Discovery Search Mailbox In Exchange 2013, 2010, 2007
Exchange administrators carry out cross-mailbox search in Exchange Server and Exchange Online in various scenarios, legal discovery being the scenario of utmost importance. This cross-mailbox search can be efficiently done by Discovery mailbox that helps the users to search for relevant content in the Exchange mailboxes.To be precise, discovery mailboxes are deployed as target mailboxes by In-Place eDiscovery feature in Exchange server to store the discovery results.
The In-Place eDiscovery feature in Exchange Server 2013 and Exchange Online serves as a resource for performing legal discoveries related to lawsuits, organization policies, etc.It allows the user with correct permissions to access the messaging record of all the mailboxes of Exchange Server and Exchange Online.When used with SharePoint, In-place eDiscovery enables to search and save the entire data related to a particular case.The data that can be stored is SharePoint Online websites, file shares indexed by SharePoint 2013, documents, shared mailboxes in Exchange and content of archived Lync 2013. In-Place eDiscovery in Exchange Hybrid environment is targeted to search for mailboxes, both on-premises and cloud-based.
Characteristics Of Discovery Mailbox
A discovery mailbox provides below mentioned functionality:
- Security
Discovery mailbox serves as a secure and easy target location to store In-Place e Discovery search results.Discover mailboxes eliminates the futile search for mailboxes to store the search results as a discovery mailbox is solely made available to store the results when Exchange Admin Center is used to copy the search results. This abolishes the chances of storing the results in a less secured or other user’s mailbox accidentally by an Exchange administrator.
- Large Storage Capacity
The storage capacity of the target mailbox should be large enough to store the entire data returned by the search process. A discovery mailbox fulfills this requirement with the default storage capacity of 50 GB.But it is to be noted that this storage capacity cannot be increased.
- Secured Active Directory
Like any other mailbox, a discovery mailbox also has an active directory user account. But by default this user account is disabled and only authorized users are allowed to access it. The Discovery management role group members are given Full Access Permissions to access default discovery mailbox.
- Disabled Email Delivery
Although emails are visible in Exchange Address list but they cannot be sent to discovery mailbox. Delivery restrictions prohibit the delivery of emails to discovery mailbox. This contributes to the maintenance of integrity of the searched data stored in the mailbox.
Methodology To Create Discovery Mailbox In Exchange Server 2013
In Exchange Server 2013 and Exchange Online, discovery mailboxes are created by default with the name Discovery search Mailbox. The users can also create additional discover mailboxes as per their need with the help of Shell. After a new discovery mailbox is created full permissions are granted to the appropriate users so as to enable them to access the results of eDiscovery stored in the discovery mailboxes.
Since a discovery mailbox accommodates sensitive information, therefore great caution should be taken so as to assign full rights to authenticate users only.
To create a new Discovery mailbox with the nameSearchMailbox in Exchange Server 2013 and Exchange Online, enter following command-
New-Mailbox-Name SearchMailbox -Discovery
RecipientTypeDetails
To see the list of all he discovery mailboxes, run the following command
Get-Mailbox -Resultsize Unlimited -Filter { -eq ”DiscoveryMailbox”
Assigning Permissions To A Discovery Mailbox:
By default Discovery management role group have full access rights on the discovery mailbox created by default. For additional mailboxes created full access rights have to be assigned separately. For example rights of discovery mailbox named Search Mailbox can be provided to Litigation Group running following commands:
Add-MailboxPermission < SearchMailbox > -User <Litigation Group> -AccessRights FullAccess -InheritanceType all
Methodology To Create Discovery Mailbox In Exchange Server 2010
Similar to Exchange server 2013, discovery mailbox in Exchange server 2010 is also created by default. Additional discovery mailboxes can be created as per the users need. A discovery mailbox cannot be converted into any other kind of mailbox but can be deleted in a similar manner as other mailboxes are deleted. In Exchange 2010 also, the storage capacity of discovery mailbox is 50 GB, which cannot be exceeded.
A discovery mailbox, for an instance with a nameSearchMailbox, can be created by using the Shell commands. New-Mailbox cmdlet command with Discovery switch is run for creating the mailbox.
New-Mailbox SearchMailbox -Discovery -UserPrincipalName SearchMailbox
To see the list of all the discovery mailboxes, run the following command
Get-Mailbox -Resultsize Unlimited -Filter {RecipientTypeDetails -eq ”DiscoveryMailbox”
How To Search Within Mailboxes In Exchange 2007?
In Exchange, search within the mailboxes can be carried out with Export-Mailbox from Exchange Management Shell. Run the following command in the Shell:
PS> get-mailbox –Database 1 – Export-Mailbox –SubjectKeywords “Discovery Keywords” –TargetMailbox Administrator –TargetFolder ‘MyData’
This command will search all the messages in the Database 1 mailbox, for messages containing ‘Discovery’ and ‘Keywords’ words in the subject. Also all the messages will be fetched and saved into a folder named My Data in the mailbox of Administrator. Individual folders will be created in MyData displaying all the user mailboxes that consisted messages with words Discovery and Keywords.
Corruption Issues In Discovery Search Mailbox
Similar to other mailboxes in Exchange server, discovery mailboxes are also very much prone to corruption. The various corruption issues can arise due to deletion, modifications or damage to these mailboxes. Once damaged discovery mailbox fail to open and display following errors:
- This error arises when the discovery search mailbox is accidentally deleted by the Exchange Administrator.
- When a multi-mailbox search is performed using Discovery mailbox, users can encounter following error:
This error occurs when the discovery mailbox is in an inconsistent state because no value is set for Home MDB attribute.
eDiscovery Of Mailboxes Via External Exchange discovery tool
In-Place eDiscovery in Exchange Server for email forensic purpose can be righteously carried out using Discovery mailboxes. But the discovery mailboxes as seen in the previous section are prone to inaccessibility owing to factors like; accidental deletion or modification. A better and a more efficient way to instigate
email forensics of Exchange server mailboxes
is with the aid of an external application. One such Exchange discovery tool that is renowned for email forensics is MailXaminer. It deeply scans all your messages for selective keywords in a quick and efficient manner. It is a reliable tool that ensures maintenance of data integrity as it imposes no chances of Exchange server mailbox deletion.
Solution For Corrupted Exchange Server Mailbox
Corruption issues in Exchange Server mailboxes like; Discovery mailbox are inevitable. But these mailboxes can be recovered easily with third party applications.One such tool is
It supports recovery of dismounted mailboxes and deleted data of Exchange server mailboxes.Unlike manual methods, it ensures complete recovery of mailboxes in minimal duration and also without compromising with the data integrity.
Conclusion
As discussed in the previous sections of the article discovery mailboxes hold great importance when the eDiscovery of Exchange mailboxes is concerned. Their corruption or deletion lead to huge data loss and put the investigation process at stake. Thus it is wiser to deploy third party tools for discovery process.
Also Read