Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Changing archiving policy does not work

Created: 16 Aug 2012 • Updated: 08 Dec 2012 | 9 comments
This issue has been solved. See solution.

Hi!

First, I have searched the forums for my issue, but wasn't able to find it, so I apologize if this was already posted somewhere else.

Environment:  5 EV servers running 9.0.3, Windows 2008/2003 mix, Exchange 2010 SP2 (Version: 14.02.0298.004), Outlook 2010 SP1 (Version 14.0.6106.5005)

My issue is as follows:

I currently have a mailbox policy to archive emails 6 months and older for all users.  I was asked to create an exception for some users, to archive 12 months or older emails (they want 12 months of un-archived emails in their mailboxes).

I created a new Provisioning Group (targeting "exceptions" OU in AD), new mailbox archiving policy to archive for 12 months, and moved 3 test users there.  When checking after a few days, the old 6-month policy is still the one in force, as new 6 month old emails got archived.  I then synchronized mailboxes manually and checked with test users, but still 6 month old emails were being archived.

One possible solution is to zap the mailbox, however, when checking the log in Outlook, it appears that is not the issue:

INACTIVITYPERIOD = 12
INACTIVITYPERIODUNITS = 2

Users who are set to 6 months get this:

INACTIVITYPERIOD = 6
INACTIVITYPERIODUNITS = 2

This leads me to believe that zapping will not fix this.  Besides, it is not practical to handle these exceptions by zapping every mailbox that needs the 12 month policy, as that is going to be managed by helpdesk. 

Do you have any ideas on what to check?  I can tell you the provisioning group and the policy is configured correctly, I followed Symantec article that explained how to do it, and have triple-checked everything, and it looks in order.  Alternatively, is there a better way to accomplish these 12-month exceptions?

Thanks in advance to all who respond!

 

 

 

Comments 9 CommentsJump to latest comment

JesusWept3's picture

you haven't ran any EVPM scripts against the mailbox for different rules on the inbox etc or other folders to apply different retention categories or anything like that have you?

LCT's picture

OK...when you create a the new provisioning group for the 12 months archiving policy, where is located on the list? It needs to be on top of the 6 months archiving policy provisioning group.

You need to run the provisioning task and then synchronised the user's mailboxes in order to update them after the users have been moved from one provisioning group to another or new users have been added.

Did you do all the above?

How are you checking that which users, belonging to which archiving policy?

On the EV Admin console, expand to Targets - Exchange and then right click on Exchange you should see the option to check users....type in the users display name and it will list info, such as archiving policy, provisioning group andexchange server etc.

Raf999's picture

Hi JesusWept3,

I am running EPVM script on Inbox and Sent Items, but all it does is remove shortcuts.  Not changing anything else, retention categories or otherwise.

 

Hi LCT,

1.  The provisioning group is at the top (before the other old group that does 6 months)

2.  The mailboxes normally get synchronized once a day, but I ran manual synchronization anyway.  The mailboxes do pick up the settings as indicated by the client logs:

INACTIVITYPERIOD = 12
INACTIVITYPERIODUNITS = 2

Users who are set to 6 months get this:

INACTIVITYPERIOD = 6
INACTIVITYPERIODUNITS = 2

This confirms to me that the 12 month policy applied successfully.

3.  Yes, in the EMC the mailboxes show correct policies applied, it was the first thing I checked

"On the EV Admin console, expand to Targets - Exchange and then right click on Exchange you should see the option to check users."

Just came back from one of the users, and sure enough, 6 month old emails got archived.  What else can I check?  I am attaching screenshots of the Provisioning group and the mailbox policy

and the MB policy (please let me know if you'd like to see more settings)

Thanks!

 

TonySterling's picture

Can you post your EVPM script?

Raf999's picture

Hi Tony,

Instead of posting the script, I disabled them temporarily to see if they are the cause of this problem.  I'll check with the users in the next couple of days and will post the results. 

Thanks!

JesusWept3's picture

you would have to zap the user for it to truly take effect

SOLUTION
TonySterling's picture

But once an EVPM script is applied it changes the settings of the mailbox until the mailbox is zapped.  If you can post the EVPM script we can take a look to see what the expected behaviour should be.

LCT's picture

could you dtrace the mailbox run for one of the 12 month users. Perform a run now on the mailbox and let the dtrace run until archiving finishes...zip the dtrace and post it if possible. You need take out all the private info etc. on the dtrace.

I would be interested to see what is happening during the archiving run. Dtrace will show pretty much everything.

Raf999's picture

Hi again, sorry for the delayed reply, I was away for some time.  Here is the update:

After zapping 2 mailboxes, they now correctly archive 12 months or older.  You guys wanted to see the script.  It's actually 2 different scripts, each calling 3 .ini files.  Here is the first one (after ====  the .ini files start, I included them because I thought you'd want to see them also.  I have removed any specific private info from the script, exchange server name is OldEX2003Server because it's no longer in production)

The script - EVPM_All.cmd
-------------------------------
setlocal enableextensions

set month=%DATE:~4,2%
set day=%DATE:~7,2%
set year=%DATE:~10,4%
set currentdate=%month%%day%%year%

Echo Started inbox policy at  %date% %time%>>C:\scripts\logs\evpm_all_%currentdate%.log
"C:\Program Files\Enterprise Vault\evpm.exe" -e OldEX2003Server -f "C:\scripts\EVPM1_all.ini" -m EVADMINACCOUNT>>C:\scripts\logs\evpm_all_%currentdate%.log
Echo Completed inbox policy at %date% %time%>>C:\scripts\logs\evpm_all_%currentdate%.log
Echo Started Sent Items policy at %date% %time%>>C:\scripts\logs\evpm_all_%currentdate%.log
"C:\Program Files\Enterprise Vault\evpm.exe" -e OldEX2003Server -f "C:\scripts\EVPM2_all.ini" -m z_torevarch>>C:\scripts\logs\evpm_all_%currentdate%.log
Echo Completed Sent Items policy at %date% %time%>>C:\scripts\logs\evpm_all_%currentdate%.log
Echo %date% %time%>>C:\scripts\logs\evpm_all_%currentdate%.log
"C:\Program Files\Enterprise Vault\evpm.exe" -e OldEX2003Server -f "C:\scripts\EVPM3_all.ini" -m EVADMINACCOUNT>>C:\scripts\logs\evpm_all_%currentdate%.log
Echo Started  Delete Items policy at %date% %time%>>C:\scripts\logs\evpm_all_%currentdate%.log

================================
EVPM1_All.ini
--------------------------------

[Directory]
DirectoryComputerName = EVSERVER.com
SiteName = evsite-01

[Filter]
Name = no_shortcuts
CreateShortcut = false
DeleteOriginal = true
UnreadMAIL = true
UseInactivityPeriod = true
InactivityUnits = Months
InactivityPeriod = 6

[Mailbox]
;DistinguishedName = All
LDAPquery = MemberOf=CN=EV-All Users,OU=User Groups,OU=Groups,OU=,DC=CORP,DC=,DC=com

[Folder]
FilterName = no_shortcuts
Name = Inbox
OverrideArchiveLocks = true

================================
EVPM2_All.ini
--------------------------------

[Directory]
DirectoryComputerName = EVSERVER.com
SiteName = evsite-01

[Filter]
Name = no_shortcuts
CreateShortcut = false
DeleteOriginal = true
UnreadMAIL = true
UseInactivityPeriod = true
InactivityUnits = Months
InactivityPeriod = 6

[Mailbox]
;DistinguishedName = All
LDAPquery = MemberOf=CN=EV-All Users,OU=User Groups,OU=Groups,OU=,DC=CORP,DC=,DC=com

[Folder]
FilterName = no_shortcuts
Name = SentItems
OverrideArchiveLocks = true
================================
EVPM3_All.ini
--------------------------------
[Directory]
DirectoryComputerName = EVSERVER.com
SiteName = evsite-01

[Filter]
Name = no_shortcuts
CreateShortcut = false
DeleteOriginal = true
UnreadMAIL = true
UseInactivityPeriod = true
InactivityUnits = Months
InactivityPeriod = 6

[Mailbox]
;DistinguishedName = All
LDAPquery = MemberOf=CN=EV-All Users,OU=User Groups,OU=Groups,OU= ,DC=CORP,DC= ,DC=com

[Folder]
FilterName = no_shortcuts
Name = DeletedItems
OverrideArchiveLocks = true

==============================================

Second script, EV_Users.vbs.  It calls a subscript evpm_new.cmd, which in turn takes settings from 3 .ini files

'==========================================================================
'
' VBScript Source File -- Created with SAPIEN Technologies PrimalSCRIPT(TM)
'
' NAME: EV_Users.vbs
'
' AUTHOR:
' DATE  : 8/3/2009
'
' COMMENT:         Get list of OU's from a file
'   Read all users from the OU's
'   Empties  EV_New_Users group
'   Add all users into EV_All_Users group if not already there
'   Add all users into EV_New_Users group if not already in EV_All_Users group
'   launch evpm_new.cmd

'==========================================================================

Option Explicit

Dim objShell, objFSO, objRootDSE, objTextStream, objLogFile, objGroupAll, objOU, objUser
Dim objFolder, ObjFile, ObjFileCol
Dim objGroupNew, objMember
Dim strCurDir, strInputFile,  strLogFile, strAdspath, strOU, strFlag, strEVAllUsersGroup, strEVNewUsersGroup
Dim arrOU
Const ForReading = 1

'*********** Enter below the DN name of all EV users group ***************
strEVAllUsersGroup = "CN=EV-All Users,OU=User Groups,OU=Groups,OU=, DC=corp,DC= ,dc=com"

'*********** Enter below the DN name of New EV users group ***************
strEVNewUsersGroup = "CN=EV-New Users,OU=User Groups,OU=Groups,OU= ,DC=corp,DC= ,dc=com"

On Error Resume Next

Set objShell = CreateObject("WScript.Shell")
Set objFSO   = CreateObject("Scripting.FileSystemObject")

strFlag = 0

' Connect to AD Root.
Set objRootDSE = GetObject("LDAP://RootDSE")

'READ INPUT FILE
 strCurDir = objShell.CurrentDirectory

strInputFile = strCurDir & "\OUS.txt"

Set objTextStream = objFSO.OpenTextFile(strInputFile, ForReading)
 If Err.Number<> 0 Then
   objShell.LogEvent 1, Err.Description
 End If

arrOU = Split(objTextStream.ReadAll, vbCrLf)
objTextStream.Close

 ' Create files in same directory where this script is executed from.
 strLogFile = strCurDir + "\Ev_New_Users.log"

 ' If files doesn''t exist, create it. If exist, reopen it with
 ' overwrite option set to True.
Set objLogFile = objFSO.OpenTextFile(strLogFile, 8, True)
 If Err.Number<> 0 Then
   objShell.LogEvent 1, Err.Description
 End If 
 
'Get the group where all users will be added
Set objGroupAll = GetObject("LDAP://" & strEVAllUsersGroup)
 If Err.Number<> 0 Then
   objShell.LogEvent 1, Err.Description
 End If
 
'Get the group where new users will be added
Set objGroupNew = GetObject("LDAP://" & strEVNewUsersGroup)
 If Err.Number<> 0 Then
   objShell.LogEvent 1, Err.Description
 End If
 
'Emptying new users group
objGroupNew.GetInfo
 For each objMember in objGroupNew.Members
  objGroupNew.PutEx 4,"member", Array(objMember.DistinguishedName)
  objGroupNew.SetInfo
  If Err.Number<> 0 Then
   objShell.LogEvent 1, Err.Description
   Else
   objLogFile.WriteLine(Date & " " & Time & " " & objMember.DisplayName & " removed from new EV users group")
  End If 
Next
 
'List all OU's 
 For Each strOU In arrOU
  strAdspath = "LDAP://" & strOU
  
  If strOU <> "" then
' Connect to Active Directory OU
   Set objOU = GetObject(strADsPath)
    If Err.Number<> 0 Then
     objShell.LogEvent 1, Err.Description
    End If
' Filter only users object
   objOU.Filter = Array("User")

   For Each objUser in objOU
    If ObjGroupAll.IsMember(ObjUser.AdsPath)= False Then
     strFlag = 1
     objGroupAll.PutEx 3,"member", Array(objUser.DistinguishedName)
     objGroupAll.SetInfo
      If Err.Number<> 0 Then
       objShell.LogEvent 1, Err.Description
       Else
      objLogFile.WriteLine(Date & " " & Time & " " & objUser.DisplayName & " successfullly added into all EV users group")
      End If
     objGroupNew.PutEx 3,"member", Array(objUser.DistinguishedName)
     objGroupNew.SetInfo
      If Err.Number<> 0 Then
       objShell.LogEvent 1, Err.Description
       Else
      objLogFile.WriteLine(Date & " " & Time & " " & objUser.DisplayName & " successfullly added into new EV users group")   
      End If
    End If
   Next
  End If
 Next
If strFlag = 1 then
 objShell.Run strCurDir & "\evpm_new.cmd", 1, True
End If

'evpm Log files cleanup
Set objFolder = objFSO.GetFolder(objShell.CurrentDirectory & "\logs")
Set ObjFileCol = objFolder.Files
 For Each ObjFile in ObjFileCol
 'Wscript.echo objFile.name
  If DateDiff("d", ObjFile.DateLastModified, Now) > 31 Then
   ObjFile.Delete
  End If
 Next

objLogFile.Close
'Wscript.Echo "Completed"

=======================================================================
evpm_new.cmd
-----------------------------------------------------------------------
setlocal enableextensions

set month=%DATE:~4,2%
set day=%DATE:~7,2%
set year=%DATE:~10,4%
set currentdate=%month%%day%%year%

Echo Started inbox policy at  %date% %time%>>C:\scripts\logs\evpm_new_%currentdate%.log
"C:\Program Files\Enterprise Vault\evpm.exe" -e OldEX2003Server -f "C:\scripts\EVPM1_new.ini" -m EVADMINACCOUNT>>C:\scripts\logs\evpm_new_%currentdate%.log
Echo Completed inbox policy at %date% %time%>>C:\scripts\logs\evpm_new_%currentdate%.log
Echo Started Sent Items policy at %date% %time%>>C:\scripts\logs\evpm_new_%currentdate%.log
"C:\Program Files\Enterprise Vault\evpm.exe" -e OldEX2003Server -f "C:\scripts\EVPM2_new.ini" -m EVADMINACCOUNT>>C:\scripts\logs\evpm_new_%currentdate%.log
Echo Completed Sent Items policy at %date% %time%>>C:\scripts\logs\evpm_new_%currentdate%.log
Echo Started  Delete Items policy at %date% %time%>>C:\scripts\logs\evpm_new_%currentdate%.log
"C:\Program Files\Enterprise Vault\evpm.exe" -e OldEX2003Server -f "C:\scripts\EVPM3_new.ini" -m EVADMINACCOUNT>>C:\scripts\logs\evpm_new_%currentdate%.log
Echo Completed Delete Items policy at %date% %time%>>C:\scripts\logs\evpm_new_%currentdate%.log

=======================================================================
EVPM1_new.ini
-----------------------------------------------------------------------
[Directory]
DirectoryComputerName = EVSERVER.com
SiteName = evsite-01

[Filter]
Name = no_shortcuts
CreateShortcut = false
DeleteOriginal = true
UnreadMAIL = true
UseInactivityPeriod = true
InactivityUnits = Months
InactivityPeriod = 6

[Mailbox]
;DistinguishedName = All
LDAPquery = MemberOf=CN=EV-New Users,OU=User Groups,OU=Groups,OU= ,DC=CORP,DC= ,DC=com

[Folder]
FilterName = no_shortcuts
Name = Inbox
OverrideArchiveLocks = true

=======================================================================
EVPM2_new.ini
-----------------------------------------------------------------------
[Directory]
DirectoryComputerName = EVSERVER.com
SiteName = evsite-01

[Filter]
Name = no_shortcuts
CreateShortcut = false
DeleteOriginal = true
UnreadMAIL = true
UseInactivityPeriod = true
InactivityUnits = Months
InactivityPeriod = 6

[Mailbox]
;DistinguishedName = All
LDAPquery = MemberOf=CN=EV-New Users,OU=User Groups,OU=Groups,OU= ,DC=CORP,DC= ,DC=com

[Folder]
FilterName = no_shortcuts
Name = SentItems
OverrideArchiveLocks = true

======================================================================
EVPM3_new.ini
----------------------------------------------------------------------
[Directory]
DirectoryComputerName = EVSERVER.com
SiteName = evsite-01

[Filter]
Name = no_shortcuts
CreateShortcut = false
DeleteOriginal = true
UnreadMAIL = true
UseInactivityPeriod = true
InactivityUnits = Months
InactivityPeriod = 6

[Mailbox]
;DistinguishedName = All
LDAPquery = MemberOf=CN=EV-New Users,OU=User Groups,OU=Groups,OU= ,DC=CORP,DC= ,DC=com

[Folder]
FilterName = no_shortcuts
Name = DeletedItems
OverrideArchiveLocks = true

======================================================================

To reiterate the issue, the problem with zapping mailboxes is that we sometimes change the policies globally, and with thousands of users it's not practical to zap.  In this case this policy is for a few users only, but in the future?

Please let me know what you think.  I am also considering opening a case with Support.
 

LCT, I read your post after I fixed the 2 mailboxes requiring the 12 month policy, so I can't dtrace them now.  But maybe I will find someone else who also wants the 12 months, so I could dtrace then.

Thanks in advance!