Managing Multi-Mailbox Search in Exchange Server 2010 (Part 7)

If you would like to be notified of when Anderson Patricio releases the next part in this article series please sign up to our Real Time Article Update newsletter.

If you would like to read the other parts in this article series please go to:

Using Journal Rules with Multi-Mailbox Search Feature…

In some cases the Journal feature can be very useful, for instance, if your organization wants to record all communications from certain users and make use of Exchange built-in tools to search such information, then you are in the right place! Some companies are required by law to record all communications for the last X years and in some scenarios Journal Rules can fit perfectly and bring you this kind of requirement by just using your built-in tools and without purchasing expensive and complex archive solutions. Note, we are not comparing archiving solutions here but instead we are using built-in features to address some common business requirements. The process to compare solutions is not just feature wise but also hardware, training, maintenance, supportability, human resource to manage the solution etc.

Let’s describe a scenario and see how we are going to combine Journal Rules and Mailbox-Search. Let’s say that our company has a security requirement that all e-mail communications from Director Level and higher must be recorded.

There are several ways to achieve the goal proposed. In this article we are going to create a mailbox Database called Journal-DB01 and define no limits at Database level. It is good practice to use a DAG for this database, this way we can make sure that the database is always available, and before we move forward we can also exclude this Journal Database from being picked up when a new mailbox is created. For that we can run the following cmdlet: Set-MailboxDatabase Journal-DB01 -IsExcludedFromProvisioning $true

Now that we have a repository for all mailboxes that will receive the content from regular mailboxes, we have a decision to make. We can have all journal reports from several users in a single mailbox, or we can use a mailbox for each user. In this article series we are going to create a mailbox to keep the journal of each mailbox. For the sake of simplicity, we are going to name all new mailboxes as Username.Journal. We can also remove the mailboxes designed to be Journal recipients from the Global Address List, perhaps disable the user, and make sure that there is no user with Full Access permission on those new Journal mailboxes. We can also create an Organization Unit just for them and restrict management access. If you want to make sure that everything is controlled we can enable Mailbox Audit Logging as well.

Finally, make sure that you have consistent protection of the database using a backup solution.

After creating the basic infrastructure we need to create a Journal Rule for each user that will be part of the retention as shown in Figure 01 since we defined that any message will be recorded in the user’s designed Journal Mailbox. In order to create a new Journal Rule, we can use Exchange Management Console, and then expand Microsoft Exchange On-Premises, Organization Configuration, Hub Transport and then select the Journal Rules tab. Then, it is just a matter of starting New Journal Rule wizards for each mailbox.

Figure 01

Since Anderson is having all e-mail communications being recorded to its Journal Mailbox and he is unaware of this as the process is 100% transparent to the end-user, based on that we can start testing.

Let’s send a message from the administrator to a different user and CC our Anderson mailbox in the message. The result will be a new journal report in the journal mailbox where in the body of the envelope we have message information, such as: Sender, Subject, Message-ID, To and CC, and the original message is attached to this journal report. The Journal Report is just a message arriving in the Journal Mailbox and its attachment is shown in Figure 02.

Figure 02

Now that we have a collection of all messages sent and received by the user(s) in Journal Mailboxes, we can go back to our well-known Multi-Mailbox Search and perform a search. Then we will have the results coming from the Journal Mailboxes as well, as shown in Figure 03. We can also see if the user deleted it by comparing the results from the Journal Mailbox with the actual user mailbox. As an administrator you don’t have to even bother, just search for the information from the Journal Mailbox (es) and we will have all data available.

Figure 03

By using Journal Rules, the administrator can guarantee that all e-mail traffic is being kept in a different location and the user cannot change it. However, the information stored will keep growing and growing and therefore, we need to create some procedures to purge data when time comes.

Exporting the information from a Discovery Mailbox…

We have worked a lot on the Multi-Mailbox Search in this article series, we started with the basics to perform a Mailbox Search Request, then we moved to Exchange Management Shell and etc. Now, it’s time to wrap up everything that we have done so far and generate a PST which contains all information. Sometimes, it is the end-user that performs the Search and it’s up to you to give the user permission to export the content to a PST. In my humble opinion that task can be done easily by the IT team.

In order to be able to export content from a mailbox a few key points must be configured and here is a summary:

  • A Shared folder must be created and the Exchange Trusted Subsystem must have Modify permissions on it
  • The Shared folder created in the previous step will be used by the cmdlet to export the content
  • The user/group who will perform the export must have the Mailbox Import Export Role assigned to it
  • The limitation is 50GB PST

Let’s say that the Multi-Mailbox Search request was created, the data is already checked on the Discovery Mailbox and our next step is to perform the export process. But before starting the export process we need to identify the Name and/or Alias of the Discovery Mailbox. The default one is huge and almost impossible to remember by heart.

We can find that out by running the following cmdlet Get-Mailbox Discover* | Select Name,Alias | fl and here we go with the names and alias. Let’s copy the content from the default Discovery Search Mailbox and run the following cmdlet to start the export process: New-MailboxExportRequest –Mailbox <Discovery-Mailbox-Name> -FilePath \\server\share\FileName.pst. In order to check the status of the process, we can always run Get-MailboxExportRequest cmdlet. The entire process is shown in Figure 04.

Figure 04


In this final article of our series we verified the process of generating a PST from our Discovery Mailbox, and how to combine Journal Rules and Multi-Mailbox Search features.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top