This guide helps to restore an Exchange 2007 mailbox to a test lab server on an isolated network and extract restored mailbox as a .pst file.
Normally you can only restore Exchange within the same organisation. If you want to restore Exchange mailbox to a server on a completely different network you have to replicate your domain and exchange setup.

1. Create a new virtual machine (or use a physical PC) on an isolated network not connected to your existing environment.

2. Install Windows Server 2003 (R2) 64 bit with SP2.

• Start > Run > dcpromo. Create a new domain with the same name as you existing one.

3. Install Exchange server 2007

• Install Microsoft .NET Framework Version 2.0 Redistributable Package (x64)
• Install Windows PowerShell 1.0 Windows Server 2003 x64 Edition
• You may also need to install following updates before you can install Exchnage:
  KB926776-X64
  KB942763
  Microsoft .NET Framework 2.0 Service Pack 1 (x64)
• Enable IIS and WWW services: Add Remove Programs > Add Remove Windows Components > Application Server > Details > IIS.
• Raise Domain Functional Level to Windows Server 2003: AD Users and Computers > mydomain.local > Raise Domain Functional Level.
• Install Exchange Server 2007 SP1. Choose "Typical installation".
• Make sure Exchange organisation name matches your existing Exchange organisation's name. To find Organisation Name of existing Exchange server run Shell command Get-OrganizationConfig | select name.

4. Restart newly installed Exchange Server.

5. Exchange Management Console (EMC) > Server Configuration > Mailbox Rename "First Storage Group" and "Mailbox Database" so they have the same names as the storage group and database you are restoring from.

6. Create new Recovery database. Exchange Management Console (EMC) > Toolbox > Database Recovery Management

• Create a Recovery Storage Group. Use default values.
• Using tasks in the opened Troubleshooting Assistant make sure Recovery database is dismounted and flag "Database can be overwritten by restore" is set.

7. Open Windows Backup utility (ntbackup) > Restore and Manage Media > Tools > Catalog a backup file > Select your .bkf backup file you will be restoring from.

• Browse and select required storage group.
• Click "Start Restore".
• Enter <servername> of your new Exchange server  in "Restore to exchange" (Server names of old and new servers do not have to match)
• Check "Last Restore Set" if this is the only restore you are going to run on this storage group.
• Enter path for TMP files.
• Click OK and run the Restore operation.

8. EMC > Recipient Configuration > Mailbox. Create a new mailbox where you will be restoring data.

9. Go back to Troubleshooting Assistant and Mount Recovery Storage Group.

10. Now you need to transfer restored mailbox from Recovery Storage Group to your main storage group.
Open Exchange Management Shell (EMS) and run: restore-mailbox -RSGMailbox '<User Name>' -RSGDatabase 'Recovery Storage Group\Mailbox Database' -id '<user.name>' -TargetFolder 'Restore'
"<User Name>" is full name of the user you are restoring
"<user.name>" is an alias of the user you created in stage 8.

11. Now you have only left to extract recovered mailbox into .PST file. This can only be done on a 32 bit computer with Outlook 2003 SP2 or later installed.

12. Install new Windows XP workstation on the same isolated network and join the domain.

13. Install MS Exchange 2007 SP1 32 bit version.

• Choose Custom Installation and select Management Tools only.
• As with the Exchange server you may need to install .NET framework, PowerShell and some other updates required for Exchange installation.

14. Install MS Outlook 2003 SP2 or later.

15. Export mailbox into .pst file - EMS > Export-Mailbox –Identity <user.name> -PSTFolderPath <pathToSavePST>
If you get Error: Failed to copy messages to the destination mailbox store with error: MAPI or an unspecified service provider, you need to set appropriate Exchange permissions to the user account you are logged on.
EMC > Organisation Configuration > Exchange Administrators > Add Exchange Administrator > Exchange Server Administrator Role
EMC > Recipient Configuration > Mailbox > user.name > Manage Full Access Permissions > Add

Statistics

Get-MailboxStatistics -server <ServerName>
Get a list of all mailboxes, number of items, Storage Limit Status and Last Logon Time

Get-MailboxStatistics –server <ServerName> | Sort-Object TotalItemSize -Descending | ft DisplayName,@{label="TotalItemSize(MB)";expression={$_.TotalItemSize.Value.ToMB()}},ItemCount, storagelimitstatus
Get list of all mailboxes, sizes in MB, number of items and limit status. Sorted by size.

Get-MailboxStatistics -server <ServerName> | sort -Property @{expression={$_.TotalDeletedItemSize.value.ToMB()}} -Descending | select-object DisplayName, @{expression={$_.TotalDeletedItemSize.value.ToMB()};Label="Dumpster(MB)"}, @{expression={$_.totalitemsize.value.ToMB()}; label="Mailbox Size (MB)"}
Get list of all mailboxes and their dumpster sizes. Sorted by dumpster size.

Get-Mailbox | Get-MailboxFolderStatistics | sort -Property {$_.FolderAndSubFolderSize.ToMb()} -Descending | where{$_.FolderType -eq "DeletedItems"} | Select-Object Identity, @{expression={$_.FolderAndSubFolderSize.ToMb()};Label="Size of Deleted Items"}, ItemsInFolderAndSubFolders | fl
Get list of sizes and number of items of Deleted Items for all users. Sorted by Deleted Items folder size.
If you want results to be exported into .csv file, replace | fl with | Export-Csv c:\deleted_items.csv

Get-Mailbox | Format-Table alias, *quota
Retrieves all mailbox users with mailbox quotas (only set explicitly). "unlimited" may be misleading if default quota is used.  See bellow.

Get-Mailbox -id "**" | fl *quota*
A value of TRUE on UseDatabaseQuotaDefaults means that the per-mailbox settings are ignored and the mailbox database defaults are used. 

Read more: Useful Exchange 2007 and 2010 Management Shell commands

There are number of places to limit message size in Exchnage 2007:

1. Organizational limits: Apply to all Exchange servers in the Organization
EMC > Organization Configuration > Hub Transport > Global Settings tab > Transport Settings > Properties > General.

2. Receive Connector limit: Receive Connectors are only used to receive messages
EMC > Server Configuration > Hub Transport > Receive Connectors > Connector > Properties > General.

3. Send Connector limit: Send Connectors are used for sending outgoing messages to the internet or particular address spaces (domains).
EMC > Organization Configuration > Hub Transport > Send Connectors > Connector > Properties > General

4. Mailbox limit: Individual recipients (mailboxes, etc) can have their own limits to bypass the Organizational limits (only for internal messages).
Recipients > Mailbox > select mailbox > properties > Mail Flow Settings > Message Size Restrictions

5. Global Settings: Global settings can impact Exchange Server 2007 recipients (if upgraded from Exchange 2003)
Exchange Server 2003 Global Settings > Message Delivery > Properties
If all Exchange 2003 servers were removed Using ADSIEdit.
In Exchange Server 2007 SP1 changing Organisation Transport limits automatically change Global limits.

6. Active Directory SiteLink limit: In Exchange Server 2007 SP1, you can also set maximum message size limit on AD Site Links.
Exchange Server 2007 uses the AD Site topology to determine the least cost paths. If the message size to be delivered to a remote AD Site exceeds the limit on the AD Site Link, message delivery will fail.
By default, the MaxMessageSize on AD Site Links is set to unlimited. This can be changed using Exchange Management Shell (EMS):
Set-ADSiteLink "<Site Link Name>" -MaxMessageSize 20Mb

7. Routing Group Connector Limit: Routing Group Connectors are used in co-existence scenarios to transfer messages between Exchange Server 2003/2000 Routing Groups and the Exchange Server 2007 Routing Group. Messages exchanged between these Routing Groups should be below the message size limits of their respective RGCs. The default is set to unlimited. To set the MaxMessageSize on a Routing Group Connector:
Set-RoutingGroupConnector "<Connector name>" -MaxMessageSize 20Mb

Source: http://exchangepedia.com/2007/09/exchange-server-2007-setting-message-size-limits.html

Exchange Server 2007

If you need to block all network access to a particular user so he/she can’t access or delete any files or emails you have number of option.

1. Disable user in AD

• If user tries to logon on the network will get a message – your account is disabled.

• Incoming emails are still delivered in Exchange 2007 environment. In Exchange 2003 environment without hotfixes 916783 and 903158 incoming emails will be rejected.

• If user is already logged on, he can still access network and Exchange emails until logon token expires. This may take quite a while (hours). Even after that Outlook connection to the Exchange may work until Outlook is restarted.
• To disconnect user immediately, force computer to restart or logoff

• To log off or restart remotely: Computer management > Connect to another computer > computername > Properties > Advanced > Startup and Recovery Settings > Shut Down > Log off Current User / Force Apps Closed

• To restart remotely: CMD > shutdown -r -f -m \\computername This will warn user and give 30 seconds to save his data. If user has local admin rights he could cancel shutdown with shutdown –a. If you don’t want to warn user about the restart use shutdown -r -f -m \\computername -t 0

2. Change user password

• If user tries to logon on the network will get a message – password is incorrect.

• Incoming emails are delivered.

• Everything else as in disabled user (see above).

3. Disable user in Exchange Management Console

• EMC > Recipient Configuration > Mailbox > User Name > Disable

• This removed link between AD user and Exchange mailbox

• Incoming emails gets rejected immediately

• User is disconnected from his mailbox in webmail immediately although if Outlook is open user may still be able to access and delete his emails there for a while.

• Mailbox is marked for deletion in Exchange

• If you want disconnected mailbox become visible in EMC > Recipient Configuration > Disconnected Mailbox immediately, open Exchange Management  Shell and run Clean-MailboxDatabase "database name"

4. Initiate malbox move

• In emergency if you want to disconnect user from his mailbox immediately (to prevent email deletion, etc) without disabling user in Exchange (thus rejecting incoming email) you can initiate mailbox move to another database (in Exchange Management Console).

• EMC > Recipient Configuration > Mailbox > User Name > Move Mailbox.

• As soon as mailbox move starts user will be disconnected from his mailbox, including webmail and outlook.

• If user uses Outlook in cached mode and deletes his emails while mailbox is being moved this is not replicated to the server while move operation is in progress, but when mailbox goes back online after move and user restarts the Outlook deleted emails will be removed from server as well.

• After move is completed mailbox will immediately become available again.

• If you dismount mailbox store to which mailbox was moved it will become unavailable again (along with all other mailboxes in this database) and all incoming emails will be queued.

Windows Server 2003
Windows XP
Exchange 2007