Due to regulatory requirements you might sometimes be faced with the scenerio where someone within or outside of your organization needs to perform a search for specific content within users mailboxes. eDiscovery was designed for exactly this!
In order to setup eDiscovery we must firstly add the relevent user to the "Discovery Management" role group:
Add-RoleGroupMember -Identity "Discovery Management" -Member jbloggs
we can verify this with:
Get-RoleGroupMember -Identity "Discovery Management"
We should proceed by creating a discovery mailbox:
New-Mailbox -Name "Discovery Search Mailbox" -Discovery
and assign the permissions:
Add-MailboxPermission "Discovery Search Mailbox" -User jbloggs -AccessRights FullAccess -InheritanceType all
We can then create an eDiscovery search with the New-MailboxSearch cmdlet:
New-MailboxSearch "Discovery-CaseId001" -StartDate "05/20/2015" -EndDate "05/27/2015" -SourceMailboxes "Joe Bloggs" -TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Games" AND "Downloads"' -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full
Finally we can invoke the search - hence copying the results to the discovery mailbox we created:
Start-MailboxSearch "Discovery-CaseId001"
We also have the ability to create an in-place hold which will allow us to retain any emails that might be deleted, moved etc. by the users - to ensure everything is accessable / searchable. We can create an in-place hold by using the InPlaceHoldEnabled parameter with the New-MailboxSearch cmdlet:
New-MailboxSearch "Hold-CaseId002" -SourceMailboxes "[email protected]" -InPlaceHoldEnabled $true
No comments:
Post a Comment