Recovering an Exchange 2000 mailbox is somewhat different from recovering an Exchange 5.5 mailbox. There is no dedicated Exchange directory database in Exchange 2000 because Exchange directory information is now stored in Active Directory. Therefore, install both Exchange 2000 and Active Directory on your recovery server.

To sufficiently isolate the recovery server from other Exchange servers in the production organization, you must install Active Directory as the root of a separate forest. It may also be necessary to configure the recovery server as a Domain Name System (DNS) server if the corporate DNS server’s permissions model denies you the rights to create necessary service records in it.

The process for matching the names of your recovery server to those of your original Exchange server is different in Exchange 2000. While an Exchange 5.5 recovery server needs only to match up organization and site names with the original system, in Exchange 2000 you must match all the following:

• Organization name
• Administrative group name
• Storage group name
• Logical database name
• LegacyExchangeDN names on critical system objects

You should already be familiar with the terms “organization,” “administrative group,” “storage  group,” and “logical database.” You should also be familiar with the LegacyExchangeDN attribute of the site that contains the mailbox you want to recover. The LegacyExchangeDN is an attribute carried by almost all Exchange 2000 objects, including mailbox-enabled users. It identifies Exchange objects in ways that match Exchange 5.5 naming. A typical  LegacyExchangeDN value is of the form:

/O=organization/OU=site/CN=container/CN=object

If the mailbox you want to recover exists on an administrative group named First Administrative Group, and is not on an upgraded Exchange 5.5 server, the name of your LegacyExchangeDN is /O=Organization name/OU=First Administrative Group. But when the mailbox you want to recover is on an administrative group that was formerly part of an Exchange 5.5 site, you need to determine the name of the LegacyExchangeDN value. Also, when you rename an administrative group, the site portion of the LegacyExchangeDN value is not updated with the new administrative group name. If so, serious problems occur with mail delivery and replication with Exchange 5.5 servers in the organization.

Important   If LegacyExchangeDN fails to update, you may have to change its values on your recovery server to match those on your production system. Perform this after installing Exchange 2000 on your recovery server, and before starting the Information Store databases.

• For more information on determining if you need to change the LegacyExchangeDN value, see step one in the “Procedures for Recovering an Exchange 2000 Mailbox from Backup” section later in this section.
• For information on the three methods you can use to change the LegacyExchangeDN, see the “Changing the LegacyExchangeDN Value on a Recovery Server” section later in this article.
  

It is not necessary to match Active Directory naming between the recovery server and the live system. While you must install a separate Active Directory forest, you can still run the recovery server on your live network.

Procedures for Recovering an Exchange 2000 Mailbox from Backup

The procedures in this section explain how to recover an Exchange 2000 mailbox from backup to an offline recovery server.

1.Record all of the following logical names needed to recover the database:

• The Exchange 2000 organization name
• The administrative group name to which the database belongs
• The storage group name to which the database belongs
• The logical database name
• The LegacyExchangeDN value of the administrative group to which the database belongs

It is relatively easy to determine the names of the first four items in this list. It is more difficult to determine the fifth item, the LegacyExchangeDN. There are several ways to find the LegacyExchangeDN of the administrative group. The LegacyExchangeDN value has the following form:

/O=organization/OU=administrative group

If the OU= portion of the LegacyExchangeDN value is First Administrative Group, there is no need to change any LegacyExchangeDN values on the recovery server. If the OU= value is anything else, you must change the LegacyExchangeDN values. There are three methods for changing the LegacyExchangeDN values. But before you consider which method to use, you must first determine the LegacyExchangeDN value, and then determine if it is an obstacle to configuring your recovery server. There are two ways to determine the LegacyExchangeDN value:


If you are familiar with ADSIEDIT or LDP, you can view the properties of the administrative group object. This object is found in the Configuration container by expanding in the following order:

• CN=Services
• CN=Microsoft Exchange
• CN=organization
• CN=Microsoft
• CN=Administrative Groups
• CN=Administrative Group

If you are unfamiliar with ADSIEDIT or LDP, or do not have access to these utilities, you can use the LDIFDE utility.

To use LDIFDE, you must obtain the full DNS domain name of the root domain in your Active Directory forest, the Exchange organization name, and the administrative group name.

Note   The domain name you want is not necessarily the domain name to which the Exchange 2000 server belongs, but rather the root domain name of the entire forest.

In the following example, the root domain in the forest is corp.mycompany.com, the Exchange organization name is Corp1, and the administrative group name is Headquarters. The full-distinguished pathname in Active Directory to the Headquarters object is:

• CN=Headquarters
• CN=Administrative Groups
• CN=Corp1
• CN=Microsoft Exchange
• CN=Services
• CN=Configuration
• DC=corp
• DC=mycompany
• DC=com

An LDIFDE command line, such as the following, displays the administrative group object on screen. (The command line syntax must be entered as a single line, but here it is wrapped for readability.)

LDIFDE –f CON –d “CN=Headquarters,CN=Administrative Groups,CN=Corp1,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=mycompany,DC=com” –l legacyExchangeDN –p Base

This LDIFDE command gives you output similar to this:

dn: CN=Headquarters,CN=Administrative Groups,CN=Corp1,CN=Microsoft

Exchange,CN=Services,CN=Configuration,dc=corp,dc=mycompany,dc=com
changetype: add
legacyExchangeDN: /O=Microsoft/OU=Headquarters

In this example, Headquarters is in LegacyExchangeDN, and thus objects on the recovery server must be modified, because after a pure Exchange 2000 installation, LegacyExchangeDN on the recovery server contains First Administrative Group, not Headquarters.

2.Install Microsoft Windows 2000 Server on the recovery server, and then run DCPROMO to install Active Directory on the recovery server. Ensure that you create a new forest for your recovery server topology.

3.Install and configure DNS if necessary. You can also establish a two-way trust with your production system and grant necessary access to write needed DNS information from your recovery server to your existing DNS.

Note   For more information on configuring DNS, see your Windows 2000 Server documentation.

4.Install Exchange 2000, using the same organization name as used in the production system.

5.Change the name of the LegacyExchangeDN value, if applicable.

• For information on determining if you need to change the LegacyExchangeDN value, see step one in this set of procedures.
• For information on the three methods you can use to change LegacyExchangeDN, see “Changing the LegacyExchangeDN Value on a Recovery Server,” later in this article.

6.Create a storage group with the same logical name as the production storage group from which the database backup was taken. If the database was taken from the default First Storage Group, you do not have to rename or create another storage group.

7.Create logical database names in the storage group to match the original names. Right-click the database to rename, and then click Rename. For example, if the database you are restoring is called “Mailbox Store 1A (Server 1)," you can rename the default mailbox store from "Mailbox Store" to  "Mailbox Store 1A (Server 1).” This is easier than creating a new database.
Note   You do not have to match actual database filenames, unless you are restoring offline backups. Even differences in log file prefixes are handled when restoring an online backup.

8.Dismount the database to be restored. Then, in System Manager, in the properties of the database you are restoring, select the This database can be overwritten by a restore check box.

9.Use Windows 2000 to restore the database that contains the mailbox you want to recover from backup. Ensure that you select the Last Backup Set check box when restoring the last online backup set. If you fail to select this checkbox, you must run ESEUTIL /CC against the restored files before the database will start.

10.Start the database that you restored from backup.

11.In System Manager, navigate to the database you restored from backup, right-click Mailboxes, and then click Run Cleanup Agent. After Run Cleanup Agent runs, a red X appears on mailboxes that are not currently linked to an Active Directory account.

12.Create a non-mailbox-enabled Active Directory user account for each mailbox that you want to recover from backup by using one of the following methods:

Method One   Manually create user objects using Active Directory Users and Computers. When creating the new user accounts, clear the Create an Exchange mailbox check box on the third screen of the New Object - User wizard. You will connect this user account to the mailbox you restored from backup later in this set of procedures.

Method Two   Use MBCONN to create Active Directory user accounts. MBCONN and other Exchange 2000 utilities are available on the Exchange 2000 CD-ROM, or from the www.microsoft.com/exchange Web site. MBCONN is helpful if you have more than one user account to reconnect to mailboxes. For more information on MBCONN, see the Disaster Recovery white papers available at www.microsoft.com/Exchange. You can also refer to the MBCONN online documentation.

13. Link mailboxes to Active Directory users by using one of the following methods:

Method One   Manually link an individual mailbox to an Active Directory user, following the procedures shown in “Reconnect a Deleted Mailbox to a New User Object,” earlier in this article.

Method Two   Use MBCONN to link Active Directory user accounts to mailboxes. This is especially helpful if you have multiple user accounts to reconnect to Exchange 2000 mailboxes. For more information on MBCONN, see the Disaster Recovery white papers at www.microsoft.com/Exchange

14.    Extract the contents of the mailbox to the original server by using one of the following methods:

Method One   Manually log on to the recovery server as the Active Directory user, copy the contents of the .pst file for that mailbox, and then transfer that .pst file to the mailbox on the original server.

Method Two   Use EXMERGE to transfer the contents of the mailbox from the recovery server to the original server. EXMERGE converts the mailbox contents into a .pst file format, transfers it to the original server, and then converts it to Exchange 2000 mailbox format.

Important   You must have Receive as rights for the database that you are attempting to transfer mailboxes. You must have this before you can use EXMERGE to move the contents of the mailboxes. You can grant yourself those rights from the database object in System Manager.

Changing the LegacyExchangeDN Value on a Recovery Server

As explained in “Understanding Exchange 2000 Mailbox Recovery,” earlier in this article, it may be necessary to change the name of the LegacyExchangeDN value on your recovery server. You must change the LegacyExchangeDN value if the mailbox you want to recover was located on a server that was upgraded from Exchange 5.5, or if the administrative group was originally named anything but First Administrative Group (which occurs when you create a second administrative group).


You can use one of the following three methods to change LegacyExchangeDN after installing Exchange 2000 on the recovery server, and before restoring the Exchange databases.

Manually Change LegacyExchangeDN Values
Before you manually change the LegacyExchangeDN values, you must first determine the name of the LegacyExchangeDN attribute for the administrative group in which you want to recover a mailbox. To determine the name of the LegacyExchangeDN value, see step 1 in “Procedures for Recovering an Exchange 2000 Mailbox from Backup,” earlier in this article.

To manually change the LegacyExchangeDN values:

1.To change the name of the First Administrative Group on your recovery server (to match your production administrative group), open System Manager, right-click First Administrative Group, click Rename, and then type the name of the administrative group.

2.Do an LDIFDE export, with a command line similar to the following:
ldifde -f e:\legacy.ldf -d "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=microsoft,DC=com" -l legacyexchangedn -p subtree -r "(legacyexchangedn=*First*)"

This should give you an export file with several entries similar to the following:

dn: CN=SMTP (CHANI-{F95BFE21-D28D-4060-BC92-41F10C940A46}),CN=Connections,CN=Microsoft,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC==microsoft,DC=com
changetype: add
legacyExchangeDN:
 /o=Microsoft/ou=First Administrative
 Group/cn=Configuration/cn=Connections/cn
 =SMTP (CHANI)/cn={F95BFE21-D28D-4060-BC92-41F10C940A46}

3.Change each entry to something similar to the following:

dn: CN=SMTP (CHANI-{ F95BFE21-D28D-4060-BC92-41F10C940A46}),CN=Connections,CN=Microsoft,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DUNE,DC=extest,DC=microsoft
microsoft,DC=com
changetype: modify
replace: legacyExchangeDN
legacyExchangeDN:
 /o=Microsoft/ou=NEW ADMINISTRATIVE GROUP
 NAME/cn=Configuration/cn=Connections/cn=
 SMTP (CHANI)/cn={ F95BFE21-D28D-4060-BC92-41F10C940A46}
-

There is a dash at the end of each modified entry, and you must be sure to leave a blank line after the dash before starting the next entry—and to leave a blank line at the very bottom of the file after the final dash.

The easiest way to change the file is with a text editor that can perform a search and replace operation across line breaks, thus replacing:

Changetype: add
with
Changetype: modify
Replace: legacyExchangeDN

And then replace the First Administrative Group name with the new administrative group name.

Note   Even if you must modify each record manually, there are typically less than a dozen records that require modification.

After the import file is generated, import it back into Active Directory with this command:

ldifde -i -f legacy.ldf

4.Run the original LDIFDE command again to make sure you didn't miss any entries and that the import was successful—this time it should find 0 matches.

5.Follow the rest of the recovery instructions in “Procedures for Recovering an Exchange 2000 Mailbox from Backup,” earlier in this article.

Upgrade from Exchange 5.5 Server

Before you upgrade from Exchange 5.5 Server to ensure proper LegacyExchangeDN values, you must first determine the name of the LegacyExchangeDN attribute for the administrative group in which you want to recover a mailbox. To determine the name of the LegacyExchangeDN value, see step 1 in “Procedures for Recovering an Exchange 2000 Mailbox from Backup,” earlier in this article.

To ensure proper LegacyExchangeDN naming by upgrading from Exchange 5.5:

1.Install an Exchange 5.5 server on your recovery domain controller, using the same organization name used in your Exchange 2000 system, and the same site name used for the administrative group to which the database belongs. Make the Domain Admins account the service account.

2.Change the Lightweight Directory Access Protocol (LDAP) port to 390 in the Exchange 5.5 Administrator program. This will prevent the LDAP service in Exchange 5.5 from conflicting with Active Directory.

3.Install Active Directory Connector (ADC).

4.Create a one-way connection agreement from Exchange to Windows. When configuring the connection agreement, set the Exchange LDAP port to 390. When specifying the containers, specify to export from the Exchange 5.5 Recipients container and to the Active Directory Users container. This connection agreement must exist before the upgrade can succeed.

5.Upgrade Exchange 5.5 to Exchange 2000.

6.When the upgrade is complete, you can follow the recovery instructions from “Procedures for Recovering an Exchange 2000 Mailbox from Backup,” earlier in this article.

Use Two-Server Recovery

Before you use two servers for ensure proper LegacyExchangeDN values, you must first determine the name of the LegacyExchangeDN attribute for the administrative group in which you want to recover a mailbox. To determine the name of the LegacyExchangeDN value, see step 1 in “Procedures for Recovering an Exchange 2000 Mailbox from Backup,” earlier in this article.

To ensure proper LegacyExchangeDN naming by using the two-server recovery method:
1.On the first recovery server, install Windows 2000 Server, and then run the Active Directory Installation Wizard. Ensure that you create a new forest for your recovery server topology.

2.On the first recovery server, install Exchange 2000 Server. Use logical naming that matches your Exchange organization.

3.On the first recovery server, create a second administrative group with the same logical name as the administrative group you are restoring.

4.On the second recovery server, install Windows 2000 Server, and do not run the Active Directory Installation Wizard.

5.On the second recovery server, install Exchange 2000 Server. You must install this Exchange 2000 Server in the second administrative group.

6.Follow the recovery instructions in “Procedures for Recovering an Exchange 2000 Mailbox from Backup,” earlier in this article.

This article explains how to recover deleted mailboxes within a deleted-mailbox retention period. It also addresses how to recover a mailbox from backup.

In addition, it discusses how to avoid deleting mailboxes. For example, by backing up the contents of individual mailboxes with EXMERGE or by ensuring that your mission-critical mailboxes are distributed on separate databases, you can easily recover a specific database from backup.