Use the EAC to create an In-Place eDiscovery search

1. Navigate to Compliance management > In-place eDiscovery & hold.
   
   
2. Click New .
   
   
3. In In-Place eDiscovery & Hold, on the Name and description page, type a name for the search, add an optional description, and then click Next.
   
   
4. On the Mailboxes page, select the mailboxes to search. You can search across all mailboxes or select specific ones to search.
   
   

   Important:
   You can’t use the Search all mailboxes option to place all mailboxes on Exchange 2013 Mailbox servers on hold. To create an In-Place Hold, you must select Specify mailboxes to search. For more details, see Create or Remove an In-Place Hold.

5. On the Search query page, complete the following fields:
   
   
   • Include all user mailbox content   Select this option to place all content in the selected mailboxes on hold.
     
     
   • Filter based on criteria   Select this option to specify search criteria, including keywords, start and end dates, sender and recipient addresses, and message types.
     
     
6. On the In-place hold settings page, select the Place content matching the search query in selected mailboxes on hold check box, and then select one of the following options to place items on In-Place Hold:
   
   
   • Hold indefinitely   Select this option to place the returned items on an indefinite hold. Items on hold will be preserved until you remove the mailbox from the search or remove the search.
     
     
   • Specify number of days to hold items relative to their received date Use this option to hold items for a specific period. For example, you can use this option if your organization requires that all messages be retained for at least seven years. You can use a time-based In-Place Hold along with a retention policy to make sure items are deleted in seven years.
     
     

     Important:
     When placing mailboxes or items on In-Place Hold for legal purposes, it is generally recommended to hold items indefinitely and remove the hold when the case or investigation is completed.

Use the Shell to create an In-Place eDiscovery search

This example creates the In-Place eDiscovery search Discovery-CaseId012 for items containing the keywords Contoso and ProjectA that also meet the following criteria:

• Start date: 1/1/2009
  
  
• End date: 12/31/2011
  
  
• Source mailboxe: DG-Finance
  
  
• Target mailbox: Discovery Search Mailbox
  
  
• Message types: Email
  
  
• Log level: Full
  
  

Important:
If you don’t specify additional search parameters when running an In-Place eDiscovery search, all items in the specified source mailboxes are returned in the results. If you don’t specify mailboxes to search, all mailboxes on the Exchange 2013 servers in your Exchange organization are searched.

	Copy Code
New-MailboxSearch "Discovery-CaseId012" -StartDate "1/1/2009" -EndDate "12/31/2011" -SourceMailboxes "DG-Finance" -TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Contoso" AND "Project A"' -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full

After using the Shell to create an In-Place eDiscovery search, you must start the search to copy messages to the specified Discovery mailbox. For details, see Estimate, preview, or copy search results.

For detailed syntax and parameter information, see New-MailboxSearch.

After you create an In-Place eDiscovery search, you can use the EAC to get an estimate and preview of the search results and copy the results to a Discovery mailbox. You can also use the Shell to start the search, which will copy the results to the target Discovery mailbox you specified in the New-MailboxSearch cmdlet.

Use the EAC to estimate, preview, or copy search results

1. Navigate to Compliance management > In-place eDiscovery & hold.
   
   
2. In the list view, select the In-Place eDiscovery search, and then click Search .
   
   
3. From the search list, select one of the following options:
   
   
   • Estimate search results   Select this option to return an estimate of the total size and number of items that will be returned by the search based on the criteria you specified. Estimates are displayed in the details pane.
     
     
   • Preview search results   Select this option to preview the results. Selecting this option opens the eDiscovery search preview window. Messages returned from each mailbox searched are displayed.
     
     
   • Copy search results Use this option to copy messages to a Discovery mailbox. In Copy Search Results, select from the following options, and then click Copy:
     
     
     • Include unsearchable items   Select this check box to include mailbox items that couldn’t be searched (for example, messages with attachments of file types that couldn’t be indexed by Exchange Search).
       
       
     • Enable de-duplication and thread compression   Select this check box to exclude duplicate messages. Only a single instance of a message will be copied to the Discovery mailbox.
       
       
     • Enable full logging   Select this check box to include a full log in search results.
       
       
     • Send me mail when the copy is completed   Select this check box to get an email notification when the search is completed.
       
       
     • Select discovery mailbox to copy to   Click Browse to select the Discovery mailbox where you want the search results copied to.
       
       

Use the Shell to copy search results or get an estimate

After using the Shell to create an In-Place eDiscovery search, you must start the search to copy messages to the Discovery mailbox you specified in the TargetMailbox parameter of the New-MailboxSearch cmdlet.

For an example of how to start the search, see Examples in Start-MailboxSearch.

If you used the EstimateOnly switch to only get an estimate of the search results, you can retrieve the estimate using the Get-MailboxSearch cmdlet.

For an example of how to retrieve a mailbox search, see Examples in Get-MailboxSearch.