Applies to: Exchange Server 2013, Exchange Online
Topic Last Modified: 2012-10-12
If you want users to be able to use Microsoft Exchange Server 2013 In-Place eDiscovery, you must first authorize them by adding them to the Discovery Management role group. Members of the Discovery Management role group have Full Access mailbox permissions for the Discovery mailbox that's created by Exchange Setup.
Caution: |
---|
Members of the Discovery Management role group can access
sensitive message content. Specifically, these members can use
In-Place
eDiscovery to search all mailboxes in your Exchange
organization, preview messages (and other mailbox items), copy them
to a Discovery mailbox and export the copied messages to a .pst
file. In most organizations, this permission is granted to legal,
compliance, or Human Resources personnel. |
To learn more about the Discovery Management role group, see Discovery Management. To learn more about Role Based Access Control (RBAC), see Understanding Role Based Access Control.
Interested in scenarios where this procedure is used? See the following topics:
What do you need to know before you begin?
- Estimated time to complete: 1 minute.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Role groups" entry in the Role Management
Permissions topic.
- By default, the Discovery Management role group doesn't contain
any members. Administrators with the Organization Management role
are also unable to create or manage discovery searches without
being added to the Discovery Management role group.
- In Exchange 2013, members of the Organization Management role
group can create an In-Place Hold to
place all mailbox content on hold. However, to create a query-based
In-Place Hold, the user must be a member of the Discovery
Management role group or have the Mailbox Search role assigned.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
Use the EAC to add a user to the Discovery Management role group
- Navigate to Permissions > Admin roles.
- In the list view, select Discovery Management and then
click Edit
- In Role Group, under Members, click Add
.
- In Select Members, select one or more users, click
Add, and then click OK.
- In Role Group, click Save.
Use the Shell to add a user to the Discovery Management role group
This example adds the user Bsuneja to the Discovery Management role group.
Copy Code | |
---|---|
Add-RoleGroupMember -Identity "Discovery Management" -Member Bsuneja |
For detailed syntax and parameter information, see Add-RoleGroupMember.
How do you know this worked?
To verify that you’ve added the user to the Discovery Management role group, do the following:
- Navigate to Permissions > Admin roles.
- In the list view, select Discovery Management.
- In the details pane, verify that the user is listed under
Members.
You can also run this command to list the members of the Discovery Management role group.
Copy Code | |
---|---|
Get-RoleGroupMember -Identity "Discovery Management" |
Tip: |
---|
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection |