- Top 10 new features in Windows Server 2012 R2 - Mon, Jun 10 2013
- FREE: Unitrends Enterprise Backup Free Edition – Hyper-V and VMware backup - Tue, Nov 6 2012
- FREE: Remote Desktop Manager – A powerful RDP client - Wed, Sep 19 2012
Exchange 2007
Getting results in Exchange 2007 is done using the Get-Mailbox Exchange Management Shell (EMS) cmdlet piped to the Export-Mailbox cmdlet. All messages in the source mailboxes are moved to a destination, searched, and then either filed or removed from target. Dumpster messages are included. There are at least a couple ways the two cmdlets could be used to extract email by keyword.
Export to another mailbox in Exchange 2007
Exporting to another mailbox takes less prep time than exporting directly to a PST file as you don’t need a workstation with a special setup. In another post, I recommended having a separate mailbox database and mailbox to store the results of the search. I feel this allows you as the administrator to take another step to ensure that data related to a case is preserved separately from the production database.
Exporting to that database and mailbox is done using Get-Mailbox piped to Export-Mailbox. Incidentally, Get-Mailbox may not be required if you are only searching a single mailbox.
For this example, let’s modify the search when you need to search a recovered database instead of the live database. Searching the recovery database is done with the Get-MailboxStatistics and Restore-Mailbox cmdlets.
Get-MailboxStatistics -Database "Server\Recovery Storage Group\Mailbox Database" | Restore-Mailbox -Identity TargetMailbox -RSGDatabase "Server\Recovery Storage Group\Mailbox Database" -TargetFolder TargetFolder -AllContentKeywords "Keyword"
Each mailbox will be listed in the target folder in the target mailbox.
Exchange 2007 Recovery Database Search
Export to PST file(s)
Exporting to a PST file has a few requirements. First, you need a workstation with the 32-bit version of EMS installed. You also need to have Outlook installed on the same workstation. On the server side, you’ll want to have at least Update Rollup 4 for Exchange 2007 SP1.
The following EMS cmdlets can be run from the workstation once it is ready.
Get-Mailbox -Database “Ex2007MB\First Storage Group\Mailbox Database” | Export-Mailbox -PSTFolderPath C:\Temp\export.pst -TargetFolder Results -AllContentKeywords “keyword”
Get-Mailbox and Export-Mailbox each have several parameters which could be used.
Exchange 2007 Live Database Export to .pst
Exchange 2010
Exchange 2010 greatly streamlines to process of searching for legal inquiry email and extracting it to media. Now an administrator simply uses the Role Based Access Control (RBAC) tool in the Toolbox in Exchange Management Console (EMC) to give a designee the Discovery permission to mailboxes or databases. The designee can then perform their own searches utilizing tools available through Outlook Web Access (OWA). The designee also has permission to view results in the Discovery Mailbox.
Add Designee to Role and Search
To delegate permissions, open the RBAC User Editor tool. Select Discovery Management and click Details. Add members who should be designees. The Discovery Management administrator role has the Litigation Hold and Mailbox Search roles.
Exchange 2010 Role Based Access Control (RBAC)
To run search, the logged on user should click options, see all options, then click Manage My Organization. Next click Mail Control and then click Discovery. The screen allows the user to create a new search or view details of a previous search. Clicking the open link in the view on the right will open the Discovery Mailbox so that results can be viewed.
Export to PST file(s)
The process to export to PST in Exchange 2010 is much easier. Any user who has been assigned the Discovery role can have the Discovery Search Mailbox added as another account in Outlook. Results can be analyzed and ultimately exported to PST using Outlook.
This concludes the five part eDiscovery in Exchange series.
