Recovering an Exchange Mailbox after Accidental Deletion from Active Directory

Each user mailbox in Microsoft Exchange is associated with an account in Active Directory and the mailbox data that is stored in the Exchange database. The Active Directory account (user object), created while creating a new mailbox on Exchange Server, allows the user to access the mailbox, send and receive emails, organize calendar events, etc. This Active Directory user account stores the configuration data for the mailbox in the form of Exchange attributes such as Alias, First Name, Last Name, Display Name, Organizational Unit, etc.  

When you delete a mailbox in the Exchange Admin Center (EAC) or by using Exchange Management Shell, the associated Exchange attributes and user account in the Active Directory are deleted. This leads to a disconnected mailbox that is in a hidden or inaccessible state.

However, this deleted mailbox is retained in the Exchange database for a certain retention period which is 30 days by default. After the retention period is over, the deleted mailbox is purged i.e. permanently removed from the database and cannot be recovered. 

So, if you have deleted a mailbox, you can still recover it before the expiry of the retention period.

This article provides instructions for recovering a deleted mailbox by connecting it to an Active Directory user account or by restoring the deleted mailbox contents to an existing mailbox.

However, before you start, ensure that you meet the following prerequisites:

You can either create a new user account or get details of an existing user account that isn’t associated with a mailbox.

Run the Get-User cmdlet to view all the existing user objects in your organization that have an account or verify the details of a specific user account.

Example:

PowerShell

Get-User –Identity “Corey Harris” | Format-List

The above command finds detailed information for the user account, named “Corey Harris”. 

Next, ascertain that the value of the RecipientType property for the object is used, which indicates that the account isn’t mail-enabled.

graph 1_2

Use the Get-MailboxStatistics cmdlet to verify that the deleted mailbox exists in the mailbox database, and is not soft-deleted or purged, as follows:

PowerShell

Get-MailboxDatabase | foreach {Get-MailboxStatistics -Database $_.name} |

where {$_.DisplayName -eq ""} | Format-List

DisplayName,Database,DisconnectReason

graph 2

If the above command doesn’t return any value it means that the mailbox has been purged (i.e. permanently deleted) from the database.

Next, follow these methods to recover the deleted mailbox:

Method 1: Connect the Deleted Mailbox to a User Account in Active Directory

You can do this by using the EAC or Exchange Management Shell, as per the following instructions:

Steps to connect a deleted mailbox to a user account by using EAC

graph 3

Exchange will connect the deleted mailbox to the selected user account, enabling access to the mailbox data.

Using Exchange Management Shell to connect a deleted mailbox

Run the Connect-Mailbox cmdlet to connect a deleted mailbox to a user account in the Active Directory, as follows:

PowerShell

Connect-Mailbox -Identity "Riley King" -Database DB01 -User "Corey Harris" -Alias coreyh

graph 4

The above command connects the deleted mailbox “Riley King” to a user account “Corey Harris” that isn’t mail-enabled.

Note: The Identity parameter specifies the display name of the deleted mailbox (Riley King) retained in the mailbox database named DB01. Alias is an optional parameter, used to specify the email alias.

You can use the Get-User cmdlet to verify that the deleted mailbox is connected to the specified user account, as follows:

PowerShell

Get-User -Identity "Corey Harris" | Format-List

Check UserMailbox value for RecipientTypeDetails attribute for the user account “Corey Harris”, returned after the above command is executed.

Method 2: Restore the Deleted Mailbox to an Existing Mailbox

You can recover a deleted mailbox also by restoring it to an existing mailbox, which copies the contents of the deleted mailbox to the target mailbox. A deleted mailbox is restored by using the New-MailboxRestoreRequest cmdlet; however, it involves the use of the DisplayName, MailboxGuid, and LegacyDN properties of the deleted mailbox, which can be determined by using the Get-MailboxStatistics cmdlet, as follows:

PowerShell

$dbs = Get-MailboxDatabase

$dbs | foreach {Get-MailboxStatistics -Database $_.DistinguishedName} |

where {$_.DisconnectReason -eq "Disabled"} | Format-Table

DisplayName,MailboxGuid,Database,DisconnectDate

graph 5

The above command returns the Display Name, Mailbox GUID, and Distinguished Name properties for all the disabled and deleted mailboxes.

Next, use the MailboxRestoreRequest cmdlet to restore the deleted mailbox, as follows:

PowerShell

New-MailboxRestoreRequest -SourceStoreMailbox g8790bb9-79a2-4f86-8569-81f61qac372c -SourceDatabase DB01 -TargetMailbox "Corey Harris" –AllowLegacyDNMismatch

graph 6

The above command restores the deleted mailbox, specified by the SourceStoreMailbox parameter and located in the mailbox database “DB01”, to the target mailbox “Corey Harris”. 

After completion of the restore request, you will be able to see the contents of the deleted mailbox in the target mailbox.

The above methods should be able to recover the deleted mailbox by connecting it to a user account or restoring its contents in an existing mailbox. However, you can only do the above if the database is online and mounted. Without engaging in a lot of PowerShell command and to minimize the administrative effort, you can use a third-party tool such as Stellar Repair for Exchange where you can scan the EDB file and extract the deleted mailbox by using the software. The tool can recover any number of deleted mailboxes or even a single mailbox item from the database in a single process. The tool allows you to export the mailbox to PST and other formats, export it directly to a live Exchange Database or an Office 365 tenant. Stellar Repair for Exchange the ideal tool for any Exchange Admin, as it can open any Exchange database format, and you can easily install it on a client or server machine.