Monday, January 17, 2011

Discovery/Litigation with RBAC

Have you tried running the Export-Mailbox command in Exchange 2010 SP1, only to be denied? These commands were typically utilized in Exchange 2007 for purging messages with certain criteria from mailboxes en masse, or for discovery searches. Import-Mailbox and Export-Mailbox now technically require the RBAC role Mailbox Import Export according to TechNet. This role was slated to not be assigned to any role group by default in Exchange 2010 SP1 (it was assigned to the Organization Management role in RTM). The only problem with this statement is that according to PMs at MS, this command is now deprecated despite TechNet articles discussing their use.
Exchange 2010 SP1 now splits this functionality into the Search-Mailbox and New-ExportMailboxRequest cmdlets. Search-Mailbox will perform a search and subsequent export to a mailbox (including deleting the original from the source mailbox if desired). This functionality satisfies the vacuum of Export-Mailbox’s departure for tearing messages with certain criteria out of user mailboxes in bulk. The New-ExportMailboxRequest cmdlet covers the need to export data to a PST file, and both of these cmdlets can search the mailbox dumpster.
While these commands are good, they are also quite powerful, and can be more than a legal worker would require. These commands are available to a user that is added to the ‘Discovery Management’ role group, however, which is also necessary to perform discovery searches in the more conventional way (via the Exchange Control Panel). Luckily most users won’t have the know-how, nor the means (Exchange Management tools) to perform these tasks in this manner.
The Discovery Management role group encompasses the Mailbox Search and Legal Hold roles, and allows things like multi-mailbox search, as well as saving results to a secured discovery mailbox via the ECP as mentioned above. A quick recap of how to get this process rolling is to:
Add the users to the Discovery Management RBAC role group.

      Add-RoleGroupMember -Identity "Discovery Management" -Member

Create a Discovery Mailbox to act as a secure repository for search results.New-Mailbox SearchResults -Discovery -UserPrincipalName

    Instruct the users to utilize the Exchange Control Panel (ECP) to perform multi-mailbox searches, and export the results to a Discovery Mailbox.
For a legal user to access the search functionality, they need log into their ECP, and choose ‘Options’ in the upper-right hand corner, and choose ‘See All Options…’

Pull down the management options, and choose ‘My Organization’

Choose ‘Mail Control,’ and click ‘Discovery’

Enter your search criteria:

Choose the Discovery mailbox that we created earlier to place the results (or choose to let it estimate):

Check the status:

From here you can click on the ‘Open’ link on the right, or the link in the notification e-mail if you chose to have one in order to access your results.

No comments: