Most Exchange admins remember the day they learned the difference between disabling a mailbox, and removing a mailbox. The vast majority learn that lesson the hard way.
To clarify for those of you who are yet to experience this particular scenario, Exchange offers two ways to “get rid of” a mailbox; disabling it, and removing/deleting it. Presented with those two options, inexperienced admins tend to choose remove/delete, because naturally they want to delete the mailbox. At face value, “disabling” sounds more like disabling a user account (i.e. it still exists, but can’t be logged on to).
It catches people out all the time, like this latest victim on Reddit:
I’ve written about this before, and regularly tweet the tip to try and educate the community and minimize the number of victims in the future. I’m not the only one; there’s blog posts in the top results on Google going back to 2008 about this.
It was only this week that I realized that Microsoft isn’t exactly helping with this issue at the moment. I tend to do my administration in PowerShell, so if I were to make the mistake of trying to remove a mailbox (by running Remove-Mailbox), I get a warning that describes what is about to happen. It’s then quite fairly my own fault for ignoring the warning and proceeding with deleting the mailbox and the Active Directory user object.
I almost never do it in the Exchange Admin Center, so when I tried it this week I was surprised to find two things. First, the visible option is the destructive one, deleting the mailbox and AD user object. The less destructive option, of merely removing the mail attributes from the user and marking the mailbox for deletion, is hidden under a menu.
The second is the lack of warning that appears.
Yes, that is a warning asking if you really want to continue. Of course you want to continue, it’s not like the warning is giving you any reason to reconsider your actions. Unlike the PowerShell cmdlet, which tells you exactly what’s about to happen.
Removing the mailbox “mailbox name” will remove the Active Directory user object and mark the mailbox and the archive (if present) in the database for removal.
There’s an obvious solution to this mess, which is by now a 10 year old problem (since the release of Exchange 2007).
- Add the same warning to the EAC dialog as is displayed in PowerShell
- Change the buttons in the EAC so the non-destructive action is visible, and the destructive action is hidden in the menu
Now if you happen to find yourself learning this lesson the hard way, all is not lost. Don’t panic and start troubleblasting, as some people do (taking risky actions such as rolling back a domain controller to a previous backup).
If you’ve got the Active Directory recycle bin enabled (which you should, unless you have a specific reason not to), you can recover the deleted user. Even if you don’t, you can quickly recreate the user account and then reconnect the disabled mailbox to the new user. It won’t be entirely perfect (there’ll be extra steps like re-adding them to groups, re-assigning permissions they previously had, and fixing the X500 address issue), but at least you haven’t lost any data.
In the meantime, we’ll be adding a test to Exchange Analyzer to check whether the recycle bin is enabled, and whether your databases have a suitable retention period configured so that mistakes can be undone.