Forum Discussion

FLX's avatar
FLX
Level 4
8 years ago

Provisioning groups in advanced

Hi there,

also I think it's sounds like an easy question, I finally found no qualified answers to that issues.

1. How can I exclude Mailboxes from Archiving without EVPM or a ridiculous archive policy on rank 1? Note, in case that my mailbox marked for exclusion is an OU within an regular archiving policy scope. With ridicoulous policy, i mean for example archive items when they are older than 400 years or something. so that the policy has a touch of non-professional. Unfortunately I don't see other possibilities so far.  

2. How can I delete automatically archives, when they are stored in an particular AD OUs for some weeks? I checked Powershell Cmdlets before, there is no Cmdlets what could delete my archive within a little ps script. What is the solution for companies here? Does EV not have any solution for large scale organization included?

Thanks in advance. Hopefully I didn't overlook sth.

 

 

 

 

  • Yes, creating the group and unchecking the "archive mailboxes..." box is the best way to prevent archiving for a group of users.  Make sure this provisioning group comes up in the 1st or 2nd spot in the provisioning group order to ensure this policiy is the one applied to the mailbox(es).

    Regarding  the 2nd quesiton, there is not an automated method to delete archives.

     

    • FLX's avatar
      FLX
      Level 4

      puh suprised to the 2nd. Never thought that could be true in an enterprise application.

      So we have to ask for an EV-API 3rd party solution, I guess.

      regards

  • to 1)

    I missed out the simple option checkboxes "archive mailboxes in this provisioning group" and on tab archiving default "automatically enable mailbox" to leave unchecked...so far..best practise?

  • For question 1, you can't do this easily when you're targeting OUs. You might try creating AD groups for archiving users and non-archiving users, and then targeting those groups with your Provisioning Groups. You could also get fancy and target an LDAP query such as

    (&(objectclass=user)(objectcategory=person)(memberof=CN=ArchiveMe,DC=Domain,DC=local)(!memberof=CN=DoNotArchiveMe,DC=Domain,DC=local))

    where "ArchiveMe" and "DoNotArchiveMe" are groups you have created and populated with appropriate users.

    EDIT: Yeah, or use the "Archive mailboxes in this Provisioning Group" box. That's way easier.

    For question 2, there is no cmdlet in the EV Management Shell for deleting archives. To do something like what you're saying, you would need a script that can detect the qualifying AD users, look up their associated archives, and mark them for deletion. This is definitely possible using a combination of the Active Directory cmdlets and some of the .NET System.Data.SqlClient classes, but EV doesn't ship with a utility that enables this easily. If you want one, you should talk to Veritas Consulting Services or one of our Veritas Partners.

  • Q2: We ran into a similar situation where we had to delete thousands of archives as per the following requirements

    • archive is enabled before 3 months
    • does not have any inherited permissions (apart from the disabled AD account)
    • does not have an associated mailbox
    • has an associated disabled AD account

    We ran queries for the following.

    • SQL Query to find the archive enabled date
    • SQL Query to find the vault permissions assigned to each archive
    • Lookup the SID for all archives and delegates in Active Directory using Powershell
    • Lookup the value of LegacyMbxDN from the ExchangeMailboxEntry table in Exchange to check if a mailbox exists.

    We then collated the reports to get a better understanding of archives which are eligible to be deleted, and ended up deleting them manually from the VAC.

    Am not sure if setting ArchiveStatus = 4 in ArchiveView for each of the eligible archives will cause the archive to be deleted automatically, but someone from Veritas needs to confirm this. If yes, then with the above reports, you should be able to delete the archives with minimal effort.