Discovery Search Mailbox in an Exchange Server and how to use it?

Read time 4 minutes

Summary: The discovery mailbox is a container for storing mailbox-to-mailbox eDiscovery search results. You’ll need to be one of the Members of the eDiscovery Management role group to access the sensitive data stored in these target mailboxes. In this article, we’ll go through the process of creating and using a Discovery search mailbox in Exchange Server. It also mentions Kernel for Exchange Server, an efficient tool that helps to keep your data safe during the process.

Business often needs to run searches to fulfil some legal compliance, policies, and lawsuits. The In-Place eDiscovery search helps in performing this cross-mailbox search to help users get what they’re looking for in the Exchange mailboxes. The eDiscovery search is so effective that it can run in hybrid environment also. The admin can run it to look for data in both on-premises and online setups.

Users can create additional discovery mailboxes to perform eDiscovery Exchange Online as per the requirement using the Exchange Management Shell. Let’s learn how to create Exchange eDiscovery Office 365, but first let’s understand what an Exchange discovery mailbox is.

Features of a Discovery mailbox in Exchange

An Exchange discovery mailbox or discovery search mailbox is a mailbox that stores the eDiscovery search results performed across an organization’s Exchange Server mailboxes and public folders. It allows Exchange administrators to search through the mailboxes such that they can fetch the required information. Let’s see some of the features that make discovery mailbox different from others:

How to create an Exchange Discovery Search Mailbox?

Here is a step-by-step process that you can follow to create an eDiscovery Exchange Online Search mailbox:

Step 1. Create the discovery mailbox

To create a Discovery Search Mailbox, run the command in Exchange Management Shell:

New-Mailbox -Name DiscoverySearchResult -Discovery

Step 2. Assign the permission rights to the discovery mailbox

Run the command to assign permissions to a mailbox for accessing the discovery mailbox search results:

Add-MailboxPermission “Network Distributor” -User “Network Administrator” -AccessRights FullAccess -InheritanceType all

Step 3. Connect with Exchange Online

If you want to create a Discovery Search mailbox in Exchange Online, you need to connect to Exchange Online first. Use the following steps to connect with Exchange Online

Perform an In-place eDiscovery search in Exchange Server

The In-Place eDiscovery Office 365 searches items from all mailboxes and public folders in the Exchange. You can complete the eDiscovery search from the Exchange Admin Center, and here, you need to sign in using the user credentials which has an SMTP address in the organization. It is also important to note that search results of Exchange eDiscovery are not automatically replicated to the Exchange Discovery mailbox. Rather, after creating a search, use the Exchange admin center to see or copy the search results to the mailbox. EAC also allows saving the search results with export to PST file option. Make sure you’re signing in using an SMTP user account to perform this search.

Step 1. After login to the Exchange Admin Center, follow Compliance Management >> In-Place eDiscovery & Hold >> New (+).

Step 2. On the New In-Place eDiscovery & Hold wizard, go to Name and description section and provide a new name to the search and an optional description. Then click Next.

Step 3. At the Mailboxes and Public Folder wizard, there are following options that you need to select for your search:

Step 4. At the Search query tab, you need to choose the search criteria for the eDiscovery search.

Step 5. Next page is the In-Place Hold Settings page, where you can click the checkbox ‘Place content matching the search query in selected sources on hold’ and select any of the following options:

Step 6. Click Finish to complete the eDiscovery Exchange 2016 search procedure you have created. It will return an estimated size and number of the items fetched in the search based on the search criteria you have specified. Click the Refresh button to update the search details.

Conclusion

The in-place eDiscovery search performs a search and finds the required items and puts them in the Exchange Discovery Search Mailbox, where you can access the data. But if the data becomes corrupt or gets deleted, then eDiscovery search fails, then you cannot either find or save the data. So, to make sure that your data is safe and useful take assistance of Kernel for Exchange Server. It is a robust Exchange server recovery tool that deeply scans the EDB file and recovers the data with precision. It also has a search feature by which you can select any mailbox and perform the search operation to get the required data.