Forum Discussion

Wayne_Humphrey's avatar
13 years ago

Archive Leavers

As an Enterprise Vault Administrator you may often be asked on to handle company leavers. The question is: "How should archives and mailboxes be handled in the leavers process?"

ArchiveLeavers will help you manage this process.

When the tool is called to run against a specified mailbox the tool will connect to the mailbox, archive all non-archived items, remove them, and then delete all existing shortcuts. The end result is that you will have an empty mailbox, which is disabled from Enterprise Vault archiving. Optionally you can also convert the archive to a structured shared archive.

For further information on how to get this tool, please see:

http://www.quadrotech-it.com/products/evtools/free/archive-leavers/

  • Excellent.. there are ALWAYS questions/comments internally and externally about this sort of thing.

  • wayne, thanks for your contributions to the Connect community with these free tools. can you explain some of the pitfalls of using standard 0day archiving policies for leavers that this tool helps overcome?

  • Hay,

    The problem we had @ symantec with the internal system was the following:

    • 0 day archiving policy can take several runs to archive an entire mailbox
    • you cannot guarantee you will catch all message classes (so we could not run a delete mailbox script, ect.)
    • you cannot 100% guarantee that everything was archived from mailbox
    • you left with an archive with orphaned SID

    I have also heard this from a number of customers.

    So Archive Leavers does the following in a nutshell:

    • Archives all messages in mailbox irrelevant of age / message classes (direct ingest using API)
    • Deletes all shortcuts
    • If item count = 0 success
    • Disable (optional)
    • Convert to a shared structured archive  (optional)
  • Hello Wayne,

    Another usefull tool! I have not yet had the time to test it. In the environment I am currently managing, we have lots of removed users. Is it possible to feed the tool a list with mailboxes it needs to archive, or is it necessary to enter 1 mailbox at the time?

    If it is not possible, could it be scripted? Or possible to point it to a csv file or something?

    Thanks!

     

  •  

    Gertjan,
     
    I have not tested this myself, however as its a powershell cmdlt you would be able to do anything.
     
    Not tested, but this should do the trick i guess...
     
    $user = Get-Content leavers.txt
     
    foreach($user in $user)
    {
        ## Run Archive Leavers on each user found in leavers.txt
        Set-ArchiveLeaver –MbxAlias $user
    }
     
  • That does work Wayne -- You might want to tweak it slighly if you are watching things nice and interactively ...

     

     

    $user = Get-Content leavers.txt
     
    foreach($user in $user)
    {
        ## Run Archive Leavers on each user found in leavers.txt 
        Write-host "User : " $user
        Set-ArchiveLeaver –MbxAlias $user
    }
  • I've tested it and it works well.

    One problem I'm having is getting it to execute when using Poweshell remoting.  I need to be able execute a powershell from an Orchestrator runbook.  My script:

    $securePassword = ConvertTo-SecureString "password" -AsPlainText -force
    $credential = New-Object System.Management.Automation.PsCredential("domain\vaultserviceaccount",$securePassword)
    $s = new-pssession -computer evserver.domain.com -ConfigurationName Microsoft.PowerShell32 -credential $credential
    invoke-command -Session $s { import-module "c:\program files (x86)\quadrotech\archive leavers\archiveleavers.dll" }
    #invoke-command -Session $s { set-archiveleaver -setconfig -evsqlserver sql.domain.com -tempfolder e:\archiveleaverstemp -retentioncategory "Default Retention Category" }
    invoke-command -Session $s { set-archiveleaver -mbxalias user }

    The output from this command is:

    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
        + CategoryInfo          : NotSpecified: (:) [Set-ArchiveLeaver], SqlException
        + FullyQualifiedErrorId : System.Data.SqlClient.SqlException,QUADROtech.ArchiveLeavers.ArchiveLeaver

  • Jay, I've not tried it remotely like you described above.  Have you contacted QUADOtech support?

  • It actually turned out to be a credentials delegation/doube hop issue. I ended up having to turn on CredSSP for the client machine and EV server.  Then it worked properly.