Thursday 7 May 2015

Setting up In-Place eDiscovery and an In-Place hold with Exchange 2013

Due to regulatory requirements you might sometimes be faced with the scenerio where someone within or outside of your organization needs to perform a search for specific content within users mailboxes. eDiscovery was designed for exactly this!

In order to setup eDiscovery we must firstly add the relevent user to the "Discovery Management" role group:

Add-RoleGroupMember -Identity "Discovery Management" -Member jbloggs

we can verify this with:

Get-RoleGroupMember -Identity "Discovery Management"

We should proceed by creating a discovery mailbox:

New-Mailbox -Name "Discovery Search Mailbox" -Discovery

and assign the permissions:

Add-MailboxPermission "Discovery Search Mailbox" -User jbloggs -AccessRights FullAccess -InheritanceType all

We can then create an eDiscovery search with the New-MailboxSearch cmdlet:

New-MailboxSearch "Discovery-CaseId001" -StartDate "05/20/2015" -EndDate "05/27/2015" -SourceMailboxes "Joe Bloggs" -TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Games" AND "Downloads"' -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full

Finally we can invoke the search - hence copying the results to the discovery mailbox we created:

Start-MailboxSearch "Discovery-CaseId001"

We also have the ability to create an in-place hold which will allow us to retain any emails that might be deleted, moved etc. by the users - to ensure everything is accessable / searchable. We can create an in-place hold by using the InPlaceHoldEnabled parameter with the New-MailboxSearch cmdlet:

New-MailboxSearch "Hold-CaseId002" -SourceMailboxes "" -InPlaceHoldEnabled $true


Post a Comment