The simplest function of ExMerge—copying messages from mailboxes into .pst files for temporary storage or transfer—can save you lots of time and labor. But the newest version of this utility is much more powerful and can help you find and remove infected e-mail attachments and perform selective archiving.
Rather than cover everything the utility can do (it comes with a 60-page manual), we’ll look at some of the ways you can use the latest version of ExMerge to accomplish some otherwise-difficult tasks.
To obtain the latest version of ExMerge, you’ll need to contact Microsoft Product Support Services. It’s not available as a download.
If you’d like to learn more about this utility, read “Using ExMerge in the real world.” The article introduces ExMerge and discusses some basic ways to use it.
Before starting ExMerge, remove any exmerge.log files that have been created by previous runs of the utility. They will be placed at c:\exmerge.log by default. However, the actual location will be defined by the setting in the exmerge.ini file, which is in the same folder as the exmerge.exe file.
You should also check the folder in which .pst files will be created. This folder is defined by exmerge.ini, and the default folder will be c:\exmergedata. It’s best to clear out the existing .pst files from this folder before running ExMerge if you only use it to run one-off “message location and extraction”-type exercises. Otherwise, the .pst files in this folder accumulate more and more messages.
The location of the \exmergedata folder can be altered on a job-by-job basis by using different exmerge.ini files. You can do this by specifying the –F command-line parameter when executing exmerge.ini. For example:
exmerge.ini –F c:\archive\exmerge.ini
Each of the procedures below requires you to select ExMerge’s Two-Step Merge and then to select Step One of the process—Copy Data To Personal Folders. You will then be required to enter the server name and click on the Options button to access the necessary features.
|The first step in the process|
Find specific attachments within certain mailboxes
ExMerge can help you find out who received a particular file or which mailboxes contain messages with certain attachments that may be infected with a virus.
First, click the Options button and select the Message Details tab. To check for messages that contain a specific attachment, type the name of the attachment in the Enter New Attachment Name field and click the Add button. You’ll notice there’s a Full String Match and a Sub String Match option that will allow you to be more, or less, specific.
|The Message Details tab|
Now, click OK and proceed to the next screen, which simply asks you to select the mailboxes to be searched. After doing this, click on Next again to start the process.
This is where it’s helpful to have the latest version of the utility. Version 3.71 of ExMerge will log lines in exmerge.log that name the mailbox that has been processed, along with the number of items that have been extracted according to the criteria you set in the Message Details tab.
Number of messages processed for mailbox ‘Jwatts’: 5
means that you can use a find command on exmerge.log to locate the names of the mailboxes that have a number of processed messages greater than 0.
Find /i “Number of messages processed for mailbox” c:\exmerge.log | find /i /v “: 0”
If you have an older version of ExMerge, such as 3.65, you won’t find these lines in the exmerge.log file. However, you can look for two clues to get an idea of which mailboxes have the attached files.
First, there will be a line in the exmerge.log file that reads something like this:
Number of items copied from the source store for all mailboxes processed: 2
This tells you the number of items found in the selected mailboxes that met the search criteria and were copied out, although it won’t tell you which mailboxes met the criteria.
Second, take a look at the \exmergedata folder for the .pst files and (because we cleared the old files out first) the files containing copies of the attachments may be obvious to spot because of the file size.
|Files containing attachments are often easy to spot.|
It clearly makes sense to get the latest version of the utility, as this distinction would be much more difficult if we were searching for messages based on subject line—there would not necessarily be any large difference in file size.
One of the options in the Import Procedure tab is to “move” data from the Exchange Server mailboxes to the .pst files—deleting the messages from the server-based mailboxes in an archive process.
This option is grayed out when you run ExMerge through step two of the Two-Step Merge (.pst to Mailbox) to avoid irrecoverably deleting messages.
|The Archive option of ExMerge|
Using this option along with other options from the Data Selection Criteria tab provides a very flexible method of archiving messages from your users’ mailboxes. Let’s say that you wanted to forcibly archive all messages from your users’ Sent Items folders that were older than the beginning of the year. You would be able to specify that only the Sent Items folder be processed, and that within the Sent Items folder, only messages falling within the specified dates should be processed. The next two figures show these specifications.
|This tab allows you to specify a folder to search…|
|…and this one allows you to set parameters for the search.|
After you make your selections, you can save them by clicking OK and then following the prompts to specify the mailboxes that will process and run the procedure. You will now have a collection of .pst files in the \exmergedata folder that contain the Archived Sent Items folders from the selected mailboxes.
Removing confidential messages
You can also use ExMerge to remove a confidential message from an entire Exchange server. This would be almost impossible without the ability to search by subject and, as we have seen, to archive messages in server-based mailboxes.
This method is a cross between the two procedures explained above. Start by opening the Message Details tab again and searching by Message Subject instead of Attachment name. Make sure the Sub String Match, Ignore Case option is turned on, in case the subject line has been altered or added to with “FW,” and so on.
Next, clear the c:\exmergedata directory of other .pst files, because you will probably want to delete these .pst files and select the Archive option.
Now, select the mailboxes to process and run the procedure. The messages should be moved to the .pst files where you can delete them. Of course, these private folder files can be opened with Outlook to ensure the correct messages were captured. If this is a concern, you can run the procedure using the Copy To option first, followed up by the Archive run of the utility.
Microsoft document Q232006 goes even further than this, describing how to ensure that the free space created by the deletions from the mailboxes is reused immediately.
If you’d like to share your opinion, start a discussion below or send the editor an e-mail.