Powershell & searching Mailboxes using the discovery RBAC role

2017-12-08T14:24:20+00:00 June 25th, 2014|PowerShell|

We had a customer request recently to perform and extract any items in a users folder that firstly contained some keywords and secondly came from or where sent to some specific email addresses.

To do this I ensured our account was a member of the discovery RBAC group this is so we can utilise the search-mailbox command:

Add-RoleGroupMember -Identity “Discovery Management” -Member <username>

To get the items that contain the keywords specified run:

Search-Mailbox -Identity “<user>” -SearchQuery “Word1 OR Word2 OR Word3 OR Word4 OR Word5 OR Word6 OR Word7 OR Word8 OR Word9 OR Word10 OR Word11” -TargetMailbox “<OurMailbox>” -TargetFolder “<Search>” -loglevel Full

This outputted:


To get the items that were sent to/from the addresses specified I ran:

Search-Mailbox -Identity “<user>” -SearchQuery “From:email1@email.com OR email2@email.com OR email3@email.com OR email4@email.com OR email5@email.com OR email6@email.com OR email7@email.com OR email8@email.com OR email9@email.com OR email10@email.com” -TargetMailbox “<OurMailbox>” -TargetFolder “<Search>” -loglevel Full

This outputted:


I hopped on to our mailbox and checked the folder and it did indeed contain info in this case I exported the folders to PSTs and made these available to the customer.

Hope it helps!