کد:
http://exchangeinbox.com/article.aspx?i=148
With mailboxes full of business critical information, e-discovery is another significant advancement in Exchange 2010. It can be used by administrators on troubleshooting issues, by auditors during compliance audits or by lawyers in legal matters. Exchange 2010 came up with a seamless in-built solution.


In Exchange 2007, we have to use the Export-Mailbox cmdlet or 3rd party tools to search and export content from multiple mailboxes. As discussed in Replacing ExMerge by Import-Mailbox and Export-Mailbox, the Export-Mailbox cmdlet has various pre-requisites that include the need for the Exchange Management Tools, 32-bit OS platform, Outlook, full mailbox access on all mailboxes etc. It scans mailboxes using the MAPI library, something that takes an extensive amount of time. This is even less effective when we working against thousands of mailboxes.
Exchange 2010 provides a simpler, user friendly web-based interface to perform Multi-Mailbox search. You may now delegate the Multi-Mailbox search task to end-users without providing them with elevated rights. This gives you peace of mind that users won't be able to make any configuration changes on the Exchange Server. Multi-Mailbox Search uses the same index catalog created by the Exchange Search engine. Thus it is faster and at the same time less demanding on resources.
All you have to do is to assign the RBAC permission to the user who needs to carry out the Multi-Mailbox search operation.
Discovery Management RBAC Role

Members of the "Discovery Management" role group can perform two operations.

  1. Multi-Mailbox Search - Members can perform discovery searches across the organization.
  2. Legal Hold - Members can put any mailbox in Legal Hold.

The Discovery Management role group has no members by default on installing Exchange 2010, not even Exchange Administrators. So initially no one has permission to use this functionality.
It requires giving permission explicitly to the authorized person by adding the user id to this group using the cmdlet:
Add-RoleGroupMember -Identity "Discovery Management" -Member User
Before discussing further discovery searches, let's point out some important facts.
The Discovery Mailbox

The Discovery Mailbox is a special type of mailbox in Exchange 2010. The results of a multi-mailbox search may contain sensitive information, thus we need to store it at a safe and secure location. The discovery mailbox is the repository for search results and the related content.
The Discovery Mailbox is more secure since:

  1. The user account associated with the Discovery Mailbox is disabled by default.
  2. By default, the Exchange server installation creates a discovery mailbox with display name "Discovery Search Mailbox". Members of the Discovery Management group have full mailbox access to this.
  3. Nobody has mailbox access permission on a newly created Discovery Mailbox. The Administrator has to give Full Mailbox permission explicitly to authorized users.
  4. To store large amounts of search results, 50GB of mailbox storage quota is assigned to Discovery Mailboxes on creation.
  5. Delivery restriction is set on a Discovery Mailbox, so as not to accept any email delivery. In this manner it preserves the integrity of search results.
  6. The Exchange Control Panel, Multi-Mailbox search wizard allows only Discovery Mailboxes to store search results. This is why it only shows a short list of mailboxes on selecting the target mailbox. This prevents human errors, like storing search result in a non-secure or a normal user mailbox.

We can create a discovery mailbox from the Exchange Management Shell using -Discovery parameter of the New-Mailbox cmdlet:
New-Mailbox -Name "Legal Discovery" -UserPrincipalName "LegalDiscovery@domain.com" -Discovery
Legal Hold

With the help of Dumpster 2.0, Exchange 2010 allows us to preserver users' deleted and edited items of any mailbox under legal hold. Normally this deleted/edited content is not visible to end-users or administrators, but Multi-Mailbox searches can look up this information as well.
We can set legal hold on any mailbox using the cmdlet that follows.
Set-Mailbox user@domain.com -LitigationHoldEnabled $true
NOTE: The legal hold also applies on the Archive mailbox if it is enabled for the user mailbox.
Exchange Control Panel Discovery Search

We can create a search request using two different methods in Exchange 2010. The first method is the Exchange Control Panel (ECP).
The web based ECP interface, is the easiest way for non-technical users to execute a Multi-Mailbox Search. From his browser a user can open the ECP and click on the Mailbox Searches tab available under Reporting at the navigation pane.

Users can create new search requests with the help of various options.
Keywords

A user can specify keywords or phrases with logical operators like AND, OR, and NOT and wildcard to search the content. It is advisable to use double quote on searching phrases. User can also use Advance Query Syntax (AQS) to define keywords.
The option "Include items that can't be searched" allows hunting encrypted attachments and message types with an unknown format. For this feature, search must be enabled on Information Rights Management protected content. This is done using the cmdlet:
Set-IRMConfiguration -SearchEnabled $True
Users may also select message types to narrow down the result.

Messages To and From Specific E-mail Addresses
Select specific senders or recipients from the Global Address List.
Date Range
Define date range to search the needed content.
Mailboxes to Search
Select the mailbox(s) whose content is to be searched.
Search Name and Storage Location
Specify an identifying name to the search and the location to store the search result to. The Wizard here only shows discovery mailboxes for result storage.
Users may also select an option to receive an email notification when the search task is completed and an option to enable full logging. Full logging stores detailed information about search results in a CSV file and is saved to the target discovery mailbox search result folder.

Users can create multiple search requests simultaneously.
Results of the Multi-Mailbox search will be stored to the target Discovery mailbox with the search name as a sub-folder to the Inbox.

Exchange Management Shell Discovery Search

An administrator or technical user can also perform Multi-Mailbox search through EMS cmdlet New-MailboxSearch.
Below is an example to search "Weekend" and "Outage" words in email type content of a mailbox "Amit Tank", for the date range starting from 1/1/2009 to 12/31/2009 and includes unsearchable items.
New-MailboxSearch -Name "WeekendOutage-Search" -StartDate "1/1/2009" -EndDate "12/31/2009" -SourceMailboxes "Amit Tank" -TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Weekend" and "Outage"' -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full

Conclusion

In Exchange 2010, the combination of Archive Mailbox and Multi-Mailbox search eliminates the need for expensive third party tools to satisfy compliance requirements. This allows small and medium organizations to move towards the creation of compliance policies. Once again Exchange is providing a clear cost cutting opportunity.
References

Understanding Multi-Mailbox Search
Multi-Mailbox Search for Outlook Live





موضوعات مشابه: