Discovery Search Mailbox in an Exchange Server and how to use it?

Read time 4 minutes

Business often needs to run searches to fulfil some legal compliance, policies, and lawsuits. The In-Place eDiscovery search helps in performing this cross-mailbox search to help users get what they’re looking for in the Exchange mailboxes. The eDiscovery search is so effective that it can run in hybrid environment also. The admin can run it to look for data in both on-premises and online setups.

Users can create additional discovery mailboxes to perform eDiscovery Exchange Online as per the requirement using the Exchange Management Shell. Let’s learn how to create Exchange eDiscovery Office 365, but first let’s understand what an Exchange discovery mailbox is.

Features of a Discovery mailbox in Exchange

An Exchange discovery mailbox or discovery search mailbox is a mailbox that stores the eDiscovery search results performed across an organization’s Exchange Server mailboxes and public folders. It allows Exchange administrators to search through the mailboxes such that they can fetch the required information. Let’s see some of the features that make discovery mailbox different from others:

• Whenever a search is performed across the Exchange mailboxes, the target mailbox should be large enough to accommodate the search results generated. A discovery mailbox has a fixed storage of 50 GB which can easily store the results.
• A discovery mailbox also has an active directory user, just like other mailboxes, which is disabled by default. Only the users with authorized access can get into it. The authorized users are the Discovery Management role group members assigned with the Full Access Permissions of the discovery mailbox.
• A discovery mailbox cannot be converted into other general mailboxes. It’s not possible to send emails to an Exchange eDiscovery mailbox due to the delivery restrictions. This feature helps in keeping the integrity of the search data stored in them.
• The Exchange discovery search mailbox safely stores the search results. A discovery search mailbox is simultaneously accessible for saving the search results while you copy them from the Exchange admin center, helping you avoid wasting unnecessary time.

How to create an Exchange Discovery Search Mailbox?

Here is a step-by-step process that you can follow to create an eDiscovery Exchange Online Search mailbox:

Step 1. Create the discovery mailbox

To create a Discovery Search Mailbox, run the command in Exchange Management Shell:

New-Mailbox -Name DiscoverySearchResult -Discovery

Step 2. Assign the permission rights to the discovery mailbox

Run the command to assign permissions to a mailbox for accessing the discovery mailbox search results:

Add-MailboxPermission “Network Distributor” -User “Network Administrator” -AccessRights FullAccess -InheritanceType all

Step 3. Connect with Exchange Online

If you want to create a Discovery Search mailbox in Exchange Online, you need to connect to Exchange Online first. Use the following steps to connect with Exchange Online

• Run the command:

  Set-ExecutionPolicy Unrestricted

  The command will let you run every kind of script, even if they are digitally signed or not.

• Run the command:

  $livecred = Get-Credential

  The command will input the Exchange Online credential of the Administrator account to a variable.

• Run the command:

  $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection

  The command will create a new session for Exchange Online.

• Run the command:

  $importresults= Import-PSSession $s

  The command will import the session to the respective variable.

Perform an In-place eDiscovery search in Exchange Server

The In-Place eDiscovery Office 365 searches items from all mailboxes and public folders in the Exchange. You can complete the eDiscovery search from the Exchange Admin Center, and here, you need to sign in using the user credentials which has an SMTP address in the organization. It is also important to note that search results of Exchange eDiscovery are not automatically replicated to the Exchange Discovery mailbox. Rather, after creating a search, use the Exchange admin center to see or copy the search results to the mailbox. EAC also allows saving the search results with export to PST file option. Make sure you’re signing in using an SMTP user account to perform this search.

Step 1. After login to the Exchange Admin Center, follow Compliance Management >> In-Place eDiscovery & Hold >> New (+).

Step 2. On the New In-Place eDiscovery & Hold wizard, go to Name and description section and provide a new name to the search and an optional description. Then click Next.

Step 3. At the Mailboxes and Public Folder wizard, there are following options that you need to select for your search:

• Search All mailboxes: If you want to search all the mailboxes, then select this option.
• Don’t search any mailboxes: Select this option if you do not want to search the mailboxes but Public Folder.
• Specify mailboxes to search: Select this option if you want to search if some specific mailboxes only.
• Search all public folders: To perform the search in all public folders, select this option.

Step 4. At the Search query tab, you need to choose the search criteria for the eDiscovery search.

• Include All Content: Choose this option to include all the content of the mailbox in the search. When you select this option, then all the selection criteria deactivate automatically.
• Filter Based on Criteria: When you choose ‘Filter Based on Criteria,’ then there are several filtering options available to you, like the insertion of keywords, start date, end date, sender email address, recipient email address, and message type.

Step 5. Next page is the In-Place Hold Settings page, where you can click the checkbox ‘Place content matching the search query in selected sources on hold’ and select any of the following options:

• Hold Indefinitely: when you want to save the returned items on indefinite hold, then choose this option. It will keep the items on indefinite hold until you delete the content from the search query or delete the search query itself.
• Specify the number of days to hold items relative to their received date: When you want to keep the returned items for a specific amount of time only, then you can choose this option.

Step 6. Click Finish to complete the eDiscovery Exchange 2016 search procedure you have created. It will return an estimated size and number of the items fetched in the search based on the search criteria you have specified. Click the Refresh button to update the search details.

Conclusion

The in-place eDiscovery search performs a search and finds the required items and puts them in the Exchange Discovery Search Mailbox, where you can access the data. But if the data becomes corrupt or gets deleted, then eDiscovery search fails, then you cannot either find or save the data. So, to make sure that your data is safe and useful take assistance of Kernel for Exchange Server. It is a robust Exchange server recovery tool that deeply scans the EDB file and recovers the data with precision. It also has a search feature by which you can select any mailbox and perform the search operation to get the required data.