In-Place eDiscovery allows you to search mailbox data across your Exchange organization, preview search results, and copy them to a Discovery mailbox. Users in the Discovery Management role group can be delegated access to perform discovery searches without the need to grant them elevated privileges.
- Exchange Search and Keyword Query Language (KQL)
- Discovery Management Role group
- Discovery Mailboxes
- Discovery Search Actions
- eDiscovery Center
In-Place eDiscovery in Exchange 2013 supports
- Exchange Search and Keyword Query Language (KQL): The content indexing feature of Exchange Search has been redesigned to provide greater integration with Microsoft Search Foundation and Microsoft Sharepoint 2013. By exposing the powerful federated search capabilities included in Sharepoint 2013, users can easily structure complex and efficient search queries. This article explains the Keyword Query Language (KQL) capabilities and syntax of Sharepoint 2013.
- Discovery Management Role group: This group consists of two management roles; the Mailbox Search Role, which allows a user to perform an In-place eDiscovery search; and the Legal Hold Role, which allows a user to place a mailbox in In-place hold or Litigation hold.
- Discovery mailboxes: These are used during In-place eDiscovery Searches as target mailboxes and the results of In-place eDiscovery Searches and be copied to these mailboxes. Discovery mailboxes cannot be repurposed as other types of mailboxes.
- Discovery Search Actions: Users can perform the following actions during a discovery search:
- Estimate search results: Obtain an estimate of the total size and number of items that will be returned by the search based on search criteria. Estimates are displayed in the details pane.
- Preview search results: Preview the results of a search by displaying messages returned from each mailbox searched.
- Copy search results: Copy messages returned in search results to a Discovery mailbox.
- eDiscovery Center: The eDiscovery Center site collection is part of SharePoint 2013 and provides features to help with the first half of the eDiscovery Reference Model (EDRM)—identification, preservation, collection, processing, and analysis; and is available on-premises or in the cloud. Using the eDiscovery Center, you can perform searches across SharePoint, Exchange and Lync content archived into Exchange. Click here for a great article on eDiscovery in Sharepoint.
Common Administrative Tasks
- Add a user to the Discovery Management Role Group: In EAC or PowerShell
Add-RoleGroupMember -Identity “Discovery Management” -Member “Road Chimp”
This can be verified via the command: Get-RoleGroupMember -Identity “Discovery Management”
- Create a Discovery Mailbox via the command:
New-Mailbox SearchResults01 -Discovery -UserPrincipalName SearchResults01@roadchimp.com
- Create an In-place eDiscovery Search: In EAC or PowerShell
New-MailboxSearch “Discovery-CaseID001” -StartDate “01/01/2012” -EndDate “12/01/2012” -SourceMailboxes “DG-Finance” -TargetMailbox SearchResults01 -SearchQuery ‘”Bananas” AND “Peel”‘
- Preview an In-place eDiscovery Search: In EAC or PowerShell
Start-Mailbox Search -EstimateOnly….
- Start/Stop an In-place eDiscovery Search: In EAC or PowerShell
Start-MailboxSearch -Identity “Discovery-CaseID001” to start &
Stop-MailboxSearch -Identity “Discovery-CaseID001” to stop
- Retrieve the status of an In-place eDiscovery Search: In EAC or PowerShell
- Modify an In-place eDiscovery Search: In EAC or PowerShell
Set-MailboxSearch -Identity “Discovery-CaseID001” -SourceMailboxes “DG-Executives”
- Remove an In-place eDiscovery Search: In EAC or PowerShell
Remove-MailboxSearch -Identity “Discovery-CaseID001“
- Re-create the Discovery System Mailbox: Click here for more information.
- Configure Exchange for Sharepoint eDiscovery Center: Click here for steps.
Top PowerShell Commands/Tools
– Stop-Mailbox Search
– Get-Mailbox Search
– Set-Mailbox Search