Script automates Exchange 2010 SP1 discovery

Harness the power of this PowerShell script to automate weekly Exchange 2010 SP1 multi-mailbox discovery.

I don’t envy compliance officers whose job it is to perform manual searches for items that computers were supposed to find automatically. And although Exchange Server has a structured hierarchy, it’s not always easy to find what you need, especially if you need to use a slew of different keywords.

Generally, if you want to run a search across multiple Exchange 2010 SP1 mailboxes, you would use the Multi-Mailbox Search function, found in the Exchange Control Panel (ECP). This search tool harvests results and then sends them to a discovery mailbox, which has the sole purpose of housing these results.

This method works well if you’re performing an occasional search, but what if you need to generate weekly or daily reports? In those cases, automation is key.

The Exchange team released the SearchMailboxes.ps1 PowerShell script, which allows you to automate multi-mailbox searches. The script comes with a setup file that creates a scheduled task to run searches.

The SearchMailbox.ps1 script runs every Monday by default, but you can edit its search.config file settings to run it at other times. The search.config file also lets you specify the name of the discovery mailbox where messages will reside and the search string you should use when you run your search.

In my opinion, the script is incredibly meticulous, especially with regard to adhering to search start dates before starting new searches . According to the Exchange blog, for example, "For subsequent searches, the start date is automatically obtained from the previous search. If the previous search is successful, its end date is used as the start date for the new search. If the previous search failed, the start date specified in that search is used as the start date for the new search. This ensures that you don't miss any messages due to a failed search.”

Note: In this explanation, a failed search doesn’t mean a search that didn't return any results. It actually means a search that may have been aborted due to a server or network issue.

ABOUT THE AUTHOR:
Serdar Yegulalp
has been writing about computers and IT for more than 15 years for a variety of publications, including SearchWinIT.com, SearchExchange.com, InformationWeek and Windows magazine.

This was first published in March 2011

Dig deeper on Microsoft Exchange Server Scripts and Programming

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close