Recovering data from the Preservation Hold Library. What you need to know.

Retention policies have been put in place to help organization’s comply with regulations related to how long a document must be kept before it disposed of. As organization’s have moved to a digital workflows and a paperless office, the documents that used to be archived in a Banker Box are now being managed as a digital record. These records are often stored in Microsoft SharePoint or Microsoft OneDrive with rules applied. Kiefer has helped clients establish retention policies to stay compliant with regulatory, government, and legal mandates.

But this article is not just about retention policies. This article focuses on the Preservation Hold Library. When organizations have retention policies in place, even items that are deleted from SharePoint or OneDrive are moved to another library that holds the file until they can be deleted in accordance to the retention policy. If the document is scheduled to be deleted after 5 years, it will sit in the Preservation Hold Library until it’s scheduled deletion date.

The Preservation Hold Library may also be incredibly useful in the event that your organization is subject to a malicious attack. We recently met with a client that had lost several thousand documents and had no way to recover the documents. The items were not only deleted from SharePoint, but they were deleted from the Recycle Bin. The client was hopeful that these files might be recoverable.

Banner to download a free non-technical white paper on how to get the most out of SharePoint

The good news is that they are. The documents will be in the Preservation Hold Library. It is important to point out a few things that must be considered if you do ever need to restore files that are held in the Preservation Hold Library.

Applying a Retention Policy

Digital records are much different than physical documents. They need to be managed and policies need to be established to preserve the record from accidental deletion or a malicious attack. Kiefer has helped many organizations leverage SharePoint as a content management system and helped in applying retention policies that ensure the information is available and accessible in the event of an audit. Microsoft technologies can support a robust document management plan, but it requires planning and expertise.

After a retention policy is assigned to a SharePoint site, content can follow one of two paths:

  • If a document is modified or deleted during the retention period, a copy of the original document as it existed when the retention policy was assigned is created in the Preservation Hold Library. 
  • These items are permanently deleted within seven days of the end of the retention period.

  • If the content is not modified or deleted during the retention period, it’s moved to the first-stage Recycle Bin at the end of the retention period. If a user deletes the content from there or empties this Recycle Bin (also known as purging), the document is moved to the second-stage Recycle Bin. A 93-day retention period spans both the first- and second-stage recycle bins.
Retention period illustration by Microsoft that shows how recycle bin and Preservation Hold libraries work

Recovering Items in the Preservation Hold Library

Principal Consultant, Andy Coyle, ran a proof of concept (POC) PowerShell script to recover a file from the preservation hold library on a DEV tenant, and he discovered the file can be (fairly) easily copied. The copy took about an hour to set up in the tenant and write the script.  In recovering the item, he did share that there are a lot of unknowns which will make this harder than just the straight-up copy. 

Although Andy’s POC only copied a single file, Andy stated that the PowerShell script can be easily augmented to spin through all the files in the Preservation Hold Library.

What you need to know about recovering items from the Preservation Hold Library

  • If you need to preserve content types and metadata, you will need to spend some additional time coding.  The metadata is easily available and easily parsed into an object.  The object would then need to be applied by getting the proper item, and then setting the items properties.
  • If you are looking to carry over metadata, expect that the process will take nearly 3X as long (processing time). If you want to retain metadata on the item being restored from the Preservation Hold Library, you will need to copy the item, then get the new item, then set the new item’s metadata. If you are restoring several thousand items, this process could take a while.
  • If you want to retain versions of the item, we anticipate that this is also add time to the recovery/restoration effort. The simple method may be to restore only the most recently deleted file, but here again, it may take time to identify all the latest files that had been deleted. Again, we leverage a PowerShell script to identify those. If versions are kept, processing time must be considered since there will be extra files that will need to be copied. In full disclosure, we didn’t tackle the potential issue presented by “versions” in our POC, but we recognize that it would certainly be something that could impact the amount of hours required to restore a large number of files from the Preservation Hold Library.
  • Capacity: As an FYI, the recovery will (at least) double the space used, because the Preservation Hold Library will still contain the records and the doc library will also have the records.
  • Re-deleting:  When the item is deleted again out of the Shared Documents folder, a new item will be placed in the preservation hold library
  • Re-deleting before the hack:  If a file had been deleted and then recovered prior to the hack, then deleted again, there are sequence problems that need to be addressed.
  • It will be difficult to determine items that were appropriately deleted before the hack, so the customer needs to be prepared to re-delete items that were appropriately deleted by users.  We may be able to see who deleted the item (who created the item in the preservation hold library). This caveat, like the “versions” caveat was not tested in the POC but would have to be considered if we were asked to support a client that was restoring from the Preservation Hold Library.
  • Restoring from the Preservation Hold Library requires site collection administrator rights to perform the recovery. Kiefer recommends that you use PowerShell PNP and/or migration tools to recover content in the Preservation Hold Library.

How Kiefer can help

So, if you are looking to strengthen your document management strategy or put safeguards in place to protect your organization from data loss, contact us. We can help you build a robust document management system and simplify the process of applying retention policies to digital records.


Follow Us

Leave a Comment

Your email address will not be published. Required fields are marked *