<

New-MailboxSearch Powershell command for Searching and extracting Mails from Exchange 2013 Journaling server.

Published on
7,012 Points
3,912 Views
1 Endorsement
Last Modified:
New-MailboxSearch Powershell Command and step by step approach to Search and Extract Emails form Exchange 2013 Journaling server.
In today's world the Exchange mailing platform has become a business-critical enterprise application, and mails stored on a MS Exchange server can be used in many scenarios. One such scenario you might come across is to search and extract mails from the Exchange Journaling infrastructure for compliance or legal purposes, as e-mails are treated as evidence in today's world.

I have come across this kind of scenario and thought I could share some insight on how this can be achieved.

My current infrastructure has three Exchange 2013 multi-role servers and one Journaling server. We only journal mails that are sent and received externally.

I have received a request to search all mails that had been sent to a particular domain (for example, @Gmail.com) from the Exchange 2013 journaling server and extract them.

To complete the request I followed these steps.

1) Create a new mailbox search request:
new-MailboxSearch -name SearchName -SourceMailboxes Journalingmailboxname -TargetMailbox targetmailboxname -SearchQuery "From:'@Gmail.com'" 

Open in new window


2) Type in this command to make sure that search was created
Get-MailboxSearch SearchName

Open in new window


3) Kick start the search with this command and you should see the mails being extracted into the target mailbox you specified in step 1.
Start-MailboxSearch -Identity 

Open in new window


If you have to modify the search you can use the set-mailboxsearch command with a new query.

This can be used with different parameters in search query:
-SearchQuery "attachment:'.zip'  (All mails with attachment having .zip files)
-SearchQuery "attachment:'.zip' Received:>4/22/2013"  (All mails with attachment having .zip files with time range)

If you have an Exchange 2010 environment you can use the Search-Mailbox  command with a similar search query.

For any future details you can refer to these articles:
https://technet.microsoft.com/en-us/library/dd298064(v=exchg.160).aspx
http://msdn.microsoft.com/en-us/library/aa965711%28v=vs.85%29.aspx

Hope this helps a bit for someone who encounters any request.

Notes
Don’t forget that you need Discovery Management rights in order to perform these commands. Otherwise the commands will fail.
 
1
Comment
Author:Dee C
0 Comments

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month