Managing Exchange Server 2010 : Archiving and compliancy (part 3) - Discovery, Litigation hold

1/4/2013 11:38:53 AM

3 Discovery

Exchange Server 2010 Discovery is the process of searching relevant content in Exchange Server Mailboxes. Reasons for using the Exchange Server 2010 Discovery can be:

Legal Discovery
Internal Investigations
Human Resources.

Exchange Server 2010 Discovery leverages the content indexes that are created as part of the Exchange Search engine. No doubt, as you use Exchange Server 2010, you'll find plenty more reasons to use this powerful search technology.

To create and manage a discovery search, a user needs to be a member of the Discovery Management Role Group, which is one of the RBAC roles. This is an explicit right, and Exchange administrators do not have sufficient rights to create and manage discovery searches.

NOTE

Exchange Server 2010 Discovery is a very powerful feature. Users who are members of the Discovery Management Role Group can search through all content in all mailboxes throughout the entire Exchange organization.

To add a user named "Joe Lawyer" to the Discovery Management Role Group, open an Exchange Management Shell command window and enter the following command:

Now this user can create queries to find relevant information if there are suspicions against another employee. To create a discovery search in the Exchange Management Shell enter the following command:

NOTE

The New-MailboxSearch cmdlet is only available on the Exchange Server 2010 Mailbox Server role.

If the –SourceMailbox option is omitted, all Mailbox Databases in the entire Exchange organization will be searched. This can create an enormous result set, producing an unexpected growth of the target mailbox.

[Edited for readability]

The progress of the Discovery Search can be monitored using the Get-MailboxSearch cmdlet.

When the search is complete you can log on to the target mailbox, in this example, J.Lawyer's mailbox. The results will be shown in a new folder in the Mailbox:

Figure 3. The results of a Mailbox Search.

When the Mailbox Search is removed using the Remove-MailboxSearch cmdlet the folders in the target mailbox will be deleted as well. It's worth bearing in mind, if you're not comfortable using PowerShell, that the ECP can also be used to generate a search.

4 Litigation hold

In Exchange Server 2010 it is possible to configure a mailbox in "litigation hold." By placing a mailbox in litigation hold you can monitor the mailbox for deleted items, and all changes (i.e. deletions) will be recorded. Deleted and changed items will be returned in a Discovery Search. Litigation hold works for both the Active Mailbox as well as the Mailbox Archive.

To place a mailbox in litigation hold, enter the following Exchange Management Shell command:

Others

- Managing Exchange Server 2010 : Archiving and compliancy (part 2) - Messaging Records Management

- Managing Exchange Server 2010 : Archiving and compliancy (part 1) - Exchange 2010 Archiving

- Managing Exchange Server 2010 : Role Based Access Control (RBAC)

- Active Directory Domain Services 2008 : Proactive Directory Performance Management (part 2) - Working with Windows System Resource Manager

- Active Directory Domain Services 2008 : Proactive Directory Performance Management (part 1) - Managing System Resources

- Microsoft Dynamic AX 2009 : Enterprise Portal - Enterprise Portal Development Tools, Developing Data Sets

- Microsoft Dynamic AX 2009 : Enterprise Portal - Inside Enterprise Portal, Page Processing

- Microsoft Lync Server 2010 : Monitoring SQL 2008 R2

- Microsoft Lync Server 2010 : Managing and Maintaining SQL 2008 R2

- Microsoft Dynamic CRM 2011 : Modifying a Report