question

bobh-8117 avatar image
0 Votes"
bobh-8117 asked TexKim-2857 commented

Removing orphaned in-place hold

An eDiscovery Case was apparently removed but the in-place holds were never removed. So a user now shows a hold GUID on their mailbox and is prevented from emptying their deleted items once they hit the 100gb max. Since the Case identifier has been removed from the system, the Get-CaseHoldPolicy command using the GUID (minus the prefix) returns an error.

Was on phone with MS support and they are currently at a loss.

There is an attribute in on-prem Active Directory named "msExchUserHoldPolicies" that holds the GUID of the in-place hold. We are in hybrid setup so when I clear this value and run AD Connect sync, the value comes right back. Research shows that there is an attribute named "cloudMsExchUserHoldPolicies" that is the online attribute that apparently AD Connect cannot clear. I have not found a way to clear the value of this cloud attribute...assuming this will even allow the user to be able to reduce the mailbox size and use it.

Was hoping that someone in the interworld had run into this situation before and might have some tips.

I found the script Remove-UserInPlaceHold (discussed https://docs.microsoft.com/en-us/archive/blogs/dsheehan/exchange-lingering-orphaned-in-place-holds-on-mailboxes-blocking-cleanup-moves) and have run it but it hasn't helped.

Thought it worth a try to ask.

Thanks.


office-exchange-online-itprooffice-exchange-hybrid-itpro
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @bobh-8117 , any update about your issue?

0 Votes 0 ·

Hi @bobh-8117 , any progress so far?

0 Votes 0 ·
joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered joyceshen-MSFT edited

Hi @bobh-8117 ,

I found this thread similar to your issue: Exchange Online - Remove Phantom In-Place Hold , please try the solution provided in it to see whether it is helpful to your scenario:

Empties hidden Deleted Items folders, such as 'Purges'. Won't empty 'Purges' folder if 'In-Place Hold' or 'Litigation Hold' is applied to mailbox

 Search-mailbox -identity "identity" -SearchDumpsterOnly -DeleteContent

Disabled Litigation Hold on Mailbox

 Set-Mailbox –Identity "identity" -LitigationHoldEnabled $false

Gets various relevant metrics and settings

 Get-Mailbox -Identity "identity" | Format-List DisplayName,Name,IsInactiveMailbox,LitigationHoldEnabled,LitigationHoldDuration,InPlaceHolds,RetentionHoldEnabled,RetentionPolicy

Gets the name of Retention Policy, based off GUID provided in a Get-Mailbox command for In-Place Holds

 Get-RetentionCompliancePolicy <GUID> | FL Name

Script found to provide folder sizes of hidden Deleted Items folders (Purges, etc.)

 "======================================================" 
 $RecipientName = "PrimaryEmail"
 $RecipientDisplayName = (get-recipient $RecipientName).displayname
    
 Optional (for reporting purposed):
    
 $RecipientNetBIOSName = (get-recipient $RecipientName).name
 $RecipientPrimAlias = (get-recipient $RecipientName).PrimarySmtpAddress
    
 Write-host "======================================================" -ForegroundColor Cyan                    
     write-host "Dumpster and Deletions Report for '$RecipientDisplayName' ($RecipientName) (Does not apply to Mailusers or Contacts):" "$(get-date)" -ForegroundColor Yellow
 Write-host "======================================================"
 Write-host "Dumpster and Deletions Report provides Size Values for the mailbox 'Deleted items', 'Recover Deleted Items' (Dumpster), and 'Purges' values."  -ForegroundColor Cyan
      Write-Host "Does not apply to Mailusers" -ForegroundColor cyan
      Write-Host "*** If Lit Hold is present, Recover and Purges will be larger and must be ignored.) ***"  -ForegroundColor Red
      Write-Host "***"
      Write-Host "The ‘Recoverable Items’ folder contains the following subfolders:" -ForegroundColor Yellow
      Write-Host "   Recoverable Items: This is the total amount combined in Deletions, Calendar Logging, Purges, and Versions."
      Write-Host "   Calendar Logging:  For Calendar diagnostic purposes"
      Write-Host "   Deletions:         Recover Deleted Items or the ‘Dumpster'"
      Write-Host "                      This subfolder contains all items deleted from the Deleted Items folder. "
      Write-Host "   Versions:          If In-Place Hold or Litigation Hold is enabled:"
      Write-Host "                      This subfolder contains the original and modified copies of the deleted items."
      Write-Host "   Purges:            If either Litigation Hold or single item recovery is enabled:"
      Write-Host "                      This subfolder contains all items that are hard deleted."
      Write-Host "======================================================" -ForegroundColor Cyan
 Get-MailboxFolderStatistics $RecipientName -FolderScope RecoverableItems | ft Name,FolderAndSubfolderSize, @{name="LitigationHoldEnabled";expression={(Get-mailbox $RecipientName).LitigationHoldEnabled}} –a
 ##########################################################



If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bobh-8117 avatar image
0 Votes"
bobh-8117 answered joyceshen-MSFT commented

Appreciate the information. The search-mailbox command returned 0 items. Litigationholdenabled was already set to $false (the problem is an inplace hold). The get-retentioncompliancepolicy can't find the GUID shown in the InPlaceHolds attribute. Nor can get-caseholdpolicy. The actual inplace hold case is not present in the compliance console anymore although the GUID still shows in mailboxes.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @bobh-8117 ,

Is there any progress about your issue?

How did you clear the msExchUserHoldPolicies? The value of the msExchUserHoldPolicies attribute is only written back if the value in the source is not Null.

The official document here introduces about Azure AD Connect - msExchUserHoldPolicies and cloudMsExchUserHoldPolicies


0 Votes 0 ·
SteveT-7213 avatar image
0 Votes"
SteveT-7213 answered

Hello @bobh-8117 and @joyceshen-MSFT,

I am having the exact issue that bobh-8117 described in a hybrid configuration and went through the same steps noted here and unfortunately having the same results. If you found how to clear the cloudMsExchUserHoldPolicies online attribute, please let me know. My Recoverable items folder has reached the 100GB limit.

Thanks in advance!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SteveS-435 avatar image
0 Votes"
SteveS-435 answered SteveS-435 commented

I also had this same issue and could not find any reference to the inplace hold that was on my mailbox. We are in a hybrid mode and using the notes above I was able to finally remove the inplace hold. I cleared the value "msExchUserHoldPolicies" with ADSIEdit and even replaced the value with "Test" just to see if it would update the mailbox online... which it did but had the value restored quickly. I kept clearing and syncing the value and it finally cleared it and I was able to run the MFA to clear all of the recoverable items and DiscoveryHolds folders both which were at 100GB.

Hope this helps.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Steves,
what is the path in ADSIEdit where I find the msExchUserHoldPolicies key to perform the value cleaning?

Thanks


0 Votes 0 ·
SteveS-435 avatar image SteveS-435 ArthurRochaPiologo-7848 ·

Under the Default naming context, Find the OU the user is in and open the properties for that users. You should be able to find the Attribute there. Make sure your filter is not blocking you from seeing it. Example below...

CN="User Name",OU=XX,OU=XX,DC=XXX,DC=XXX,DC=com

0 Votes 0 ·
bobh-8117 avatar image
0 Votes"
bobh-8117 answered

Many apologies to ask the question and vanish.

The gist of it was that I had to open a case with the mother ship and go through at least three techs...basically re-stating and showing them the problem...until finally, magically, someone "up there" cleared the reference to the in-place holds so that the user was able to finally empty their Deleted Items. Probably ran adsiedit against Azure AD, I would assume.

I had tried clearing the value in the on-prem AD and synching and the value would always return.

Of course, MS never bothered to share with me what or how they did it, which is a real shame. Even if I don't have sufficient rights in their cloud to do it, the old-time Exchange Admin in me was really curious. But, alas...

So, go ahead and open a ticket and prepare for a few days of relaying until the right person gets the case.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PiotrkowskiAri-0984 avatar image
0 Votes"
PiotrkowskiAri-0984 answered TexKim-2857 commented

This worked for me:

 Set-Mailbox -identity <exchangeguid> -RemoveOrphanedHolds <inplaceholdidentity>

Once you've run this command, you can go into AD and wipe out the contents of the msExchUserHoldPolicies attribute, and it will remain empty! This can be accomplished rapidly using the following command:

 get-aduser -Filter "msExchUserHoldPolicies -eq '<inplaceholdidentity>'" -properties * | Set-ADUser -Remove @{msExchUserHoldPolicies="<inplaceholdidentity>"}

Of course, make sure to replace <inplaceholdidentity> with the actual GUID that's showing up on the user mailboxes under "InPlaceHolds" (get-mailbox | fl name,inplaceholds)

Note that this process will only work for ACTIVE mailboxes where the actual search no longer exists.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you - this worked perfectly. When running the first command you get this confirmation prompt:

Confirm
Removing the input orphaned holds for mailbox Identity:'<exchangeguid>'.Please confirm that a search object doesn't exist on Premise prior to running this cmdlet.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):

Since that search was removed a long time ago I said yes and then removed the InPlaceHoldIdentity GUID in Active Directory.

0 Votes 0 ·