In previous posts, we discussed how to increase the quota and enable retention policies. We also saw what could be done to solve situations where the 100 GB quota has been reached. If you haven’t already, check out my LinkedIn post and Part 1 of this blog series where I take you through increasing the RIF quota and enabling retention policies.
Quick recap – if the RIF ever become full, it would impact the useability and some basic features of email. This included the most fundamental ability – to delete and clean up items in your Exchange mailbox.
You might be wondering what measures can be taken to better manage the RIF. Or maybe you’re wanting to know what the best practices for the RIF are. Honestly, if you’ve read my first post on this, you’ve already done most of the work. The final management tool available is a bit overkill and not something you would want to do unless you’ve explored all the possible risks behind it.
Let’s look at why it’s not recommended to manage the RIF beyond increasing its quota.
PURGES OVERVIEW
As the Purges location of the RIF is completely hidden from the end user, it’s almost impossible to manage the folder effectively from a user perspective. This is by design, as the purpose of the Purges is to ensure data is retained for a set period (or indefinitely) for litigation purposes.
Due to this, Microsoft has provided the permissions to view and manage the contents of the Purges location by the means of eDiscovery. This also gives them the ability to clean the location if needed (although this requires further permissions and has risks involved – if you want to learn more, feel free to contact me directly).
RIF MANAGEMENT
The most ideal solution to managing the RIF is to enable Auto-Expanding Archiving (AEA) for all users so that micromanagement will not be required. There is also another handy switch that can be executed using PowerShell which is the “Start-ManagedFolderAssistant -identity <mailbox> -HoldCleanUp” switch. This switch will clean up any duplicates that are retained in the RIF which resulted from multiple versioning of an item.
Since we have already explored how to enable AEA, let’s look at the risk I was mentioning above. When retention policies are enabled, no item can be purged for the duration of the retention period…and this is final. You cannot, in no way, delete an item from Exchange if it’s under retention. I’m repeating this because the key point here is that the mailbox needs to be under retention. So, to delete something from a mailbox, you will need to remove or exclude that mailbox from the retention policy. This is not advisable as once it’s removed, it’s a free game for any deletions to occur. Even permanently deleting an item. Sure, you may have the best and most innocent of intentions when removing the retention so that an administrator can delete or clean up the RIF for a mailbox. However, end-users are another matter and most of the time you will not have control over this. I think you understand what I’m trying to say here but just in case, picture this scenario:
- Mailbox A’s RIF needs to be cleaned by removing some data from the RIF
- An admin has removed the hold or retention policy so that they can purge the data
- The admin then purges the data
- The admin re-enables the retention or hold for the mailbox
- The end
Seems all great right? The task was achieved. But let’s look at some additional events that could be unfolding at the same time:
- Mailbox A’s RIF needs to be cleaned by removing some data from the RIF
- An admin has removed the hold or retention policy so that they can purge the data
- The admin then purges the data
- User 1 from Mailbox A deletes some emails as it’s cleaning time for them and they need to make that mailbox look pretty
- They decided to empty the recycle bin in the mailbox (let’s face it – don’t we all just like seeing that full bin empty on our desktop, or is it just me?
- The admin re-enables the retention or hold for the mailbox
- The end
So, this time after the admin did the needful and purged the data then re-enabled the retention, the end-user also removed some items and it was a hard delete too so no restoring can happen. The admin would not be aware of this and this action would most likely fall through the cracks. When the time comes for eDiscovery and litigation of this mailbox, certain information will be missing, which could be crucial to the case. Since the mailbox was not under retention at the time of deletion, there is no way to recover these items.
Therefore, it is inadvisable to clean or purge data from the RIF manually. Instead, utilize the -HoldCleanUp switch from PowerShell where possible. For further information, you can explore the details of the “-HoldCleanUp” command.
Before I sign off, the key takeaways here are:
- Enable Retention Policy – get that free space to your RIF
- Enable Auto-Expansion Archiving – honestly, it’s amazing and somewhere down the line, you will enable this any way to manage quota – so start early!
- Don’t remove retention for any clean-ups – with AEA enabled early you shouldn’t even need to do this
Let me know how you go applying these solutions. As always, if you have any feedback or questions, please reach out!