Doing IT for a business that uses G Suite as their corporate email platform and File storage platform presented a few challenges for archiving users. Biggest of which was email arching and searching. In the past we used Exchange and Microsoft Outlook and when a user left the org we could just export a copy of a users PST file from Exchange and we would have a complete record of emails and folder structure to open at any time on any machine that ran Outlook. Since we started to use Gmail as our corporate email solution we have been using only the Chrome browser as our email client. This presented an issue when trying to decide how to archive a users email for later access.
- Do we leave the user active for 5 years so that we can still access their account and email as it was when they left the org?
- Use Outlook to connect to the users Gmail account over IMAP and download all email to a PST file
- Use Google Takeout .mbox format
All the options above seemed to always have some kind of drawback. The first option would require that we pay $10 a month for this account while it was still there. I’m sure it is worth the cost when you need something but it is expensive in our case $10x12x5 = $600. Using Outlook to archive to a PST would take time and effort and if emails had multiple labels? How would it handle the same email in multiple folders as Outlook does not use labels it uses folders. Plus have you have ever used search on Outlook, well lets put it simply, it sucks horribly!! The .mbox format looses all the users labels and not to mention searching a large mailbox is a pain!
Google is the king of search especially in Gmail so removing the email form there seems silly because now we cannot leverage the search power of Gmail. Not one of our options above seems to be the silver bullet to the problem or even close to something that works for us. All the data is already in Google’s cloud, can’t we just keep it there but push it around?
All the other corporate data was easy to archive to an account we created just for holding Archives. So I thought I would write a little tutorial that explains how we archive a user that leaves our organization which includes arching Gmail with labels preserved.
Preparing for Archiving
First thing is you will need to pay for an extra account. This extra cost of $10 for an unlimited account is worth it considering how much data it will hold! We used email@example.com to make it quite simple to know the purpose of the user but you can use what ever account name that works for you. The purpose of this account is to hold all archive data for all departed users. On the Archive users Google Drive I create a folder called “Departed User” this will hold all the data for departed users. Inside that folder I create a folder for each departed user using the naming format of “YYYY-MM-DD – First Last” Where YYYY-MM-DD is the date the user left the org. The reason I put the date in the folder name is for 2 reasons, 1 so you know how old this archive is. If your org is okay with throwing data out after 5 years you can do this easily if the date is in the folder name. 2 So that users are sorted by oldest departed to newest departed. This is useful to see your oldest archives at the top. You are welcome to use whatever folder structure you like but this is the format I use.
Departed User Prep
Reset their password, really this is the only thing we do in our org, we change their password so they can no longer access their data and then we know the password. This way email will continue to come in or be redirected till we are ready to remove the account.
This is my first stop. I like to take a full snapshot of all the users data the way Google has it. I open an incognito Window and log into the users account at https://accounts.google.com once logged in I head to https://takeout.google.com/settings/takeout and I prepare a Google Take out and I save it to the departed user’s Google Drive. The reason I save it to the departed user’s Google Drive is that it makes it faster after the Take Out is created to move it to our Archive user. This process can be fast or long depending on how much data the user has in their Google services. I leave the window open and check every so often to see if it is done (remember this is another user’s Google Take Out, you wont get the email when it’s complete). Once the user’s Take Out has completed, I log into the departed user’s Google Drive and find the “Takeout” folder. I then share that “Takeout” folder with the Archive user for my org. After sharing it I go to the advance share settings and change the firstname.lastname@example.org user to be the owner of that shared data and then click the x to remove the departed user form permissions. Basically what you have done is moved this folder from the departed user’s Google Drive to the archive user’s Google Drive. The folder that you just took ownership of will be in the root of your archive user’s Google Drive. We need to move that folder to a better place. Log onto the Google Drive for email@example.com and find the “Takeout” folder you just took ownership of. Make sure the user you are archiving has a user folder under ‘Departed Users’ . Move this Takeout folder to the departed user’s folder under Departed Users” Now you have a copy of the departed user’s Takeout data!
Archiving Google Drive Files
This process is just as easy as moving the Takeout folder was above, well use the same trick for taking ownership. Create a folder at the root of the users Google Drive called “Google Drive” Now highlight all the files and folders except the foler you just created and move the selected filed into the “Google Drive” folder. All the users files in their drive should now be inside one folder called “Google Drive”. We need to now move this folder to the Archive user, so change the share permissions on this folder to make firstname.lastname@example.org user the owner and remove the old user from having access. Again what you have effectively done is moved all this users files to the root of the Archive users Google Drive. Log into the Archive users Google drive and move the Google Drive folder to the users folder.
Archiving Gmail with Labels
This is what we all really want, an archive sitting on Gmail so we can use Google search capabilities and still retain all the users labels. This will take a bit of hand holding but it is the best way to get the data that you need kept! Open your admin dashboard and go to “Data Migration” If you have never migrated anything before you shoudl be presented with this screen
On the next page you are going to chose a custom date of how far back you want to go. I set mine to some date in 1971 as that is the date of the first email ever sent so there is now way you will miss anything. I leave the other options to their defaults. Then I click ‘SELECT USERS’
You will be then taken to a new page and asked to log in as the user you are migrating from so that you can get an authorization code to allow G Suite full access to this gmail account for migration reasons. Type in their email address and password and click the Allow button
Take the authorization code you selected and put it in the previous page under the users name. Chose the email account that you want to email migrated to in our case email@example.com and click ‘START’
You will see a progress screen that will show the progress of your migration to the Archie users account. This might take some time!! PLEASE NOTE, you can only migrate one user at a time to the Archive Mailbox. This is a gmail limitation and for sorting reason this is also a good idea so that you can do 1 users at a time for the next steps
Check back on your migration from time to time till you finally see that it is complete. You can check to see if there were any errors but I normally am not concerned of 4 emails out of 50,000 not transferring.
One this migration is complete it is time to do a little house cleaning on the Gmail account for Archive. Log into the Archive users Gmail account. The first thing you should do is create a new label with the departed users name and departure date ie “First Last – YYYY.MM.DD” once this label is created I go to the inbox and select all email. Make sure you use the option at the top to select all email in the inbox. I then label them and create a new Label called Inbox under the departed users label you just created. After this I archive all emails from the Inbox. I then use the search bar to look for emails sent to the departed users email address by using the following term “to:firstname.lastname@example.org” this will show me a page of results, I select the All check box on these message and I am sure to look at the little yellow message above where the emails are displayed and I select the option there to Select ALL emails that match not just this one page, if you don’t do this you could be years doing this page by page. Now all the email are selected I label them with the users label I created earlier. I repeat the process with the search “from:email@example.com” and I label them with the users label. I then look at any labels created by the users and I edit them to move them under the Parent Label we created for the departed user.
What you should be left with is a single label with the departed users name and departure date and all that users labels under that main label.
You have just archived a users Gmail box while preserving labels. Now you can use the search functionality of Gmail to find emails. This is not perfect but it is 95% there.. This allows us to search for emails that we need to as well as having dates on them allows us to delete all emails for this user after your retention period is gone.
Delete the user
We have all the users data archive and we can now delete the user form G Suite.
Added Bonus TIp
When the user leaves our Org we archive the users computer drive also to make sure we have any data the user might have created in their time at work. I create a folder called ‘Computer backup’ in the Google Drive under the departed user’s Folder and I upload all the data from their user folder on their computer to Google Drive. So now we can use the power of Google Drive search to find any files or documents we are looking for!
© Caspan 2017