New-MailboxSearch Powershell command for Searching and extracting Mails from Exchange 2013 Journaling server.

LearnerMicrosoft Exchange Server Administrator.
CERTIFIED EXPERT
Published:
New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
In today's world the Exchange mailing platform has become a business-critical enterprise application, and mails stored on a MS Exchange server can be used in many scenarios. One such scenario you might come across is to search and extract mails from the Exchange Journaling infrastructure for compliance or legal purposes, as e-mails are treated as evidence in today's world.

I have come across this kind of scenario and thought I could share some insight on how this can be achieved.

My current infrastructure has three Exchange 2013 multi-role servers and one Journaling server. We only journal mails that are sent and received externally.

I have received a request to search all mails that had been sent to a particular domain (for example, @Gmail.com) from the Exchange 2013 journaling server and extract them.

To complete the request I followed these steps.

1) Create a new mailbox search request:
new-MailboxSearch -name SearchName -SourceMailboxes Journalingmailboxname -TargetMailbox targetmailboxname -SearchQuery "From:'@Gmail.com'" 

Open in new window


2) Type in this command to make sure that search was created
Get-MailboxSearch SearchName

Open in new window


3) Kick start the search with this command and you should see the mails being extracted into the target mailbox you specified in step 1.
Start-MailboxSearch -Identity 

Open in new window


If you have to modify the search you can use the set-mailboxsearch command with a new query.

This can be used with different parameters in search query:
-SearchQuery "attachment:'.zip'  (All mails with attachment having .zip files)
-SearchQuery "attachment:'.zip' Received:>4/22/2013"  (All mails with attachment having .zip files with time range)

If you have an Exchange 2010 environment you can use the Search-Mailbox  command with a similar search query.

For any future details you can refer to these articles:
https://technet.microsoft.com/en-us/library/dd298064(v=exchg.160).aspx
http://msdn.microsoft.com/en-us/library/aa965711%28v=vs.85%29.aspx

Hope this helps a bit for someone who encounters any request.

Notes
Don’t forget that you need Discovery Management rights in order to perform these commands. Otherwise the commands will fail.
 
1
13,780 Views
LearnerMicrosoft Exchange Server Administrator.
CERTIFIED EXPERT

Comments (1)

Albert WidjajaIT Professional
CERTIFIED EXPERT

Commented:
using Exchange 2013, what's the difference between Search-Mailbox and New-MailboxSearch ?

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.