need to connect as admin in another user mailbox

[tekkanet]

Sometimes IT guys find themselves in difficult and personally delicate and sensitive situations...
For legal purposes I have to recover a user mailbox at a certain point of time.
We are using exch 2003 on w2k3 and legato networker 7.3 with exch module 4.1 for backups. I manage daily backups of all users' mailboxes.
This user is still active inside the company, and I have to see the situation at a certain point-of time in the past, putting the recovery in another mailbox or .pst file to attach then to an outlok client for insght investigation. Without him knowing the operation (is it legal? it seems so, even without notifying the user after asking legal office...)

Reading Legato documentation, it seems it is not directly possible.
When Legato recovers mailbox items, it creates inside the user own mailbox a folder named as the timestamp of the recovery session and containing a subtree of the folders chosen for recovery.
So I should in someway
- recover,
- connect as an admin to the user mailbox with a client application
- export the recovered folder
- completely delete the receovered folder from user mailbox

Any way of doing this with exchange capabilities?
Otherwise I have to reset the user password and do above operations with his credentials and then force him to change password...

With exmerge utility I can do it for the mailbox as it is now, but not for situation in the past...

Thanks in advance for any tips for this, I agree, unpleasant need.

Gianluca

 

[Fatboy0341]

I'm going to research your ideas but wanted to comment on the whole "legality" issue:

In the US - if you are acting under direct orders during an active investigation - while it may be unpleasant - it is your job and you are acting 100% within the law...especially with teh legal department backing you up. If you are nervous - ask for the directive to be furnished to you in writing or email.

I only comment on this because I worked as an IT Director for a perfessional services firm for 3 years. I had to facilitate these types of requests no less than 10 times during the thre years I worked there. I always received the directions from an officer of the company and the legal department always signed off on them. Never enjoyed doing it, but it was my job and as long as it followed policy I had no problems with it.

JB

PS - I'll se what I can find out regarding your dilemma.



"He who laughs last probably made a backup. He who laughs loudest probably hasn't checked his backups in a while."

 

[tekkanet]

At the beginning HR only wanted to give me directions by phone and I forced them to write down at least an e-mail, where it was clearly stated that legal department had been involved and approved the actions I have to take on this.
Thanks for your support, that was welcome, also because I'm going to possibly create problems to a collegue of mine in a not well clear dispute.
They think IT guys are similar to the machines they always work on, but it is definitely a wrong assumption...

 

[Fatboy0341]

I couldn't agree more...sorry this involved a colleague of yours. Never a fun situation.



"He who laughs last probably made a backup. He who laughs loudest probably hasn't checked his backups in a while."

 

[Fatboy0341]

Could you clarify a few things?

1) "Situation in the past" - Are you saying you need to make a copy of their mailbox from a certain point in time? (ie - a copy of their mailbox as it existed on July 17, 2006)

2) Does this person work in IT? (ie - access to Exchange and othe rservers)





"He who laughs last probably made a backup. He who laughs loudest probably hasn't checked his backups in a while."

 

[tekkanet]

1) yes, and what I can do is recover it into the user mailbox, setting in legato the browse time of 2nd of August, so that I recover the mailbox backup started at the evening of the 1st of August

2) no; he is a normal user without IT special privileges

Gianluca

 

[Fatboy0341]

I haven't worked too much with Legato so forgive me if I ask some dumb questions.

1) Can you export from Legato to a file? (ie - export to a PST and specify a date)

2) Restoring with a date from Legato - do you have to restore it to that person's actual mailbox or can you restore it to any mailbox?

3) Do you backup to tape at all? Any chance you are doing brick-level backups?



"He who laughs last probably made a backup. He who laughs loudest probably hasn't checked his backups in a while."

 

[tekkanet]

1) no, when I recover I can only specify input mailbox and items to recover.
Then it automatically creates the recovery folder named as the timestamp of recovery time inside user mailbox and relative subtree of folders specified

2) yes. Either from the gui or from command line with nsrxchrc command, you don't have any possibility for specifying destination of recovery...

3) I have not understood very well your point.
My backups are on lto2 tapes. Every day I do mailbox level backup for all the users (< 40). It seems that with exchange 2003 you can do a backup at IS level and then recover it into a socalled recovery storage group. Then you could mount this (I presume you have to take offline the production IS...) and then use exmerge to export the mailbox...
But I don't have IS backups at the moment. I'm evaluating to implement these instead of list of all mailboxes I'm using now.
I'm doing so because I can get more speed due to parallelism I have now set in legato when it backups 4 mailboxes in parallel optimizing tape usage and performance...

 

[Fatboy0341]

Hmmmmm...this is a tough one.

My best suggestion would be that you will need to use Legato to do the restore as planned, but you'll have to do so while the user is away from their computer for at least several hours. Once restored you will need to open Outlook as that user and export the folder created by Legato with all the mail info to a PST file, then delete the folder from from Outlook. Then copy that pst file to a flash drive, CD or something else.

Go to another Outlook profile (preferably create a new oaccount for this puspose since it's an investigation) and open the pst file there.

I wish I had a better answer but it sounds liek you are constrained by the requirements and your environment.

Hope this helps.

Joe



"He who laughs last probably made a backup. He who laughs loudest probably hasn't checked his backups in a while."

 

[rob68isy]

Can someone explain the difference between "Opening Outlook as the user" and adding permissions for the admin account to "Open other mailbox"? The difference i am looking for is from the users perspective. Is one method recommended over the other?

 

[Fatboy0341]

If you "Open as the USer" - you open Outlook and that's the mailbox it opens. (In Outlook folder tree - "Mailbox - your, name"

If you "Open another Mailbox" - when you open Outlook it opens your own mailbox. At the bottom of your Outlook tree will be another "Mailbox - name, name" - that will be the additional mailbox Outlook is opening.



"He who laughs last probably made a backup. He who laughs loudest probably hasn't checked his backups in a while."