eDiscovery is one of the new features in Exchange 2013 that has been built on the top of new operations added in Exchange Web Services in 2013. While its very useful for ITPro's for handling legal discoveries and compliance issues, it opens up a whole new world for application developers building Apps that search Exchange Mailboxes. Like the AQS querystring that was introduced in Exchange 2010 the eDiscovery operations make use of the Exchange Search service's content indexes.
There isn't much documentation around at the moment about how to use eDiscovery in EWS so this is just a dump of what I've learned so far.
All up there are four new EWS operations for eDiscovery however the two that you will use most of the time would be.
from http://msdn.microsoft.com/en-us/library/exchange/jj190897.aspx
Permissions wise you need to be a member of the Discovery Management RBAC role
The eDiscovery operations make use of the Keyword Query Language (KQL) which there is some decent documentation for in the Protocol documents for KQL http://msdn.microsoft.com/en-us/library/hh644280%28v=office.12%29.aspx although this isn't very Exchange specific. KQL is pretty cool and gives greater control and functionality over the queries you make when compared against AQS. The syntax does bare similarities to AQS and in some cases your AQS queries should just be transferable.
Some KQL samples would be
Subject:"New Time Proposed: test" - This would do an exact match on the Subject
Subject:Football - This would do a SubString type query on the Subject
attachment:'.pdf' - The would search for attachment with a pdf attachment
To use the new eDisocvery operations in the EWS Managed API you need to have v2.0 which was released recently http://www.microsoft.com/en-au/download/details.aspx?id=35371 .
So now it comes to using the SearchMaiboxes operation, to do this you need to have a properly formated KQL query and you need to know the Mailbox Identifier to use. The Mailbox identifier was a bit of tricky one where in most other things in EWS this would be the PrimarySMTPAddress, for this operation its the X500 (or legacyExchangedn) of the mailbox. There are a few ways you could get this the eaiest and most reliable would be to use the GetSearchableMailboxes operation to build the MailboxSearchScope array for the mailboxes you want to search . eg
Next you build the actually request
There are a bunch of options for manipulating the results such as deduplication and the ability to page and sort the results in different ways and orders. You can also choose just to return the statistics of the query without the results, or return the resutls as PreviewItems where you can control what properties are returned in the PreviewItem.
So for me its a big thumbs up for eDiscovery, so far anyway I can see some frustrations in the way the PriviewItems are returned and there needs to be a lot better info for using KQL and the discovery options.
There isn't much documentation around at the moment about how to use eDiscovery in EWS so this is just a dump of what I've learned so far.
All up there are four new EWS operations for eDiscovery however the two that you will use most of the time would be.
GetSearchableMailboxes
|
Gets a list
of mailboxes that the client has permission to search or perform eDiscovery
on.
|
|
SearchMailboxes
|
|
from http://msdn.microsoft.com/en-us/library/exchange/jj190897.aspx
Permissions wise you need to be a member of the Discovery Management RBAC role
The eDiscovery operations make use of the Keyword Query Language (KQL) which there is some decent documentation for in the Protocol documents for KQL http://msdn.microsoft.com/en-us/library/hh644280%28v=office.12%29.aspx although this isn't very Exchange specific. KQL is pretty cool and gives greater control and functionality over the queries you make when compared against AQS. The syntax does bare similarities to AQS and in some cases your AQS queries should just be transferable.
Some KQL samples would be
Subject:"New Time Proposed: test" - This would do an exact match on the Subject
Subject:Football - This would do a SubString type query on the Subject
attachment:'.pdf' - The would search for attachment with a pdf attachment
To use the new eDisocvery operations in the EWS Managed API you need to have v2.0 which was released recently http://www.microsoft.com/en-au/download/details.aspx?id=35371 .
So now it comes to using the SearchMaiboxes operation, to do this you need to have a properly formated KQL query and you need to know the Mailbox Identifier to use. The Mailbox identifier was a bit of tricky one where in most other things in EWS this would be the PrimarySMTPAddress, for this operation its the X500 (or legacyExchangedn) of the mailbox. There are a few ways you could get this the eaiest and most reliable would be to use the GetSearchableMailboxes operation to build the MailboxSearchScope array for the mailboxes you want to search . eg
- GetSearchableMailboxesResponse gsMBResponse = service.GetSearchableMailboxes("fsmith", false);
- MailboxSearchScope[] msbScope = new MailboxSearchScope[gsMBResponse.SearchableMailboxes.Length];
- Int32 mbCount = 0;
- foreach (SearchableMailbox sbMailbox in gsMBResponse.SearchableMailboxes) {
- msbScope[mbCount] = new MailboxSearchScope(sbMailbox.ReferenceId, MailboxSearchLocation.All);
- mbCount++;
- }
- SearchMailboxesParameters smSearchMailbox = new SearchMailboxesParameters();
- MailboxQuery mbq = new MailboxQuery("attachment:'.pdf'", msbScope);
- MailboxQuery[] mbqa = new MailboxQuery[1] { mbq };
- smSearchMailbox.SearchQueries = mbqa;
- smSearchMailbox.PageSize = 1000;
- smSearchMailbox.ResultType = Microsoft.Exchange.WebServices.Data.SearchResultType.PreviewOnly;
- service.TraceEnabled = true;
- ServiceResponseCollection<SearchMailboxesResponse> srCol = service.SearchMailboxes(smSearchMailbox);
So for me its a big thumbs up for eDiscovery, so far anyway I can see some frustrations in the way the PriviewItems are returned and there needs to be a lot better info for using KQL and the discovery options.