In Exchange Server 2010, Microsoft introduced a new search capability, which they titled “Multi-Mailbox Search”. However, the icon in the Exchange Control Panel used to access the feature is labeled Discovery, so the feature is most commonly referred to as Discovery Search.
With this capability, a user who has the appropriate permissions can execute searches across many mailboxes in an Exchange organization. By default, there are no users, including Exchange Organization Administrators or Domain Administrators, which have the required permissions. During the installation of Exchange Server 2010, the setup program creates a highly privileged Universal Security Group named Discovery Management. It is membership in this group that provides the requisite access to Discovery Search. It is also worth noting that unlike ExMerge or Export-Mailbox in earlier releases of Exchange, Domain Administrators can be members of the Discovery Management group without experiencing any issues.
Discovery Management is properly referred to as an Unscoped Management Role Group in the parlance of Exchange 2010’s Role Based Access Control. It is Unscoped because it applies to all mailboxes in an Exchange organization. It is a Management Role because it is used to assign a granular permission to users or groups of users. It is a Group because that is how it appears in Active Directory. It is possible with RBAC (and common in larger organizations) to create Scoped Management Role Groups which provide access to a more limited set of mailboxes.
A Discovery Search searches not only a user’s primary mailbox, but also the archive mailboxes for any users involved in the search. A search can be a simple keyword search or it can be a complex search. A complex search will use the same Advanced Query Search syntax which is used within Outlook 2007 (and above) and in Windows Desktop Search.
From some perspectives, making organization-wide searches possible is just another manifestation of Microsoft becoming “Big Brother” (a reference to George Orwell’s book 1984). However, Discovery Search provides the capability for an organization to perform simple legal discovery of documents and messages for any type of litigation, to investigate issues internally because of some real or perceived issue, and to allow Human Resources to ensure that individuals are not using the company provided resources supplied by Exchange inappropriately.
That being said, it is important for companies to have messaging policies which communicate to employees that messages (email, voicemail, instant messaging, webinars, etc.) passing through a company resource are company property; and subject to discovery.
A Discovery Search can only be as complete as the information which is stored in the Exchange mailbox databases. As I’ve discussed earlier in my article series, Exchange Server 2010 supports very large mailboxes, and organizations can be well-served by importing all available PSTs into a user’s mailbox and eliminating PSTs from the organization. This can lead to an improvement in the accuracy and completeness of data that would be returned from a Discovery Search.
Discovery Search results are returned to a Discovery Search mailbox. By default, a single Discovery Search Mailbox (which is also the display name of the mailbox) is created when the first Exchange 2010 mailbox server is installed in an organization. An Exchange administrator may create additional Discovery Search Mailboxes, if desired, and also may configure permissions as to which users may access those mailboxes. Discovery Search Mailboxes are prohibited from receiving email.
Additional searches may be executed on search results to obtain subsets of data when initial search results are too large. Also, the searcher may annotate the results in order to provide additional data about a discovery search.
Overall, Discovery Search is a welcome additional to Exchange Server.