Email discovery with Exchange 2010

In march 2012 i posted an article about Copying incoming/outgoing emails on Exchange 2007/2010 to another mailbox. This article is a sort of follow up on the original article. Both articles bear the common theme of email discovery.

In the original article this was achieved by copying all/selected incoming and outgoing emails to a selected mailbox. This mailbox than could be accessed by a user which could carry out a “manual discovery”.

As Exchange 2010 comes with many new and improved features, email discovery is one of these. This feature allow the user (administrator) to do our research across all user’s mailboxes on chosen terms.

To start you need to give the selected user discovery permissions. In most cases the default DiscoverySearchMailbox will be used.

Open Exchange Management Console (EMC), navigate to Recipient Configuration -> Mailbox. Select the DiscoverySearchMailbox and on the right in the Action pane select Manage Full Access Permission.

Follow the wizard  to add the selected user to have full mailbox permission  on the DiscoverySearchMailbox.

Next the user needs to be added to the Discovery Management role. Open Powershell for exchange and use the following cmdlet to add the selected user to the role:

> Add-RoleGroupMember -Identity "Discovery Management" -Member SelectedUser

Once the above initial changes are done, we are ready to start the actual discovery. To initiate a mail discovery you need to log in to Exchange Control Panel (ECP) – open Internet Explorer and navigate to the website: https://exchange-server/ecp

Log in as the user that you provided with permissions on the DiscoverySearchMailbox. When logged in, on the left side menu navigate to Mail Control and click the Discovery tab.

To create a new search click the New.. link which will display the settings for the new search. This screen is divided in to 5 sections. The first section is for the keywords that you need to find

In this section you can also find a link to specify what type of messages are to be searched

You can either select the message types of your choice, e.g. e-mail, documents, etc. Otherwise you can choose the option to search for all message types.

The following sections are for selecting the sender/recipient email addresses and the date range of the messages

The second last section is for which mailboxes to search

Again you have the choice of either searching in all mailboxes on the server or select only a few of them.

Last but not least, you will need to type in the name of your new search

In this last section you can also choose what do you want to do with the results – you could just run the search to estimate the results. Alternatively – or in most case probably primarily – you can choose to copy the search results to the destination mailbox. You can browse to the list of the mailboxes and select the destination mailbox – in our scenario this will be the DefaultSearchMailbox. You also have the option to receive an email when the search is finished. This might come handy when the list of mailboxes and the items in them is large.

Once you are happy with all the settings, click Save to close the new search screen. You will be back to the main ECP screen and you will see the your new search on the list

On the right hand side you will see the status of the search and the results when the search has finished. At this point you should also receive the email with the summary of the search


I hope this article will provide you some useful information on where to start with email discovery on Exchange 2010. As usual any comments are more than welcome.


In category: Microsoft Exchange
Tagged with: ,