<

New-MailboxSearch Powershell command for Searching and extracting Mails from Exchange 2013 Journaling server.

Published on
8,797 Points
5,697 Views
1 Endorsement
Last Modified:
New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
In today's world the Exchange mailing platform has become a business-critical enterprise application, and mails stored on a MS Exchange server can be used in many scenarios. One such scenario you might come across is to search and extract mails from the Exchange Journaling infrastructure for compliance or legal purposes, as e-mails are treated as evidence in today's world.

I have come across this kind of scenario and thought I could share some insight on how this can be achieved.

My current infrastructure has three Exchange 2013 multi-role servers and one Journaling server. We only journal mails that are sent and received externally.

I have received a request to search all mails that had been sent to a particular domain (for example, @Gmail.com) from the Exchange 2013 journaling server and extract them.

To complete the request I followed these steps.

1) Create a new mailbox search request:
new-MailboxSearch -name SearchName -SourceMailboxes Journalingmailboxname -TargetMailbox targetmailboxname -SearchQuery "From:'@Gmail.com'" 

Open in new window


2) Type in this command to make sure that search was created
Get-MailboxSearch SearchName

Open in new window


3) Kick start the search with this command and you should see the mails being extracted into the target mailbox you specified in step 1.
Start-MailboxSearch -Identity 

Open in new window


If you have to modify the search you can use the set-mailboxsearch command with a new query.

This can be used with different parameters in search query:
-SearchQuery "attachment:'.zip'  (All mails with attachment having .zip files)
-SearchQuery "attachment:'.zip' Received:>4/22/2013"  (All mails with attachment having .zip files with time range)

If you have an Exchange 2010 environment you can use the Search-Mailbox  command with a similar search query.

For any future details you can refer to these articles:
https://technet.microsoft.com/en-us/library/dd298064(v=exchg.160).aspx
http://msdn.microsoft.com/en-us/library/aa965711%28v=vs.85%29.aspx

Hope this helps a bit for someone who encounters any request.

Notes
Don’t forget that you need Discovery Management rights in order to perform these commands. Otherwise the commands will fail.
 
1
Comment
Author:Learner
1 Comment
LVL 9

Expert Comment

by:Senior IT System Engineer
using Exchange 2013, what's the difference between Search-Mailbox and New-MailboxSearch ?
0

Featured Post

The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Join & Write a Comment

This video discusses moving either the default database or any database to a new volume.
Check How effective MS Exchange Expert thinks Exchange Mailbox Recovery by SysTools IS. Visit the Official site to get detailed information:- https://www.systoolsgroup.com/exchange-recovery.html (https://www.systoolsgroup.com/exchange-recovery.h…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month