Exchange Server 2010 legal hold and multi-mailbox search commands

After adding a user to the Discovery Management role group, you can utilize Exchange Server 2010's legal hold and multi-mailbox search functionalities. Get the Exchange Management Shell commands to take advantage of these two features.

Among the many new features included in Exchange Server 2010 are legal holds and multi-mailbox searches. But before implementing either, you must take initial steps to add the appropriate users and know which Exchange Management Shell commands to utilize.

To implement a legal hold or to perform a multi-mailbox search, you must add a user to the Discovery Management role group. In Exchange Server 2010, a role group is a collection of roles.

The Discovery Management role group includes the Mailbox Search role and the Legal Hold role. The reason why you need to assign a user to the Discovery Management role group is because, by default, not even the administrator has the right to perform a multi-mailbox search.

To add a user to the Discovery Management role group, open the Exchange Management Shell and enter the following command:

Add-RoleGroupMember –Identity 'Discovery Management' –Member <user name>

Placing a mailbox on legal hold is done using the Set-Mailbox command:

Set-Mailbox <user's email address> -LitigationHoldEnabled $True

Note: It can take up to an hour for the legal hold to take effect.

The following command releases the legal hold:

Set-Mailbox <user's email address> -LitigationHoldEnabled $False

  • Creating discovery mailboxes to perform multi-mailbox searches
  • Once you've implemented a legal hold, you can perform a multi-mailbox search. To do so, you'll need to create a discovery mailbox, which is used to store search results. Like other types of mailboxes, discovery mailboxes have an Active Directory account (disabled by default). Only users who belong to the Discovery Management role group can access discovery mailboxes.

    You must create a discovery mailbox using Exchange Management Shell using the following command:

    New-Mailbox <mailbox name> -Discovery –UserPrincipalName <email address>

    For example, if you wanted to create a discovery mailbox named [email protected], the command would look like this:

    New-Mailbox Legal –Discovery –UserPrincipalName [email protected]

    If you want to find out if any discovery mailboxes already exist in the organization, enter the following command:

    Get-Mailbox –Filter {RecipientTypeDetails –eq 'DiscoveryMailbox'}

    Exchange Server 2010 imposes a quota on the discovery mailboxes by default. If you look at Figure 1, you can see that Exchange set a 50 GB quota on my discovery mailbox. Although 50 GB may seem like enough space, it may not be large enough if you're performing a massive discovery in a large corporation. In that case, you'll want to remove the mailbox quota.

    50 GB quota on a discovery mailbox
    Figure 1. Exchange has set a 50 GB quota on the discovery mailbox.

  • Multi-mailbox searches
  • We're now ready to perform a multi-mailbox search. To do so, log into Outlook Web App (OWA) as the user you originally designated to the Discovery Management group. Next, click on the Options link, located near the upper-right corner of the interface. This will take you to the Exchange Control Panel.

    Next, select the My Organization option from the Select What to Manage drop-down list. Finally, select the Reporting option to access the multi-mailbox search interface (Figure 2).

    The Exchange Server 2010 multi-mailbox search interface
    Figure 2. Here is the Exchange Server 2010 multi-mailbox search interface.

    Clicking on the New button will take you to a page that allows you to enter your search criteria. The interface gives you a great deal of flexibility and you can pick and choose which mailboxes, date ranges and even storage locations you want to search. You can also perform Boolean keyword searches by using operators like And and Or.

    The search interface is powerful, however, it does have some limitations. First, a multi-mailbox search will only search Exchange Server 2010 mailboxes; it will omit data in Exchange Server 2007 mailboxes.

    Likewise, multi-mailbox searches cannot search data stored in .pst files. The search interface gives you the ability to search for unsearchable items, but this only allows the search to include unsupported attachment types, messages with errors, encrypted messages, etc. It does not extend support to legacy mailboxes or .pst files.

    About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at

    Do you have comments on this tip? Let us know.

Dig Deeper on Exchange Server setup and troubleshooting