This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I had the problem with eDiscovery according to this article:
In the optional step 5 MS says:
"Add a discovery mailbox as a member of the distribution group used to create the custom management scope"
I was suprised to see this because after adding the discovery mailbox to the distribution group used to create the custom scope, the eDiscovery search would be run against the group that will contain the discovery mailbox and this mailbox will be used for coping search results later on.
Furthermore, I thought there could be one more issue with that configuration because adding the discovery mailbox to the "target" group should lead to this discovery mailbox to be searched too.
Anyway, MS says
"Create an eDiscovery search, and select the distribution group that was used to create the custom management scope as the source of mailboxes to be searched. All mailboxes should be successfully searched."
After following all the steps in the article I've bumped exactly in two issues I'd expected:
1) the discovery mailbox can not be searched:
2) you can't copy the search results to the mailbox that is a member of the group being searched:
So I don't quite understand what have I done wrong... I was just following the steps in the article... ???
Thank you in advance,
Michael
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @Mikhail Firsov , don't remember to accept the helpful reply below as answer which resolved your initial question. Thanks for your understanding!
I think the idea there is to verify that search is working. It's certainly NOT needed to always include the DG in the search.
P.S. You can leave feedback on the article to clean up the text a bit, use the form at the bottom.
"It's certainly NOT needed to always include the DG in the search." - as far as I get it in case the search is carried out by the discovery manager (NOT an administrator!) the search must ALWAYS include the DG because the custom scope contains only the members of this DG -the discovery manager should have no permissions - theoretically - on any other mailboxes, ...
"You can use a custom management scope to let specific people or groups use In-Place eDiscovery to search a subset of mailboxes in your Exchange Online organization. For example, you might want to let a discovery manager search only the mailboxes of users in a specific location or department. You can do this by creating a custom management scope. This custom management scope uses a recipient filter to control which mailboxes can be searched. Recipient filter scopes use filters to target specific recipients based on recipient type or other recipient properties."
...but he/she does: I can easily search any users' mailboxes using the discovery manager's credentials: for example, I created a role with the custom scope that contains only the users from the DG_Test distribution group and expected that this manager will not have any access to mailboxes other than those from DG_Test, but this discovery manager account can easily search for ANY mailbox in the organization - not just the "a subset of mailboxes " ...
Hi @Mikhail Firsov , did you perform the operation on the on-premise Exchange server?
I tried in my environment, it can work properly and can successfully copy the search result to the discovery mailbox included in the group.
And I tried it in o365, get the same discovery failed mailbox error as yours above. However, the In-Place eDiscovery in the Exchange admin center (EAC) in Exchange Online is retired as the official document introduced: In-Place eDiscovery
Here is also an article gives step-by-step procedures Using RBAC to restrict Discovery Searches for your reference.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi joyceshen-MSFT,
Yes, I did perform it on the on-premise server.
Thank you for the link - that article also states that the searches beyound the custom scope must be prohibited, but in my test the discovery manager still can search for any mailbox, and it bothers me the most :(
P.S. I use Exchange Server 2019.
I deleted the discovery mailbox from the distribution group and created a new search - copying to the Discovery mailbox succeeded, so I can say that the optional step 5 does the opposite to what it's meant to do: it prevents coping the search results by discovery manager.
Regards,
Michael
P.S. By the way, theeDiscovery does NOT discover the discovery manager's mailbox although it's also the member of the DS group. I thought that adding the discovery mailbox to the group would not affect the discovery process either... but I was wrong.
Regarding the second issue mentioned above: does anybody know why MS recommends to use the "double-step method" - 1) $DG=... 2) $DG.DistinguishedName"
New-ManagementScope "Ottawa Users eDiscovery Scope" -RecipientRestrictionFilter "MemberOfGroup -eq '$($DG.DistinguishedName)'"
...if the -RecipientRestrictionFilter can be specified only by name, for example
New-ManagementScope "Ottawa Users eDiscovery Scope" -RecipientRestrictionFilter "MemberOfGroup -eq 'DS_Group'"?