In my previous post, I showed how to run an eDiscovery Mailbox Search using the 2013 EAC (Exchange Administrator Center). This will be a quick post on running a search using the Exchange Management Shell (EMS).
For reference, I have an old post that which explains the Discovery Mailbox, Legal/Litigation Hold, and the RBAC requirements needed to perform the search.
Exchange Management Shell Discovery Search
To run an eDiscovery, fire up the EMS:
New-MailboxSearch -Name "Exchange 2013 Test Search" -StartDate "7/25/2015" -EndDate "7/31/2015" -SourceMailboxes "Stacey Branham" -TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Exchange" and "Migration"' -InPlaceHoldEnabled $true -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full
In the above command, these are the options I used in the example:
Name: "Exchange 2013 Test Search" (you can name it whatever you like)
Date Range: 7/25/2015 to 7/31/2015
- If you don't specify a range it will search all
Mailbox to search in: Stacey Branham
-If you don't specify a mailbox, it will search All Organization Mailboxes
-You can also search in Distribution Groups, and multiple groups.
Mailbox to save results in: Discovery Search Mailbox
-This will copy messages to the Discovery Mailbox, under a folder using the same name as the search.
Keywords (search query): "Exchange" "Migration"
-Separate words with operators such as AND OR NOT, and wrap phrases in quotes.
In-place hold is enabled
-Hold can only be enabled when specifying mailboxes, it won't work if all mailboxes are being searched.Message
Types: Emails
-There are a several types of objects, if you don't specify any, it will search all types.
Include dumpster, encrypted items, etc, with full logging enabled.
Just play around with the options until you get the results you want...you'll want to run several searches using different combos of options, because you'll get differing results.
Now you have a quicker way to perform an eDiscovery than using the EAC.
Microsoft Enterprise Messaging tips, tricks, and general help.
No comments:
Post a Comment