How to Create and Use a Discovery Search Mailbox in Exchange Server?

Aftab Alam Aftab Alam Updated On - 25 Oct 2019

The In-place eDiscovery search feature of the Exchange Server uses the Discovery Search Mailbox as the target mailbox for copying the search results. Exchange Server creates the Search mailbox by default, but you can also create one as per your requirement. To create a Discovery Search Mailbox, you should have enough permissions.
Although you can use the search mailbox from the Exchange Admin Center, you cannot create a search mailbox from there. You need to use Exchange PowerShell commands to create a Discovery Search Mailbox.

Create a Discovery Search Mailbox

  • Create the discovery mailbox
    To create a Discovery Search Mailbox, run the command in Exchange Management Shell:

    New-Mailbox -Name DiscoverySearchResult -Discovery
  • Assign the permission rights to the discovery mailbox
    Run the command:

    Add-MailboxPermission “Network Distributor” -User “Network Administrator” -AccessRights FullAccess -InheritanceType all
  • Note: Connect with Exchange Online
    If you want to create a Discovery Search mailbox in Exchange Online, you need to connect to Exchange Online first. Use the following steps to connect with Exchange Online
  1. Run the command:
    Set-ExecutionPolicy Unrestricted

    The command will let you run every kind of script even if they are digitally signed or not.

  2. Run the command:
    $livecred = Get-Credential

    The command will input the Exchange Online credential of the Administrator account to a variable.

  3. Run the command:
    $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection

    The command will create a new session for Exchange Online.

  4. Run the command:
    $importresults= Import-PSSession $s

    The command will import the session to the respective variable.

Perform an In-Place eDiscovery Search in Exchange Server

The In-Place eDiscovery searches items from all mailbox(es) and public folder(s) in the Exchange. You can complete the eDiscovery search from the Exchange Admin Center, and here you need to sign in using the user credentials which has an SMTP address in the organization.

  1. After login to the Exchange Admin Center, follow Compliance Management >> In-Place eDiscovery & Hold >> New (+).
  2. On the New In-Place eDiscovery & Hold wizard, go to Name and description section and provide a new name to the search and an optional description. Then click Next.
  3. At the Mailboxes and Public Folder wizard, there are following options which you need to select for your search –
    • Search All mailboxes – If you want to search all the mailboxes, then select this option.
    • Don’t search any mailboxes – Select this option if you do not want to search the mailboxes but Public Folder.
    • Specify mailboxes to search – Select this option if you want to search if some specific mailboxes only.
    • Search all public folders – To perform the search in all public folders, select this option.
  4. At the Search query tab, you need to choose the search criteria for the eDiscovery search.
    • Include All Content – Choose this option to include all the content of the mailbox in the search. When you select this option, then all the selection criteria deactivate automatically.
    • Filter Based on Criteria – When you choose ‘Filter Based on Criteria,’ then there are several filtering options available to you like the insertion of keywords, start date, end date, sender email address, recipient email address, message type.
  5. Next page is In-Place Hold Settings page where you can click the checkbox ‘Place content matching the search query in selected sources on hold’ and select any of the following options:
    • Hold Indefinitely – when you want to save the returned items on indefinite hold, then choose this option. It will keep the items on indefinite hold until you delete the content from the search query or delete the search query itself.
    • Specify the number of days to hold items relative to their received date – When you want to keep the returned items for a specific amount of time only, then you can choose this option.
  6. Click Finish to complete the eDiscovery search procedure you have created. It will return an estimated size and number of the items fetched in the search based on the search criteria you have specified. Click the Refresh button to update the search details.

Conclusion

The in-place eDiscovery search searches and finds the required items and puts them in the Discovery Search Mailbox where you can access the data. But if the data becomes corrupt or gets deleted, then eDiscovery search fails, then you cannot either find or save the data. So, to make sure that your data is safe and useful. Somehow, if its content is inaccessible, take use the free method to convert the EDB file to PST for easy recovery. But if the corruption is severe, take the assistance of Kernel for Exchange Server. It is a powerful Exchange server recovery tool which deeply scans the EDB file and recovers the data with precision. It also has a search feature by which you can select any mailbox and perform the search operation to get the required data.