How to preserve user's mailbox during the long leave

How to preserve user's mailbox during the long leave

Have you ever faced a situation, where a user takes a longer than 30-day leave, and you would like to save money spent on Office 365 licenses but still preserve user’s mailbox?

In this blog, I tell you how!

What happens when you delete the user or remove user’s license?

After deleting the user or removing user’s license, user’s mailbox will be soft-deleted. After 30 days, it will be completely removed, or hard-deleted. If the user’s license is reassigned during that 30 day period (or the user is restored), the context of the mailbox will be retained.

How to preserve mailbox longer than 30 days?

You have two options to preserve mailbox after its deletion. You can either use retention policies, or you can put the mailbox on a Litigation Hold. Placing the mailbox on hold, makes it inactive mailbox after soft-deletion. Inactive mailboxes are mailboxes that are not linked to any user, and thus not need a license!

To place the mailbox on a hold, use the Exchange Online Admin Center or the following Exchange Online PowerShell command:

# Place the mailbox on a hold

Set-Mailbox "" -LitigationHoldEnabled $true

How to restore the user’s mailbox after the long leave?

Let’s imagine a scenario when the user returns from a two-year leave. Let’s also assume that you are syncing your users from the on-prem AD. When user object is re-created in AD (or moved to a synced scope), it is synchronized to Office 365 AAD. You give the user a license and a new mailbox is created.

First, let’s save the user’s email address to a variable. For this example, we assume that his or hers email address hasn’t changed.

# Save the user's email address to a variable for later use

$email = ""

Next, you need to fetch the Exchange guid of both the old (inactive) and new mailboxes and save them in variables.

# Fetch the Exchange guid of the inactive mailbox

$oldMailBox=(Get-Mailbox $email -InactiveMailboxOnly).ExchangeGuid.ToString()

# Fetch the Exchange guid of the active mailbox

$newMailBox=(Get-Mailbox $email).ExchangeGuid.ToString()

Now you are ready to restore user’s mailbox!

# Restore the mailbox

New-MailboxRestoreRequest -SourceMailbox $oldMailBox -TargetMailbox $newMailBox -AllowLegacyDNMismatch

If you have a warning about an existing archive mailbox, it can also be restored (provided that the new mailbox has the archive enabled):

# Restore the archive

New-MailboxRestoreRequest -SourceMailbox $oldMailBox -TargetMailbox $newMailBox -TargetIsArchive -SourceIsArchive -AllowLegacyDNMismatch

Note! Depending on the size of the mailbox, this may take a looong time…

After the restore is completed (or failed), you’ll have a notification in Office 365 portal.

You may also manually check the status of the restore process for both mailbox and archive:

# Check the restoration status

Get-MailboxRestoreRequest -TargetMailbox $newMailBox

And that’s it: the mailbox is restored!

Finally, you may take the old mailbox under the hold, and it will get hard-deleted.

# Remove the inactive mailbox under hold

Set-Mailbox $oldMailBox -InactiveMailbox -LitigationHoldEnabled $false
Dr Nestori Syynimaa (@DrAzureAD) avatar
About Dr Nestori Syynimaa (@DrAzureAD)
Dr Syynimaa works as Senior Principal Information Security Researcher at Secureworks CTU (Counter Threat Unit).
Before moving to his current position, Dr Syynimaa worked as a CIO, consultant, trainer, and university lecturer for over 20 years. He is a regular speaker in scientific and professional conferences related to Microsoft 365 and Azure AD security.

Dr Syynimaa is Microsoft Certified Expert (Microsoft 365), Microsoft Certified Azure Solutions Architect Expert, Microsoft Certified Trainer, Microsoft MVP (Enterprise Mobility, Identity and Access & Intune), and Microsoft Most Valuable Security Researcher (MVR).
comments powered by Disqus