Discovery Management
Type: Admin role
Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.
| RoleGroup | Role | Role Description |
|---|---|---|
| Discovery Management | Legal Hold | This role enables administrators to configure whether data within a mailbox should be retained for litigation purposes in an organization. |
| Discovery Management | Mailbox Search | This role enables administrators to search the content of one or more mailboxes in an organization. |
| Cmdlet | Role | Cmdlet Description |
|---|---|---|
| Get-BookingMailbox | Legal Hold | |
| Get-Mailbox | Legal Hold | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailboxSearch | Legal Hold | In on-premises Exchange, a mailbox search is used to perform an In-Place eDiscovery or to place users on an In-Place Hold. Use the Get-MailboxSearch cmdlet to retrieve details of either type of mailbox search. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MessageTraceCopilot | Legal Hold | |
| Get-Recipient | Legal Hold | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ScopeEntities | Legal Hold | |
| Get-UnifiedAuditSetting | Legal Hold | |
| Get-User | Legal Hold | The Get-User cmdlet returns no mail-related properties for mailboxes or mail users. To view the mail-related properties for a user, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox or Get-MailUser). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| New-MailboxSearch | Legal Hold | The New-MailboxSearch cmdlet creates an In-Place eDiscovery search or an In-Place Hold. You can stop, start, modify, or remove the search. By default, mailbox searches are performed across all Exchange 2013 or later Mailbox servers in an organization, unless you constrain the search to fewer mailboxes by using the SourceMailboxes parameter. To search mailboxes on Exchange 2010 Mailbox servers, run the command on an Exchange 2010 server. For more information, see In-Place eDiscovery in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) and In-Place Hold and Litigation Hold in Exchange Server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Remove-MailboxSearch | Legal Hold | In on-premises Exchange, mailbox searches are used for In-Place eDiscovery and In-Place Hold. You can't remove an In-Place Hold without first disabling the hold. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-Mailbox | Legal Hold | You can use this cmdlet for one mailbox at a time. To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-MailboxSearch | Legal Hold | In on-premises Exchange, mailbox searches are used for In-Place eDiscovery and In-Place Hold. For In-Place eDiscovery, unless specified, mailboxes on all Mailbox servers in an organization are searched. To create an In-Place Hold, you need to specify the mailboxes to place on hold using the SourceMailboxes parameter. The search can be stopped, started, modified, and removed. By default, mailbox searches are performed across all Exchange 2013 or later Mailbox servers in an organization, unless you constrain the search to fewer mailboxes by using the SourceMailboxes parameter. To search mailboxes on Exchange 2010 Mailbox servers, run the command on an Exchange 2010 server. If the In-Place eDiscovery search you want to modify is running, stop it before using the Set-MailboxSearch cmdlet. When restarting a search, any previous search results are removed from the target mailbox. For more information, see In-Place eDiscovery in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) and In-Place Hold and Litigation Hold in Exchange Server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-MailUser | Legal Hold | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-UnifiedAuditSetting | Legal Hold | |
| Start-AuditAssistant | Legal Hold | |
| Test-DatabaseEvent | Legal Hold | |
| Test-MailboxAssistant | Legal Hold | |
| Write-AdminAuditLog | Legal Hold | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-BookingMailbox | Mailbox Search | |
| Get-Mailbox | Mailbox Search | When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values. If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with the Get-Mailbox cmdlet are the actual quota values for the mailbox. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailboxFolderPermission | Mailbox Search | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MailboxSearch | Mailbox Search | In on-premises Exchange, a mailbox search is used to perform an In-Place eDiscovery or to place users on an In-Place Hold. Use the Get-MailboxSearch cmdlet to retrieve details of either type of mailbox search. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-MessageTraceCopilot | Mailbox Search | |
| Get-Notification | Mailbox Search | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-PublicFolder | Mailbox Search | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-Recipient | Mailbox Search | The Get-Recipient cmdlet may not return all object-specific properties for a recipient. To view the object-specific properties for a recipient, you need to use the corresponding cmdlet based on the object type (for example, Get-Mailbox, Get-MailUser, or Get-DistributionGroup). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Get-ScopeEntities | Mailbox Search | |
| Get-UnifiedAuditSetting | Mailbox Search | |
| Invoke-ComplianceSearchActionStep | Mailbox Search | This cmdlet is reserved for internal Microsoft use. |
| New-MailboxSearch | Mailbox Search | The New-MailboxSearch cmdlet creates an In-Place eDiscovery search or an In-Place Hold. You can stop, start, modify, or remove the search. By default, mailbox searches are performed across all Exchange 2013 or later Mailbox servers in an organization, unless you constrain the search to fewer mailboxes by using the SourceMailboxes parameter. To search mailboxes on Exchange 2010 Mailbox servers, run the command on an Exchange 2010 server. For more information, see In-Place eDiscovery in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) and In-Place Hold and Litigation Hold in Exchange Server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Remove-MailboxSearch | Mailbox Search | In on-premises Exchange, mailbox searches are used for In-Place eDiscovery and In-Place Hold. You can't remove an In-Place Hold without first disabling the hold. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-MailboxSearch | Mailbox Search | In on-premises Exchange, mailbox searches are used for In-Place eDiscovery and In-Place Hold. For In-Place eDiscovery, unless specified, mailboxes on all Mailbox servers in an organization are searched. To create an In-Place Hold, you need to specify the mailboxes to place on hold using the SourceMailboxes parameter. The search can be stopped, started, modified, and removed. By default, mailbox searches are performed across all Exchange 2013 or later Mailbox servers in an organization, unless you constrain the search to fewer mailboxes by using the SourceMailboxes parameter. To search mailboxes on Exchange 2010 Mailbox servers, run the command on an Exchange 2010 server. If the In-Place eDiscovery search you want to modify is running, stop it before using the Set-MailboxSearch cmdlet. When restarting a search, any previous search results are removed from the target mailbox. For more information, see In-Place eDiscovery in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery) and In-Place Hold and Litigation Hold in Exchange Server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-Notification | Mailbox Search | You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Set-UnifiedAuditSetting | Mailbox Search | |
| Start-AuditAssistant | Mailbox Search | |
| Start-MailboxSearch | Mailbox Search | You can use In-Place eDiscovery to search one or more specified mailboxes or all mailboxes across the Exchange organization. A search is created by using the Exchange admin center (EAC) or the New-MailboxSearch cmdlet. When restarting a search, any previous results returned by the same search and copied to a Discovery mailbox are removed. To preserve previous search results and resume the search from the point it was stopped, use the Resume switch. In Exchange 2013 or later, mailbox searches are also used for In-Place Hold. However, you can't start or stop In-Place Hold using the Start-MailboxSearch and Stop-MailboxSearch cmdlets. For more details, see In-Place Hold and Litigation Hold in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/holds/holds) and In-Place eDiscovery in Exchange Server. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Stop-MailboxSearch | Mailbox Search | In Microsoft Exchange, mailbox searches are used for In-Place eDiscovery and In-Place Hold. You can start and stop a mailbox search. For more information, see In-Place eDiscovery in Exchange Server (https://docs.microsoft.com/Exchange/policy-and-compliance/ediscovery/ediscovery). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |
| Test-DatabaseEvent | Mailbox Search | |
| Test-MailboxAssistant | Mailbox Search | |
| Write-AdminAuditLog | Mailbox Search | When the Write-AdminAuditLog cmdlet runs, the value provided in the Comment parameter is included in the log entry. For the Write-AdminAuditLog cmdlet to write to the audit log, it must be included in the list of cmdlets being logged by administrator audit logging. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). |