Create and Configure a Journaling Mailbox
Applies to: Exchange Server 2010
If journaling is enabled in an Exchange organization, either by using journal rules or standard journaling (per-mailbox database journaling), you can create a mailbox that's used for collecting journal reports. This is called a journaling mailbox.
In addition to showing you how to create a journaling mailbox, this topic provides the following recommended steps for configuring the journaling mailbox:
Configure the journaling mailbox to accept messages only from the Microsoft Exchange recipient Journaling mailboxes receive journal reports from the Journaling agent. To maintain the integrity of the journaling mailbox and prevent fake journal reports and other messages, it should be configured to receive e-mail only from the Journaling agent. The Journaling agent delivers journal reports to the journaling mailbox by using the Microsoft Exchange recipient, a system mailbox that isn't visible in the global address list (GAL). For more details about the Microsoft Exchange recipient, see Understanding the Microsoft Exchange Recipient.
**Disable storage quota limits for the journaling mailbox **A journaling mailbox is used by the Journaling agent to delivery a journal report for:
- Every message that matches the parameters of a journal rule.
- Every message sent or received by mailboxes on a mailbox database if you're using per-mailbox database journaling.
Depending on the messaging traffic in your organization and the number of messages that need to be journaled, a journaling mailbox can potentially grow to a very large size. If you set a low storage quota, delivery of new journal reports to the mailbox will stop after the quota is reached. Therefore, we recommend that you disable mailbox quotas for the journaling mailbox or enable a Prohibit send and receive quota. For more information about mailbox storage quotas, see Understanding Quota Messages.
Important
If you disable mailbox storage quota limits on a mailbox, we recommend that you monitor the mailbox size. We recommend that you configure the mailbox to accept messages only from the Microsoft Exchange recipient, and not accept messages sent by unauthenticated senders.
**Grant Full Access permissions to users for the journaling mailbox **After you've created a journaling mailbox, if the mailbox is intended for programmatic access or if you want to grant access to authorized users such as records managers, you must grant full access permission to access the mailbox.
To learn more about journaling mailboxes and the Journaling agent, see Understanding Journaling.
Important
Journaling mailboxes contain very sensitive information. You must secure journaling mailboxes because they collect messages that are sent to and from recipients in your organization. These messages may be part of legal proceedings or may be subject to regulatory requirements. Various laws require that messages remain tamper-free before they're submitted to an investigatory authority. We recommend that you create policies that govern who can access the journaling mailboxes in your organization, limiting access to only those individuals who have a direct need to access them. Speak with your legal representatives to make sure that your journaling solution complies with all the laws and regulations that apply to your organization.
Looking for other management tasks related to journaling? Check out Managing Journaling.
Step 1: Use the EMC or the Shell to create a journaling mailbox
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "User mailboxes" entry in the Mailbox Permissions topic.
Use the EMC
- In the console tree, click Recipient Configuration.
- In the action pane, click New Mailbox.
- On the Introduction page, click User Mailbox.
- On the User Type page, click New User.
- On the User Information page, complete the following fields:
Specify the organizational unit rather than using a default one Select this check box to select an organizational unit (OU) other than the default (which is the recipient scope). If the recipient scope is set to the forest, the default value is set to the Users container in the Active Directory domain that contains the computer on which the Exchange Management Console is running. If the recipient scope is set to a specific domain, the Users container in that domain is selected by default. If the recipient scope is set to a specific OU, that OU is selected by default. To select a different OU, click Browse to open the Select Organizational Unit dialog box. This dialog box displays all OUs in the forest that are within the specified scope. Select the desired OU, and then click OK. To learn more about recipient scopes, see Understanding Recipient Scope.
First name, Initials, and Last name Because this mailbox will be used to collect journal reports, it isn't necessary to complete these fields.
Name Use this box to type a display name for the journaling mailbox. This is the name that's listed in Active Directory. By default, this box is populated with the names you enter in the First name, Initials, and Last name boxes. If you didn't use those boxes, you must still type a name in this field. The name can't exceed 64 characters.
User logon name (User Principal Name) Use this box to type the name that the user will use to log on to the journaling mailbox. The user logon name consists of a user name and a suffix. Typically, the suffix is the domain name in which the user account resides.
User logon name (pre-Windows 2000) Use this box to type the name for the user that's compatible with the legacy versions of Microsoft Windows (prior to the release of Windows 2000 Server). This field is automatically populated based on the User logon name (User Principal Name) field. This field is required.
Password Use this box to type the password that the user must use to log on to the journaling mailbox.
Note
Journaling mailboxes can potentially contain sensitive information. We recommend using a complex password that exceeds the password requirements your organization may have for normal user accounts.
Confirm password Use this box to confirm the password that you typed in the Password box.
User must change password at next logon Select this check box if you want the user to reset the password when they first log on to the journaling mailbox.
If you select this check box, at first logon, the user will be prompted with a dialog box in which to change the password. The user won't be allowed to perform any tasks until the password is successfully changed.
Requiring a password change at first logon is a good practice for accounts you create for your users. It forces the user to change the password, which prevents the use of any default passwords provided by the administrator during account creation. A forced password change on first logon also ensures that the administrator doesn't have knowledge of the user password after first logon. This may not be necessary for journaling mailboxes because the associated user accounts are created and used by the administrator or by administrator-controlled processes that may access the journaling mailbox.
- On the Mailbox Settings page, complete the following fields:
Alias Use this box to type an alias for the journaling mailbox. The alias can't exceed 64 characters and must be unique in the forest.
Specify the mailbox database rather than using a database automatically selected Select this check box to specify a mailbox database instead of allowing Exchange to select a database for you. Click Browse to open the Select Mailbox Database dialog box. This dialog box lists all the mailbox databases in your Exchange organization. By default, the mailbox databases are sorted by name. You can also click the title of the corresponding column to sort the databases by storage group name or server name. Select the mailbox database you want to use, and then click OK. This is an optional field.
Note
When planning to use journaling, consider the storage requirements for journaling mailboxes. These will vary depending on the number and size of messages captured by the Journaling agent.
Managed folder mailbox policy Select this check box to specify a managed folder mailbox policy for the journaling mailbox. A managed folder mailbox policy is a logical grouping of managed folders. When a managed folder mailbox policy is applied to a user’s mailbox, all the managed folders that are linked to the policy are deployed in a single operation, thereby making the deployment of messaging records management (MRM) easier. To learn more, see Understanding Managed Folders.
Click Browse to open the Select Managed Folder Mailbox Policy dialog box. Use this dialog box to select the managed folder mailbox policy to be associated with this mailbox. This is an optional field.
Some third-party archiving or retention solutions retrieve journal reports from the journaling mailbox and store them in an external database, or require you to automatically forward a copy of the journal report to the external database or e-mail address. If you use a similar solution, and if it doesn't automatically purge messages from the journaling mailbox after retrieving them, the journaling mailbox may continue to grow and consume storage space. You can create a managed folder mailbox policy and apply it to the journaling mailbox to automatically purge messages after a certain period.Exchange ActiveSync mailbox policy Journaling mailboxes are meant to be accessed using Microsoft Exchange ActiveSync. You don't need to select this option when creating a journaling mailbox.
- On the Archive Settings page, leave the Create an archive mailbox for this account check box cleared.
- On the New Mailbox page, review your configuration settings. To make any configuration changes, click Back. To create the journaling mailbox, click New.
- On the Completion page, review the following, and then click Finish to close the wizard:
- A status of Completed indicates that the wizard completed the task successfully.
- A status of Failed indicates that the task wasn't completed. If the task fails, review the summary for an explanation, and then click Back to make any configuration changes.
Use the Shell
This example creates a journaling mailbox with the following parameters:
- Name Vault5
- User Principal Name vault@contoso.com
- Mailbox Database Database2
After you enter the first command, you'll be prompted for a password.
$password = Read-Host "Enter password" -AsSecureString
New-Mailbox -Name Vault5 -UserPrincipalName vault@contoso.com -Database "Database2" -Password $password
For detailed syntax and parameter information, see New-Mailbox.
Step 2 (optional but recommended): Use the Shell to configure the journaling mailbox to accept messages only from the Microsoft Exchange recipient
Warning
This procedure shouldn't be performed in organizations where the journaling mailbox is required to receive e-mail from non-Exchange mail hosts, unauthenticated senders, or senders other than the Microsoft Exchange recipient.
Note
You can't use the EMC to perform this procedure because the Microsoft Exchange recipient, a system mailbox, isn't visible in the GAL.
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "User mailboxes" entry in the Mailbox Permissions topic.
This example configures delivery restrictions on a journaling mailbox with the display name Journaling Mailbox to accept messages only from the Microsoft Exchange recipient and to accept messages only from authenticated senders.
Set-Mailbox "Journaling Mailbox" -AcceptMessagesOnlyFromSendersOrMembers "Microsoft Exchange" -RequireSenderAuthenticationEnabled $true
For detailed syntax and parameter information, see Set-Mailbox.
Step 3 (optional but recommended): Use the EMC or the Shell to disable storage quota limits for the journaling mailbox
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "User mailboxes " entry in the Mailbox Permissions topic.
Use the EMC
- In the console tree, navigate to Recipient Configuration > Mailbox.
- In the result pane, select the journaling mailbox you created.
- In the action pane, click Properties.
- On the Mailbox Settings tab, select Storage Quotas, and then click Properties.
- In Storage Quotas, clear the Use mailbox database defaults check box, and then click OK.
- Click Apply, and then click OK.
Use the Shell
This example disables mailbox quotas for the journaling mailbox vault.
Set-Mailbox "vault" -UseDatabaseQuotaDefaults $false -IssueWarningQuota unlimited -ProhibitSendQuota unlimited -ProhibitSendReceiveQuota unlimited
For detailed syntax and parameter information, see Set-Mailbox.
Step 4 (optional but recommended): Grant Full Access permissions to selected users for accessing the journaling mailbox
For detailed instructions about how to grant Full Access permissions to a mailbox, see Manage Full Access Permissions.
Other Tasks
After you create and configure a journaling mailbox, you may also want to: