Hold Me Now! How to quickly put a retention hold on 1,400 employees using Microsoft Exchange 2007.
The consequences for failing to correctly implement a retention hold can be severe. For example, issues surrounding a litigation hold helped cause Intel to lose attorney-client privilege and work-product protection of certain materials relating to their defense against AMD and Class Plaintiffs in the ongoing saga of In re Intel Corp. Microprocessor Antitrust Litigation.
K&L Gates has an excellent blog posting discussing some of the problems Intel had that led up to the court's finding. There's challenges getting the retention letters to the right people, juggling backup tapes, and moving users from one email server to another, etc. You can find K&L's blog posting here: (https://www.ediscoverylaw.com/2008/06/articles/case-summaries/finding-waiver-of-attorneyclient-privilege-and-work-product-protection-court-orders-production-of-attorney-notes-of-employee-interviews-concerning-intels-compliance-with-evidence-preservation-obligations/).
The challenges of implementing a legal retention hold certainly are not unique to Intel, so let's examine the generalized case of a fictitious company named Contoso. Contoso has 50,000 employees using Exchange 2003. In order to avoid drowning in terabytes of email, they have implemented a 45-day purge policy using Exchange 2003 Mailbox Manager.
Because of impending litigation, Contoso's legal department has sent a litigation hold letter to 1,400 key employees who need to save emails beyond 45 days. Those employees must manually move their emails into a local .PST file on their desktop computer, or have their mailboxes moved to an Exchange database that has Journaling enabled, because Exchange 2003 only journals at the database level .
What could possibly go wrong?
For starters, there's the end users manually moving messages (or forgetting to move) to .PST files. Next, there's making sure those .PST files actually get backed up on a regular basis. You'd think people would just know to back everything up by now, but there's always an exception. Just last week I worked with a user who had a hard drive crash and lost everything. Haven't we all been there at least once?
If Contoso moves to server-side journaling to remove end-user complexity, it creates a new burden for the IT staff. Databases have an optimal number of mailboxes on them, and as you move too many mailboxes, or a few too-large mailboxes, to a journaling-enabled database , you run up against a new set of challenges: The databases' maximum size, the underlying storage design, running out of servers or having to move them from one location to another, etc. Journaling also has performance implications (since you're sending each message twice) that need to be accounted for.
How is Exchange 2007 different?
There are three excellent features that can specifically target this scenario: Retention Hold, Premium Journaling, and PowerShell scripting.
An Exchange 2007 "Retention Hold" suspends the ordinary email purge cycle applied to the user or organization. It's a simple mouse click (or a line of shell scripting, as we'll see below), and IT staff can also set an end date for the retention (which makes the feature useful for employees on vacation or infant care leave, for example). In the Contoso example above, we would apply a retention hold to each of the 1,400 mailboxes in question. Learn more here: (https://technet.microsoft.com/en-us/library/aa998580(EXCHG.80).aspx)
Premium journaling is essentially the ability to journal email to a separate system on a per-user or per-group basis. It puts an end to all the contortions IT staff used to have to undergo, because any database can have a mixture of journaled and non-journaled accounts. Users' mailboxes stay where they are, and journaling is turned on and off as needed. Learn more here: (https://technet.microsoft.com/en-us/library/bb124382(EXCHG.80).aspx)
PowerShell scripting is an exciting new innovation across the Windows platform, and Exchange 2007 is one of the first Microsoft applications to make full use of it. Here's a simple one-liner to apply a retention hold on Contoso employee Aaron Lee's mailbox:
Set-Mailbox -Identity 'Aaron Lee' -RetentionHoldEnabled $true
Easy! Now, just type that in 1,399 more times, and we'll be all set! Just kidding, PowerShell has another command called Get-Mailbox that lets you fetch mailboxes you want subject to retention hold. For Contoso, that will be everybody in the Sales and Developers departments (or Organizational Unit, as they say in Active Directory-speak).
Get-Mailbox -OrganizationalUnit 'Sales'
And there's a whole host of other attributes we can use to fetch mailboxes, like Title, Department, City, Country, etc. that can be used as a filter here. You can also mix-and-match, like all the Accountants based in New York.
Our last step is to marry the two commands together using the "pipe" character, so the final command would look like this:
Get-Mailbox -OrganizationalUnit 'Sales ' | Set-Mailbox -RetentionHoldEnabled $true
Voila! That's all there is to it. This one-line command has turned on a retention hold for the entire Sales department at Contoso! No dependency on .PST files, no dependency on end users remembering to do the right thing, and no moving mailboxes from server to server.
Next posting: we explore ways Exchange administrators might attempt to "erase" emails off their server