell. Okay? So pull that up, and I’m going to run a command here called Get Mailbox. And we’re going to look for Jan Williams at examlabpractice.com, and I’m going to pipe that over to Formatlist, all right? And then we’re going to have it show me the name, the database, and then the grid number. All right? And so there it is. So Jen Williams is part of the marketing database, and the grid number is right there.
Okay, I’m actually going to save this Wid number for later purposes. So I’m actually going to open up Notepad, and all I have to do is just highlight this and just right-click it, and it’ll actually copy it, and then I can paste it right there. Okay? And I’m just going to save this grid number for later. All right, you’ll see the purpose of this coming up here, but I’m going to save that. All right? So now I’ve got the good number, and I can get out of my power shell. Now I’m going to open Server Manager, navigate to Manage, add roles and features, and configure the backup on our server here. So let me click next. Following that, this Windows Server Backup is a feature. So let me just zoom in on that so you can actually see it better. So here it is, right here, the Windows Server backup. I’m going to select that, and then I’m going to click Next, click Install, and it’s going to take a moment to install the Windows backup, all right? So I’ll just pause the video for a second and let that finish. So we’ve got the backup tool successfully installed now. So I’m just going to close this now. I’m also going to create a little folder that I can perform a backup on.
So I’m going to jump over to mydomain.com to actually create the folder. So, here I am on this one, the Nycdc one. I’m just going to quickly create a little folder here. We’re going to share this folder out, and this is where the backup is going to be performed. Okay, so we’re just going to create a folder here, and we’ll just call it back up. All right? And I’m just going to tell you about it. Advanced sharing is simply so that it can be accessed via the network. We’ll set permissions on it, and I’m just going to say to the administrator that domain administrators have full control. We can remove the Everyone group, and we’ve now officially shared that out. Okay, so now that we’ve done that, we’re going to jump back over to our exchange server. All right, so here we are back on Server Manager. We’re going to go to Tools, and we’re going to click on Windows Server Backup. All right, so this is going to load up our backup tool, and then we’ll be able to actually run through here. We’ll select local backup. So, if you look closely over here to the right, I have a Backup once option. So I’ll go ahead and click Back up once. All right. It’s going to pop a little box up on the screen. I’ve got an option that says different options. I’m actually going to choose Next on that. And then it’s asking me if I want to do a full server backup.
I am going to select Do Full Server Backup, and I’m going to click Next. All right? And then at that point, it’s going to say, “Okay, well if you’re going to do a full server backup, specify the destination of where you want to backup.” So I’m going to back up to a remote shared folder, and we’re going to back up to that folder we saw earlier, that we created earlier, nycdc One Backup. Okay, so that is going to be our destination. Okay, now it says, “Do not inherit.” This option makes the backup accessible only to the users whose credentials are provided, which is what I want to do. I’m going to make it so that I’m the only one who can do it. So that’s fine. I’m going to click next. That point. It wants me to enter my credentials right here. So I’m just going to put in my administrator account and my password. Okay? All right, so we’re now officially ready to start this backup. So we’ll go ahead and click Back up now. And of course it’s going to take a little while to do this, so we’re going to pause the video while it does that. Okay, so our backup has been completed successfully. We can hit the mark on this. And now, if we just quickly jump over to our domain controller, we should be able to look here in the backup folder and see that the data has been backed up. So there is information inside. Nyce one. And if we actually look at the size of the backup, we right-click and go to properties. You can see that the grand total is 32.1 gigs of backup.
3. Performing an Exchange Restoration
The Jan Williams email account We have this Zack Smith email. So from there, if we want to go ahead and just delete this email, we’re going to click delete the email. We’ll go over here to the deleted items. As you can see, there’s the email and the deleted items, and we’re going to go ahead and permanently delete them. We just permanently deleted that email and bade farewell to that email from Zach Williams. Okay? So now what I’m going to do is minimise that. I’m going to open up Server Manager again and go back into our backup tool, Windows Server Backup. All right, so we’ll load that backup on the screen here, all right? We’ll click on Local Backup, and then, if you look closely over to the right side of the screen here, you’ll see that I have an option that says Recover. So I can click on the “Recover” option. It’s going to pop a little box up on the screen here. So at that point, I can choose whether I would like to perform a backup. Okay? So it’s going to ask me, “Where am I going to be performing this?” I’m sorry; perform a restore. Where am I going to start this restoration? Okay, so I’m going to go right here and I’m going to choose a backup that’s stored in another location. So I’m going to do the restore, and the backup is stored in another location.
If you remember, I actually stored the backup on the domain controller, and I stored it in the backslashnycdc-one backup folder. Okay, so we’re now going to click Next on that, all right? Then it’ll ask me what the date is, what time it is, and all that other nonsense. I’m not going to alter anything there. I’m just going to leave it as the default. I’m going to click next. In this case, it says, “Okay, well, what do you want to recover?” Because Exchange is an application, I’m going to select Applications. I’m going to click Next, and it says, “Okay, well, which application?” Exchange. Okay, so I’m going to go ahead and do that. Now down here it says, “Do not report a role for the recovery of application databases.” Okay. So I’m actually going to select that. All right? And here’s the deal: If you look closely here, it says that because the latest backup version of the application was chosen for recovery, Windows ServerBackup will attempt to roll forward the application database by selecting this checkbox. You don’t want that to happen, which I don’t. Okay, I don’t want it to do the database roll forward on this. We’re trying to recover the database, not push it back to where it’s at now, where we’ve already deleted the email, right?
So that’s the logic behind that. All right? So I’m going to click Next, and then from there, it asks me if I want to recover to the original location or if I want to recover to another location. So, I’ll say recover to a different location. I’m going to click Browse, and then I’m going to choose to do this on the C drive, all right? And I’m just going to create a folder on the C drive, and we’re just going to call this folder “Restore.” So I’m going to create a folder called “Restore,” and that’s going to be my location for the restoration process. Okay? All right, so select that. We’re going to click OK. All right, we’re now going to click next. And it is now confirming that, if you look closely, I have information stores that will be recovered. So I’m going to go ahead and click Recover. And then this is going to take a while. So I’m going to pause the video while it is going through the restoration process. Okay, so as you can see, the databases here have been recovered into the C Restore folder. And so now I’m actually going to jump into the Exchange Management Shell. Here we are in the Exchange Management Shell. If you recall from my previous video, I used this command to retrieve Jan Williams’s mailbox at Examlabpractice.com.
And we displayed the user, the database, and the grid number. So what I want to do now is, since we know that Jan Williams’ email information is in the marketing database, So we’re going to type “get mailbox database.” All right? And then it will be as follows: the ID will be marketing because the database is the marketing database. We’re going to format this as a list, not a table. And I’m going to say, “Show me the name, show me the grid, and then show me the EDB file path.” That’s basically the file path for the database. And then the log folder path. This is just kind of narrowing down what it’s going to show on the screen for me. Okay? And there you go. Just to clarify, guys, if you’re not familiar with what I did there, if I had just said, “Show it to me like this,” then I wouldn’t have gotten everything. If I had said, “Just show it to me with a simple format list,” then it would have displayed all this information. And so what I’m doing is saying, “Just show me the things that I want to see.” So I’m using those commas to do that. So by running this command here, it’ll show me just what I want to see there.
Okay? So now that we’ve done that, we’re ready to create something called a recovery database. The recovery database is going to be a database where we’re going to restore the marketing database so that we can recover information from that database, so we can restore information, restore objects, restore items, and things like that from that database. Now to do this, I’m going to run a kind of long command. It’s going to be the new mailbox database recover name.And I got to name the recovery database. I’m just going to call it the recoverydb file path. All right, this is the fun part. We have to specify where the path is. So it’s going to be crestore, and then the name of this grid number right here. So enter the number five and press tab. and that’s not it. It concludes with the number three eight two. So hit Tab again. Okay, that’s it. So that’s the right folder. Then we’re going to do Cunderscore to represent the C drive. And then it was in the marketing container. Marketing EDB is the name of the database EDB file. So that’s the path that’s located in that backed-up folder. Okay, now we’ve got to specify the log file path. So we’ll say log, and we’re going to do the same thing. So we’re going to say the Crestore-Thomson number. All right. And then there’s score marketing, and we don’t have to put anything after that because you’re not actually pointing to the log file, you’re just pointing to the log folder in this case. Then we’re going to do server, and then we’re going to specify our server, which is the NYC Ex one.
Now we’re ready to go ahead and hit enter. And it’s now going through the process of creating the recovery database for me. It also informs you that the database was created from an existing file. All right, the database must be brought into a clean shutdown state before it can be mounted. So please restart the Microsoft Exchange information store. So we’re going to run that command, “Restart Service MS Exchange,” and that’s going to go ahead and restart that service for us. So now that we’ve gone through that process, we are ready to go through and make sure that the mailbox database is set to a clean shutdown state. We’re going to be using the Eseutil in order to do that. Okay? So I’m just going to clear my screen out.So now what I’m going to do is go into the folder where my database and transaction logs are, okay.So I’ll type CD, then go to see restore, and then the good number, which ends with three eight two and then marketing, or C underscore and then marketing. And I’m going to hit enter, and I’m going to type Dir. And I should see the backed-up database that’s all been restored to that location. And I can see the transaction logs. There’s the database file. Then, in the log file, look for an entry for “e zero two.” Okay, so now what I’m going to do is clear the screen again, and I’m going to do an Escutil. So you might remember me going over Escutil in one of the earlier lessons. Okay? And this is where we’ll perform the recovery database, restoring this into the recovery database. So I’m going to say Escutilly R, E, and 2 because that’s the transaction log that I’m using. And then I’m going to do D. So the rSwitch allows you to recover your database by basically replaying your transaction logs.
That’s what that’s doing. Then there’s the easier—or two—transaction log I’m replaying. And then the D is basically doing a D fragment of the database. Okay? So I’m going to hit enter. And it is currently in the process of doing so. And it says it has been completed successfully. All right, so now what I’m going to do is clear my screen. Now we’re going to mount our database. So we’ll say Mount database recovery. DB. Remember, that was the database that I created for this. All right, so it’s now going through the process of mounting the recovery database. Now that it’s done mounting, I’m going to type in mailbox statistics. There it is. Database recovery. DB. And we’re going to look at our information, our statistical information there, all right? And if you take a look, it shows you the information that was inside that database. It also displays the dates of your most recent logins. All right, so we’ve got our recovery database officially created. I’m just going to clean up my screen a little bit, and we’re going to run this command here. source database for new mailbox restore requests This will be a recovery database. The source store mailbox will be used. And we’re going to remember that this is the user named Jan Williams, right? So we’re going to do Jan Williams. All right, let me just verify the toothed display name of Jan Williams. Yeah, Jan Williams. So Janwilliams is correcting my typos here. All right. And then we’ll say the target mailbox will be [email protected]. Okay, we’re now going to hit Enter. All right. Oh, I accidentally put that in the targetroot folder. Let me just fix that real quick. All right. Tab can sometimes get you into a little bit of trouble if you move too fast. There we go. Hit enter. And now it’s going through that process. Okay, I’ll handle Jan Williams’ restore request for you. Jan Williams is entering the information that has been recovered from the recovery database. Notice that it says that it’s queued up right now. So I want to just verify. I’m going to type “get mailbox restore request.” You can tell that it’s a little bit laggy because of this restoration that’s going on.
OK. All right, so get the mailbox restore request. There it is. Hit Enter. All right, it says it’s in progress. Okay, so now it’s going through the process of performing that, and we’ll give it a second and come back. Okay, so it just took a moment, and as you can see, now it is complete. So I ran the command, and it is completed. And now what I want you to do is go to the Outlook Web App, okay? So we’re going to open up our browser here, and we’re going to go here and refresh Jan Williams’ email, and we’re going to see if our item is recovered. And it looks like it has already been refreshed, so we should be able to find Jan Williams. Mail has officially returned, and as you can see, email is back in business. All right, so all that is just to recover that email. But you guys could imagine if you were doing this on a large scale and had a lot of emails to recover. Obviously, I was just doing this with one email and one user, but you could just as easily do it with a much larger number of users. But hopefully that gives you a good idea of how the process works. If you had a Windows Server and were using Windows Server backup, keep in mind that DPM is a lot easier. Third-party backup is a lot easier. Obviously, the test isn’t really going to focus on that. It’s going to focus more on the built-in way here. So that’s why I wanted to sort of show you step-by-step how to perform it.