MS Exchange mailbox recovery from the Virtual Drive

You can use the Virtual Drive in combination with Microsoft tools to recover deleted MS Exchange mailboxes and storage groups. The feature is not suitable for the recovery of Public Folder data.

Pre-recovery instructions

Step 1: Confirm Requirements and Install the Virtual Drive

Before beginning, check you meet the Virtual Drive Requirements and Permissions.

Install the Virtual Drive tool if it is not installed yet.

Step 2: Check the status of the mailbox database

Check the status of the mailbox database on the Virtual Drive. This is done using eseutil.exe (Extensible Storage Engine Utility), a program included into all MS Exchange server installations.

  1. Click the Start menu
  2. Open the Command Prompt (CMD) as an administrator
  3. Run the following command:

    eseutil /mh "<EDB_file_path>"

Where <EDB_file_path> is the location in the Virtual Drive of the backed up mailbox database

For example:

eseutil /mh "B:\Exchange\2016-07-26\Exchange Server\First SG\Mailbox Database\Mailbox Database.edb"

Check the following fields in the response:

  • State: If the state of the mailbox database is Dirty Shutdown, you must change it to the clean shutdown state
  • Log required: If the value is 0-0, it means that no logs are required so the database can be safely put into the clean shutdown state. Otherwise you will get the range of required log files (note that the names are in hexadecimal numbers). In that case please refer to Step 3

Step 3: Check the state of log files (if applicable)

If the Log required field had the name of a log file, make sure that file is available:

  1. Click the Start menu
  2. Open the Command Prompt (CMD) as an administrator
  3. Run the following command:

    eseutil /ml "<log_file_path>"

Where <log_file_path> is the location in the Virtual Drive of the log file

For example, if the response is 111-111, this means that just 1 log file is required ("6F" in the decimal format), so the command would read:

eseutil /ml "B:\Exchange\2016-07-26\Exchange Server\First SG\Logs\E000000006F.log"

Ideally, you will return the list of log files with the state of "OK" next to each one.

  1. Find the log files required for the clean shutdown
  2. Copy all other logs (especially logs created before the required logs) to a temporary folder on your hard drive, for example to D:\Exchange\2016-07-26\Exchange Server\First SG\Logs

    Please be aware that the logs will be copied (restored) from the cloud, so the process can take a little longer that regular copying/pasting from a local drive

Step 4: Put the database into the clean shutdown state (if applicable)

If the state of the mailbox database is "Dirty Shutdown", you must change it to the clean shutdown state to make it fully functional as a single EDB file:

  1. Click the Start menu
  2. Open the Command Prompt (CMD) as an administrator
  3. Run the following command:

    eseutil /r <Checkpoint_file_name> /s "<Log_folder_path>"; /l ";<Log_folder_path>" /d "<EDB_folder_path>"

    4. Where the parameters mean:

    • /r - Puts the database into recovery mode
    • <Checkpoint_file_name> - Enter the name of the checkpoint file (*.chk) automatically created by MS Exchange e.g. E00
    • <Log_folder_path> - Enter the location of the folder where transaction log files for the current mailbox database are stored. You can identify transaction logs by their names and extensions, for example the filename may be something like E0000000060 and the extension will be .log
    • <EDB_folder_path> - Enter the location where the primary database file is stored. This coincides with the log folder in some versions of MS Exchange, for example in Exchange 2010

    Here is an example:

    eseutil /r E00 /i /a /s "D:\Exchange\2016-07-26\Exchange Server\First SG\Logs\" /l "D:\Exchange\2016-07-26\Exchange Server\First SG\Logs\" /d "B:\Exchange\2016-07-26\Exchange Server\First SG\Mailbox Database\"

  4. Ensure the database state has changed to "Clean Shutdown" by running the following command:

    eseutil /mh "<EDB_file_path>"

Recovery instructions

MS Exchange 2007 recovery

MS Exchange 2007 is recovered with the help of recovery storage groups. They are created by Microsoft Exchange Troubleshooting Assistant (extra.exe).

  1. Click the Start menu
  2. Open the Command Prompt (CMD) as an administrator
  3. Launch extra.exe
  4. In the Welcome screen, click Select a task
  5. From the Related Functions list, select Database Recovery Management
  6. Fill out server and user information to establish connection to the Exchange server
  7. Under Manage Recovery Storage Group, click Create a recovery storage group
  8. Select the storage group that contains the database
  9. Specify a path to the EDB database on the "B:" drive and click Create the recovery storage group
  10. In the results screen, click Go back to task center
  11. Under Manage Recovery Storage Group, select Mount or dismount databases in the recovery storage group
  12. Select the database you want to restore and click Mount selected database
  13. In the results screen, click Go back to task center
  14. Under Manage Recovery Storage Group, select Merge or copy mailbox contents
  15. Click Gather merge information
  16. Select the mailbox and click Perform pre-merge tasks
  17. Select the mailboxes you want to merge, click Save
  18. Hold on till the backup version is merged with the production database

Recovered mailboxes can be merged only with existing mailboxes. If you are recovering a deleted mailbox, it is necessary to create a new mailbox first. It can have the same name as the original.

The GUID of the new mailbox will differ from the GUID of the original mailbox. That is why the automatic merging described above will not work. You will need to mount the recovered contents to the new mailbox manually.

MS Exchange 2010 recovery

MS Exchange 2010 is recovered with the help of a recovery database. It is created by the Exchange Management Shell.

  1. Launch the Exchange Management Console. Open the Start menu. Under Microsoft Exchange Server 2010, click Exchange Management Shell
  2. Run the following command:

    New-MailboxDatabase -Recovery -Name <Recovery_database_name> -Server "<Exchange_server_name>" -EdbFilePath "<EDB_file_path>" -LogFolderPath "<Log_folder_path>"

    3. Here is a brief explanation of the parameters to submit.

    • New-MailboxDatabase is a cmdlet that creates a mailbox database object in the database container in Active Directory (view Microsoft instructions)
    • -Recovery – specifies that the new database will be a recovery database
    • <Recovery_database_name> – the name of the new database (must be unique within your organization)
    • <Exchange_server_name> – the name of the server the new database will be created on
    • <EDB_file_path> – the path to the restored mailbox database file
    • <Log_folder_path> – the path to the folder that will be used for transaction log files

    For example:

    New-MailboxDatabase -Name RecoveryDatabase01 -Server TestExchange-2010 -Recovery -EdbFilePath "B:\Exchange\2016-07-26\Exchange Server\V14\Mailbox\DB\DB01.edb" -LogFolderPath "D:\Exchange\2016-07-26\Microsoft\Exchange Server\V14\Mailbox\DB\Logs"

  3. In the Exchange Management Console, go to Organization Configuration > Mailbox > Database Management. Select the recovery database that you’ve just created and click Mount Database
  4. In the Exchange Management Shell, get the list of mailboxes in the recovery database:

    Get-MailboxStatistics -Database <Recovery_database_name>

  5. To restore one of the mailboxes from the recovery database, use the following command:

    Restore-Mailbox <Mailbox_name> -RecoveryDatabase <Recovery_database_name>

  6. Repeat the command for all other mailboxes that you want to restore

Post-recovery instructions

MS Exchange 2007

Dismount the database and remove the recovery storage group.

MS Exchange 2010

Dismount the recovery database and remove it from the Exchange Management Console.