I'll show you how to assign rights with PowerShell and then how normal (non-technical) users can easily use the Exchange Control Panel (ECP) to perform multi-mailbox searches.
Microsoft also changed the licensing requirements for multi-mailbox searches so you no longer need an Enterprise CAL :)
What is the Discovery Mailbox?
The Discovery Mailbox is a secure repository for multi-mailbox search results.When you install Exchange, a discovery mailbox called "Discovery Search Mailbox" is created.
The Discovery Mailbox user account in AD is always disabled by default.
The Exchange Admin has to give Full Mailbox permissions to authorized users.
The default quota is 50GB, but can be adjusted if you have a large organization.
Delivery restriction is set so it will not to accept any email delivery.
You can create a new discovery mailbox in PowerShell by running:
New-Mailbox -Name "Discovery Mailbox" -UserPrincipalName "DiscoveryMB@domain.com" -Discovery
**Note** Change the -Name and the -UPN to whatever seems fit for your organization
What is Litigation/Legal Hold?
In Exchange 2010 a new Recoverable Items folder called Dumpster 2.0, enables us to retain deleted or edited items of a user under legal hold.
To set a litigation hold, fire up the EMS and run:
Set-Mailbox user@domain.com -LitigationHoldEnabled $true
**Note** Change "user" to the username of whom you are placing under hold.
**Note**If you use Archive mailboxes the legal hold also applies to those as well.
Setting the Discovery Management RBAC Role
Members of the Discovery Management role group can perform two functions:
They can perform Multi-Mailbox Searches, which are discovery searches across the organization.
And they can put users into a Litigation Hold or Legal Hold, which prevents messages from being deleted...the user under hold can still use their mailbox.
The Discovery Management Role Group doesn't have any members by default, so this requires you to give permission to the authorized user(s).
Fire up the Exchange Management Shell, and run:
Add-RoleGroupMember -Identity "Discovery Management" -Member User
**Note** Change "User" to the username of the user you are granting permissions.
Exchange Control Panel Discovery Search
You can start a search request using the Exchange Management Shell (but that's more technical) so I'm only showing you how to run it from the ECP, which is quite easy for the "standard" user to navigate.
From your browser, open the ECP; it will be your OWA address, with ECP tacked on the end, like www.mail.exchangeitup.com/ECP
Under "Select what to manage" it should be on My Organization.
Click on Reporting, which will take you to Mailbox Searches.
Using Keywords
Users preforming searches can use keywords with operators like AND, OR, and NOT and wildcards.
To search encrypted attachments and message types with an unknown format, use the "Include items that can't be searched" option. To enable this feature, in the EMS, run:
Set-IRMConfiguration -SearchEnabled $True
You can also select message types to narrow your search:
You can select to receive an email notification when the search is finished and you can enable full logging, which stores detailed information about searches in a CSV and is saved in the discovery mailbox results.
If you have a large "search project" you can create multiple search requests simultaneously.
You should now know how to perform a mailbox search, and how to instruct other non-techie users on how to use the ECP for searching as well!
No comments:
Post a Comment