3 Discovery
Exchange Server 2010
Discovery is the process of searching relevant content in Exchange
Server Mailboxes. Reasons for using the Exchange Server 2010 Discovery
can be:
Legal Discovery
Internal Investigations
Human Resources.
Exchange Server 2010
Discovery leverages the content indexes that are created as part of the
Exchange Search engine. No doubt, as you use Exchange Server 2010,
you'll find plenty more reasons to use this powerful search technology.
To create and manage a discovery
search, a user needs to be a member of the Discovery Management Role
Group, which is one of the RBAC roles. This is an explicit right, and
Exchange administrators do not have sufficient rights to create and
manage discovery searches.
NOTE
Exchange
Server 2010 Discovery is a very powerful feature. Users who are members
of the Discovery Management Role Group can search through all content
in all mailboxes throughout the entire Exchange organization.
To add a user named "Joe Lawyer"
to the Discovery Management Role Group, open an Exchange Management
Shell command window and enter the following command:
Now this user can create
queries to find relevant information if there are suspicions against
another employee. To create a discovery search in the Exchange
Management Shell enter the following command:
NOTE
The New-MailboxSearch cmdlet is only available on the Exchange Server 2010 Mailbox Server role.
If the –SourceMailbox option
is omitted, all Mailbox Databases in the entire Exchange organization
will be searched. This can create an enormous result set, producing an
unexpected growth of the target mailbox.
[Edited for readability]
The progress of the Discovery Search can be monitored using the Get-MailboxSearch cmdlet.
When the search is
complete you can log on to the target mailbox, in this example,
J.Lawyer's mailbox. The results will be shown in a new folder in the
Mailbox:
When the Mailbox Search is removed using the Remove-MailboxSearch
cmdlet the folders in the target mailbox will be deleted as well. It's
worth bearing in mind, if you're not comfortable using PowerShell, that
the ECP can also be used to generate a search.
4 Litigation hold
In Exchange Server 2010 it
is possible to configure a mailbox in "litigation hold." By placing a
mailbox in litigation hold you can monitor the mailbox for deleted
items, and all changes (i.e. deletions) will be recorded. Deleted and
changed items will be returned in a Discovery Search. Litigation hold
works for both the Active Mailbox as well as the Mailbox Archive.
To place a mailbox in litigation hold, enter the following Exchange Management Shell command:
