This is a 1st post related to Mailbox Manager in this series, where I am trying to answer some most common questions about how this works.

What is Mailbox Manager?

 

Mailbox Manager is a tool that was designed to help enforce corporate message retention policies, and manage information store sizes. This allows you to clean mailboxes based on message size, message type, message age, and other properties.  Mailbox Manager runs within the System Attendant process and does not run as a separate service like it did in Exchange 5.5.

 

Configuring Mailbox Manager

 

Mailbox Manager policies are applied very similarly to email recipient polices in Exchange. They can be configured on the same email policy or as a separate policy. A separate policy is the recommended way of configuring MM policies.

 

To verify that you are not applying a Mailbox Manager policy on any of the email policies, you need to right click on each policy in the ESM and verify that the property pages do not include "Mailbox Manager Settings" as shown below:

This setting controls what tabs are available in the Exchange System Manager. Once you enable or disable a property page, this also sets whether or not the msExchPolicyOptionList attribute gets populated on that particular Recipient Policy. You can view this in ADSIEdit as shown below. Note: If you accidentally check off Mailbox Manager Settings and Click OK, you have effectively told the RUS to update every recipient with a Mailbox Manager policy that falls within the LDAP scope of that policy. You do not need to apply the policy as the RUS treats MM policies differently in the way that it stamps the users.

 

 

There are normally two values that you will see for this attribute. One will be for E-Mail addresses (0xfc 0x1c 0x49 0x26 0x50 0x9e 0x57 0x48 0x86 0x1b 0x0c 0xb8 0xdf 0x22 0xb5 0xd7) and one will be for Mailbox Manager (0xec 0x13 0x68 0x3b 0x89 0xce 0xba 0x42 0x94 0x42 0xd8 0x7d 0x4a 0xa3 0x0d 0xbc). This attribute will tell you what type of proxies are being applied for that policy. Simply checking or un-checking a value on the property pages will update this attribute.

 

Creating Mailbox Manager Policies

 

One of the largest issues for Mailbox Manager is how to filter out via an LDAP filter who does and does not get cleaned by Mailbox Manager. For example, let's say you have your standard 4x5 Storage Group/Mailbox Store scenario and you have the executive mailboxes on the first two stores within a storage group and the rest are all user mailboxes. How in the world does one create a filter to do that through the GUI? Currently, you can't. This will take some custom LDAP filters and the size of this filter can be huge and in a large environment.

 

Here is an example to filter out the Executive users for a Mailbox Store called StoreA under two different storage groups

 

(&
 (objectClass=user)
 (objectCategory=person)
 (mailnickname=*)
 (|
  (homeMDB=CN=StoreA,CN=SG1,CN=Information Store,CN=ServerName,CN=Servers,CN=AdminGroupName,CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=whatever,DC=com)
  (homeMDB=CN=StoreA,CN=SG2,CN=Information Store,CN=ServerName,CN=Servers,CN=AdminGroupName,CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=whatever,DC=com)
 )
)

 

The above example was shortened, but you can see that creating these LDAP queries are quite complex and is the only way to get around the limitation of the LDAP filter GUI.

 

To create a new policy, right click on Recipient Policies in the ESM and select New Recipient Policy. Under Recipient Policies select "Mailbox Manager Settings" during the creation. Enter a descriptive name on the General tab and then select the LDAP filter you would like to apply this policy to. Select the "Mailbox Manager Settings (Policy)" to setup what you would like to clean within the users mailboxes. The available operations you can perform against mailboxes are the following:

 

        • Generate report only
        • Move to Deleted Items Folder
        • Move to System Cleanup Folders
        • Delete Immediately

 

When selecting the processing type, you effectively update the MsExchMailboxManagerMode attribute for that policy. The following are the possible combinations for this attribute.

 

0 ---> Indicates "Generate Report Only"
1 ---> Indicates "Move to Deleted Items Folder"
2----> Indicates "Move to System Cleanup Folder"
3----> Indicates "Delete Immediately"

 

When selecting which folders you would like the policy applied to, you need to understand that for the folders other than the "System Cleanup" or "All Other Mail Folders", subfolders are not processed by default.  Subfolders are only processed when you select the "All Other Mail Folders" option. When selecting this folder option, this will clean out ALL subfolders in all folders in your mailbox. If you have contacts, appointments, or any other items that you do not want to have cleaned in any folders in your mailbox, you will need to exclude specific message classes shown next.

To exclude specific message classes, you can use the following configuration window.

 

 

The list of available messages classes that you can include are in the following table:

IPM Type        

Outlook type                            

IPM.NOTE        

Mail message                           

IPM.POST        

Post (in this folder)                  

IPM.APPOINTMENT 

Appointment and Meeting Request entries

IPM.TASK        

Task

IPM.CONTACT     

Contact

IPM.ACTIVITY    

Journal entry                          

IPM.DISTLIST    

Distribution List

IPM.STICKYNOTE  

Note

If you would like to send a notification to the end user regarding what was moved in their mailbox and how much data was processed, you can select that option and change the notification message to whatever you would like it to say:

Once you successfully create the policy, the RUS now takes over to apply the policy to each of the users that fall within the LDAP filter that you created. Once the RUS stamps each of the users, you will get a new setting under mxExchPoliciesIncluded for the Mailbox Manager policy.

 

Getting an LDP dump of a user will show that attribute populated with a new Mailbox Manager Policy.

 

msExchPoliciesIncluded:
{6020959E-00A1-4D41-B1B5-1DCCBF47440F},{3B6813EC-CE89-42BA-9442-D87D4AA30DBC};
{2C6C407F-51A3-4FD5-934F-2B6924BEB645},{26491CFC-9E50-4857-861B-0CB8DF22B5D7};

 

Mailbox Manager Policies are uniquely identified by their GUID {3B6813EC-CE89-42BA-9442-D87D4AA30DBC}. E-mail Address Policies have their own GUID of {26491CFC-9E50-4857-861B-0CB8DF22B5D7}. So from the above example in the first line, we show the ObjectGUID of the policy itself, followed by the identifying GUID. This is very useful in identifying WHO is getting what policy applied. Keep in mind that you can have only one Mailbox Manager Policy at any given time and it is the RUS responsibility to keep this updated properly. There was a problem in Exchange 2003 SP1 that when a user is moved in and out of scope of a Mailbox Manager policy, that the previously policy is not removed, so two MM policies exist for that user. This causes the user to get two different cleaning policies applied to their mailbox. Applying the hotfix in 883351 will resolve this issue

Now that we have our policy in place and all of the users stamped, we need to go and configure each Exchange server to run the Mailbox Management process at a given time and to select who will get the administrative reports. To do this, get properties of an Exchange server and select the Mailbox Management tab.

Under "Start mailbox management process", select when you would like to run this process. This process should run only once within a 15 minute period. If you select a period that is greater than one 15 minute time period, the process may run multiple times causing the user to get multiple email reports if that is configured.

 

Under "Reporting", you can select whether you want to send a detailed report or a summary report. A detailed report will send an attachment of all users that were processed and how much data was moved/deleted in each folder. The summary report will give you the total amount of data that was processed in any given pass.

 

Under "Administrator", select the Administrator that you would like to send the report to. At this time, you cannot select a Distribution List to email this report to, only a user.

 

Now that you have everything configured, there is one more option in which you can manually run this process by right-clicking on a specific server in the ESM and selecting "Start Mailbox Management Process".

 

Next post will be on "How Mailbox Manager processes recipients"!

 

- Mike Lagase