Exchange 2013 Briefs – In-place eDiscovery

Executive Overview

In-Place eDiscovery allows you to search mailbox data across your Exchange organization, preview search results, and copy them to a Discovery mailbox. Users in the Discovery Management role group can be delegated access to perform discovery searches without the need to grant them elevated privileges.

Notable Features

  • Exchange Search and Keyword Query Language (KQL)
  • Discovery Management Role group
  • Discovery Mailboxes
  • Discovery Search Actions
  • eDiscovery Center

Architecture/Components

In-Place eDiscovery in Exchange 2013 supports

  • Exchange Search and Keyword Query Language (KQL): The content indexing feature of Exchange Search has been redesigned to provide greater integration with Microsoft Search Foundation and Microsoft Sharepoint 2013. By exposing the powerful federated search capabilities included in Sharepoint 2013, users can easily structure complex and efficient search queries. This article explains the Keyword Query Language (KQL) capabilities and syntax of Sharepoint 2013.
  • Discovery Management Role group: This group consists of two management roles; the  Mailbox Search Role, which allows a user to perform an In-place eDiscovery search; and the Legal Hold Role, which allows a user to place a mailbox in In-place hold or Litigation hold.
  • Discovery mailboxes: These are used during In-place eDiscovery Searches as target mailboxes and the results of In-place eDiscovery Searches and be copied to these mailboxes. Discovery mailboxes cannot be repurposed as other types of mailboxes.
  • Discovery Search Actions: Users can perform the following actions during a discovery search:
    • Estimate search results: Obtain an estimate of the total size and number of items that will be returned by the search based on search criteria. Estimates are displayed in the details pane.
    • Preview search results: Preview the results of a search by displaying messages returned from each mailbox searched.
    • Copy search results:  Copy messages returned in search results to a Discovery mailbox.
  • eDiscovery Center: The eDiscovery Center site collection is part of SharePoint 2013 and provides features to help with the first half of the eDiscovery Reference Model (EDRM)—identification, preservation, collection, processing, and analysis; and is available on-premises or in the cloud. Using the eDiscovery Center, you can perform searches across SharePoint, Exchange and Lync content archived into Exchange. Click here for a great article on eDiscovery in Sharepoint.

Common Administrative Tasks

  1. Add a user to the Discovery Management Role Group: In EAC or PowerShell
    Add-RoleGroupMember -Identity “Discovery Management” -Member “Road Chimp”
    This can be verified via the command: Get-RoleGroupMember -Identity “Discovery Management”
  2. Create a Discovery Mailbox via the command:
    New-Mailbox SearchResults01 -Discovery -UserPrincipalName SearchResults01@roadchimp.com
  3. Create an In-place eDiscovery Search: In EAC or PowerShell
    New-MailboxSearch “Discovery-CaseID001” -StartDate “01/01/2012” -EndDate “12/01/2012” -SourceMailboxes “DG-Finance” -TargetMailbox SearchResults01 -SearchQuery ‘”Bananas” AND “Peel”‘ 
  4. Preview an In-place eDiscovery Search: In EAC or PowerShell
    Start-Mailbox Search -EstimateOnly….
  5. Start/Stop an In-place eDiscovery Search: In EAC or PowerShell
    Start-MailboxSearch 
    -Identity “Discovery-CaseID001”  to start &
    Stop-MailboxSearch -Identity “Discovery-CaseID001”  to stop
  6. Retrieve the status of an In-place eDiscovery Search: In EAC or PowerShell
    Get-MailboxSearch “Discovery-CaseID001” 
  7. Modify an In-place eDiscovery Search: In EAC or PowerShell
    Set-MailboxSearch -Identity “Discovery-CaseID001” -SourceMailboxes “DG-Executives”
  8. Remove an In-place eDiscovery Search: In EAC or PowerShell
    Remove-MailboxSearch -Identity “Discovery-CaseID001
  9. Re-create the Discovery System Mailbox: Click here for more information.
  10. Configure Exchange for Sharepoint eDiscovery Center: Click here for steps.

Top PowerShell Commands/Tools

– Add-RoleGroupMember
– New-MailboxSearch
– Start-MailboxSearch
– Stop-Mailbox Search
– Get-Mailbox Search
– Set-Mailbox Search

References/Links
Command Reference for eDiscovery Search
Microsoft Technet page on eDiscovery
Article on Keyword Query Language
Technet blog writeup on eDiscovery Search

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s