<

[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x

New-MailboxSearch Powershell command for Searching and extracting Mails from Exchange 2013 Journaling server.

Published on
6,384 Points
3,284 Views
1 Endorsement
Last Modified:
New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
In today's world the Exchange mailing platform has become a business-critical enterprise application, and mails stored on a MS Exchange server can be used in many scenarios. One such scenario you might come across is to search and extract mails from the Exchange Journaling infrastructure for compliance or legal purposes, as e-mails are treated as evidence in today's world.

I have come across this kind of scenario and thought I could share some insight on how this can be achieved.

My current infrastructure has three Exchange 2013 multi-role servers and one Journaling server. We only journal mails that are sent and received externally.

I have received a request to search all mails that had been sent to a particular domain (for example, @Gmail.com) from the Exchange 2013 journaling server and extract them.

To complete the request I followed these steps.

1) Create a new mailbox search request:
new-MailboxSearch -name SearchName -SourceMailboxes Journalingmailboxname -TargetMailbox targetmailboxname -SearchQuery "From:'@Gmail.com'" 

Open in new window


2) Type in this command to make sure that search was created
Get-MailboxSearch SearchName

Open in new window


3) Kick start the search with this command and you should see the mails being extracted into the target mailbox you specified in step 1.
Start-MailboxSearch -Identity 

Open in new window


If you have to modify the search you can use the set-mailboxsearch command with a new query.

This can be used with different parameters in search query:
-SearchQuery "attachment:'.zip'  (All mails with attachment having .zip files)
-SearchQuery "attachment:'.zip' Received:>4/22/2013"  (All mails with attachment having .zip files with time range)

If you have an Exchange 2010 environment you can use the Search-Mailbox  command with a similar search query.

For any future details you can refer to these articles:
https://technet.microsoft.com/en-us/library/dd298064(v=exchg.160).aspx
http://msdn.microsoft.com/en-us/library/aa965711%28v=vs.85%29.aspx

Hope this helps a bit for someone who encounters any request.

Notes
Don’t forget that you need Discovery Management rights in order to perform these commands. Otherwise the commands will fail.
 
1
Comment
Author:Deepak C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month