The bell is ringing ... wake up in the middle of the night by a rush of phone bells, the annual service customers call to the need for the investigation and removal of mail. Ask why, it turns out that someone in the organization has sent an unhealthy message about the leader and forwarded it within the enterprise, and the leader asked to find such messages and delete them immediately. Administrators know the leadership of the violent temper, dare not neglect!
It's not difficult to find the wrong message to delete, and you can do it with the multiple-mailbox search feature provided by Exchange Server2010. This feature uses a content index created by an Exchange search to provide search capabilities for all or specified ranges of mail content across an organization to meet compliance requirements such as laws and regulations, incident investigations within the enterprise, and mail monitoring. It is because this operation will involve the privacy of employees and other issues, the responsibility for the search mailbox is not necessarily an IT department manager, should be designated by the Ministry of Legal Affairs or human resources personnel to operate. For those who do not understand Exchange management to do multiple-mailbox search operations, the best tool is ECP to achieve role-based access control RBAC. Let's take a look at how to get a special person to do a multiple-mailbox search operation.
Step 1: Create a "Discovery mailbox"
The discovery mailbox is a special type of Exchange 2010 mailbox that stores the results of performing multiple-mailbox searches. That is, when you create a discovery search using ECP, only the discovery mailbox can be used as the repository to store the search results. After the Exchange Server 2010 department completes, a discovery mailbox called Discovery Search mailbox is created. As shown in the following illustration:
In general, it is customary to create a discovery mailbox to achieve a different search mailbox for each different search requirement, so we create a new discovery mailbox in the first step. Discover features that mailboxes do not have for normal mailboxes: they cannot be used for other purposes or converted to other types of mailboxes; The mailbox storage quota for mailboxes is 50GB; The ad account for the mailbox was found to be disabled by default and unable to log on to the domain; In subsequent versions of SP1, This mailbox account is enabled by default to hide from the Exchange address list, users cannot send messages to this account, and cannot use the console graphical interface to create Discovery mailboxes. So we can only use the EMS command line, we'll create a discovery mailbox named DISCOVERYUEC. The command used is: New-mailbox discoveryuec–discover–userprincipalname DiscoveryUEC@uec.com. As shown in the following illustration:
Step 2: Create a user's mailbox used by the performer or use an existing user mailbox
This user mailbox is to perform a multiple-mailbox search operation of the mailbox account, generally for the Ministry of Law or the staff of the employee mailbox, create a user's mailbox directly using the method of EMC can, no longer introduced here. We will use the Duffy mailbox dufei@uec.com directly.
Step 3: Give the User a mailbox to execute permissions for the discovery mailbox
The Exchange Server2010 has a built-in Discovery Management administrative role group that has permissions for multiple-mailbox searches. However, there are no members in this role group by default, so we added the user mailboxes in step 2 to this administrative role group, and you can use the command: add-rolegroupmember–identity "Discovery Management" –member Dufei. Alternatively, use the Exchange Control Panel by opening the ECP, logging in with the administrator, and then selecting roles and auditing---Find the Discovery Management group, as shown in the following illustration:
Then, by double-clicking the "Discovery Management" role group, the configuration parameters for this role group pop up, and no other parameters are modified, just add the Dufei in the member field, and the modified results are shown in the following illustration: