Executive Summary:

To perform a restore of a Microsoft Exchange Server 2007 environment, you first have to have a viable backup, which you can make with NTBackup. You can restore an Exchange Server mailbox database with simple Windows PowerShell commands through Exchange Management Shell. You can restore a single mailbox through Exchange Management Console, or a single mail item through Microsoft Outlook, provided they haven't exceeded the deleted items retention period.

Nobody likes to think about it, but everybody knows that at some point disaster could strike your Exchange Server environment. It could be something external and unavoidable, such as a flood, earthquake, or fire. Or it could be something in the organization itself—a faulty piece of hardware or a failed connection. You need to be prepared—and you will be if you've performed your backups and know how to restore them quickly.

Of course, there are different disaster scenarios, from losing a single email message or mailbox to losing an entire server; the Exchange Server 2007 restore procedures are different in each case. Let's take a look at the basics first: taking a backup using NTBackup, recovering a mailbox database, and recovering individual mailboxes or mail items. In "Backing Up and Restoring Microsoft Exchange Server 2007, Part 2," I discuss more complex restore scenarios, including using a Recovery Storage Group (RSG) for restores and restoring an entire server.

Before attempting an Exchange backup or restore operation, you need to make sure the account to be used has the correct permissions. For both taking and restoring backups, the account must be a Domain Backup Operator, a Domain Administrator, and also a member of the local Administrators group on the server where NTBackup is run. To carry out required Exchange administrative operations related to backup and restore, your account should be an Exchange Organization Administrator. To verify domain group memberships, you can use the Microsoft Management Console (MMC) Active Directory Users and Computer snap-in, and to verify local group memberships you can use the MMC Computer Management snap-in.

Backup Types and Exchange 2007
It's possible to make full, incremental, and differential backups of Exchange 2007. A full backup is the simplest method, but it can take a long time. Incremental backups are quicker; however, you need a full backup and all incremental backups to perform a restore, which increases the chance of failure due to faulty media. Differential backups take slightly longer than incremental backups, but you need only the original full backup and the latest differential backup to restore. For more information about the types of backup, see "Backup and Restore Strategies for Exchange Server" (http://www.windowsitpro.com/Articles/articleid/7124/7124.html).

For small Exchange organizations, a full backup is recommended. In fact, you should take a full backup anytime you have enough speed and capacity in your backup system to do it without overrunning into your system's main operation time. If your backup window simply isn’t long enough or you don't have the storage space to backup that much data each night, you can use differential backups to speed things up. A third option that's becoming more prevalent is a snapshot-based backup. With snapshot backups, it's possible to restore databases within minutes in certain implementations, regardless of the database size. However, NTBackup doesn’t support this type of Exchange backup.

Making a Backup
Now let's look at how to use NTBackup to make full backups. First, start NTBackup, and on the Backup or Restore Wizard window, clear the Always Start in Wizard Mode check box to ensure you have full access to all settings. Next, click Advanced Mode, select the Backup tab, then navigate to the Microsoft Information Store in the left pane, as Figure 1 shows. Select the Store check box, then click Browse to choose a destination for the backup.

Next, click Start Backup, then click Start Backup again on the Backup Job Information window, which Figure 2 shows. If you want to check for errors after the backup completes, you can click Report on the Backup Progress window, which Figure 3 shows. As Figure 4 shows, the report is a text file, which is opened in Notepad by default. Assuming you don’t spot any errors, you can close the report and click Close on the Backup Progress window.

Performing a Database Restore
The first restore scenario I'll discuss is what to do if an entire Exchange database is lost. First, ensure that the database is dismounted—which it likely will be if it has been lost. Just to make sure, you can use the following command in Exchange Management Shell to dismount the database:

Dismount-Database `
 -Identity "Mailbox Database"

Note that the backtick (`) at the end of the first line indicates that the command continues on the next line; in Exchange Management Shell, you could enter the command all on one line without the backtick. If the database files still exist, you need to allow them to be overwritten with the following command:

Set-MailboxDatabase `
 -Identity "Mailbox Database" `
 -AllowFileRestore $true

Next, on NTBackup's Restore and Manage Media tab, locate the appropriate backup file in the left pane. As Figure 5 shows, you need to drill down until you can select the check box next to the storage group you want to restore. Click Start Restore, then in the Restoring Database Store window, which Figure 6 shows, enter the name of the destination server (or click Browse to locate the correct server) and enter a temporary location for restored logs. Finally, select the Last Restore Set check box so that any logs in the transaction log directory for the restored database that contain information written later than the restored backup will automatically be replayed to bring the restored database up to date. To begin the restore, click OK.

When the restore completes, mount the database using the command

Mount-Database "Mailbox Database"

One thing to bear in mind is that the Exchange database search indexes can become unsynchronized with the restored database because they don’t take into account the replay of logs. Therefore, it's sensible to rebuild the index for the restored database. This can be done after you restore the database or, to keep disruption to a minimum, as part of the restore process. You rebuild the index by stopping the Microsoft Exchange Search Service, deleting the old catalog (which is stored in the same folder as your .edb file and has a name beginning with CatalogData), then restarting the service.

Single Mailbox or Single Mail Item Restore
Both the loss of a mailbox and the loss of a single item from a mailbox can be solved either by restoring from backup or by recovering from the deleted items or deleted mailbox retention areas. For now, let's look just at the recovery option; I'll discuss how to restore a single mail item or mailbox from backup using an RSG in "Backing Up and Restoring Microsoft Exchange Server 2007, Part 2."

When you delete a user, either through Exchange Management Console or through the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, the user's mailbox is placed in the deleted mailbox retention area. During the deleted mailbox retention period, the mailbox appears in both Exchange Management Shell and the Exchange Management Console as a disconnected mailbox; Figure 7 shows a disconnected mailbox in Exchange Management Console. For information about changing the default retention period, see the sidebar, "Configuring Deleted Items Retention Periods in Exchange Server 2007" (http://www.windowsitpro.com/Articles/articleid/97382/97382.html).

After locating the disconnected mailbox in the console tree, you can reconnect it to a user account by right-clicking it and selecting Connect. As Figure 8 shows, this launches the Connect Mailbox wizard. However, before going to the wizard, you need to ensure that the account you want to reconnect the mailbox to exists, either by restoring the account with Active Directory tools or by creating a new account. The steps to follow in the wizard are as follows:

  1. Select User Mailbox, then click Next.
  2. If the user you want to reconnect has the same name as the mailbox you're reconnecting, select Matching user, as Figure 9 shows. If the user name isn't the same, select Existing user.
  3. Click Browse and locate the user, then click OK and Next.
  4. On the next screen, click Connect, then click Finish.

The mailbox is now reconnected to the specified user, who can log in and use it as usual.

If only a single mail item has been lost, the user will most likely realize they've lost it within the default 14-day deleted items retention period that allows for easy recovery through any version of Microsoft Outlook. To recover a mail item from the deleted items recovery area—the dumpster—highlight the Deleted Items folder in Outlook, then choose Tools, Recover Deleted Items. As Figure 10 shows, doing so opens a window that lists your recoverable deleted items. Select any item in the list and click the envelope icon to restore the item to the mailbox folder from which it was deleted. Note that by default only soft-deleted items (i.e., mail deleted via the Deleted Items folder in an Outlook mailbox) can be recovered. For information about changing this setting to protect all folders, see the sidebar.

You should now have a good idea of how to handle simple backup and restore procedures for your Exchange 2007 environment, and in part two of this article I'll discuss how to recover from more advanced problems. You can't stop the inevitable crashes, calamities, and boneheaded user errors that plague every administrator, but you can meet these situations with a ready solution in place if you prepare now.