I hope this never happens to you, but if you ever receive a legal discovery request, you may find this post useful. One of my IT friends shared this story of when he had to do an exchange discovery for a set of keyword combinations on historical email communications that he thought might have happened 2 years ago. This kind of discovery would be a real challenge for a lot of IT organizations.
Houston, we have a problem!
Since the company was using Exchange 2010, my IT pal googled for some advice and found an article on TechEd. The article advised him to use a Multi-Mailbox Search.
However, you usually don’t have an Exchange server with a 1-to-2-year-old database readily available. A small company with 50 employees can create up to several hundred emails per working day. Once the emails have been sent, they’re saved on servers and, later, they’re permanently deleted from your Exchange (moved to disks, tapes or the cloud for long-term archival).
This means you need to roll up your sleeves and first find the old backup. Then, you either need to build a whole environment for your new-old Exchange server (isolated from your production), or use an e-discovery tool to search for emails within the Exchange database. By the way, some of those e-discovery tools are not cheap; get ready to part with good money, per mailbox.
Get a FREE tool
To make a long story short, my IT guy successfully took care of this inquiry by using an e-discovery tool called Veeam Explorer for Microsoft Exchange, which can search the Exchange .EDB file and is completely FREE ($0 USD).
Here is how it works (super easy!):
1. Download and install
Veeam Explorer for Microsoft Exchange (VEX) is free and available as a stand-alone utility in all Veeam Backup & Replication editions, including Veeam Backup Free Edition. So, your first step is to download Veeam Backup Free Edition and the rest is really simple. Here is the download URL:
You can install VEX on either a physical or virtual machine, it doesn’t matter. The installation process is straightforward and looks like “Next, Next, Next, Done.” When the prompt during the installation asks you for a license, you can just continue the process without a license.
Pic. 1. Veeam Explorer for Microsoft Exchange is available as an additional component of Veeam Backup Free Edition after its installation.
2. Extract the EDB file from the backup and open it with VEX
Important: When you extract the .EDB file from your backup, don’t forget to put ESE.DLL at the same location. This file is used to query the Microsoft Exchange database (.EDB) and it’s included in the Microsoft Exchange distribution. You’ll find it easily on the installation disk by searching for “ese.dll” and copying it to the Veeam server. And remember, you can always refer to the below help article for :
To open the .EDB file, you’ll need to point the location of ESE.DLL in the VEX options menu. After that’s done, you can add a mailbox store by pressing the Add Store button on the ribbon.
Pic. 2. Extract ESE.DLL and copy it to the Veeam server.
Pic. 3. Point Veeam Explorer for Microsoft Exchange to the database file.
- Open Veeam Backup Free Edition, go to the main menu, select Options and specify the path to the ESE.dll file.
- Point Veeam Explorer for Microsoft Exchange to the .EDB file (in the Veeam Backup browser double-click the .EDB file)
- After Veeam opens your .EDB database in Veeam Explorer for Microsoft Exchange, you can browse and search for the items you need.
You can now start your search with Advanced Find and search for emails with specific creation dates, text in to, CC, BCC and more.
Pic. 4. Advanced search in Microsoft Exchange database.
Because Veeam Explorer for Microsoft Exchange is an entirely free tool, it doesn’t require any licenses for e-discovery. Veeam Explorer for Microsoft Exchange uses standard APIs when working with the database. Supported versions include Microsoft Exchange 2010 and 2013.
People, companies and non-profits use Veeam Explorer for Microsoft Exchange in a lot of different use scenarios. For those wishing to know more, I’ve listed a couple of the scenarios below:
- Legal discovery: Some countries’ require that records about money, people and data specific to the company should be retained for 3 years. Others require 5, 10 or even 15 years. To be able to meet your countries’ mandatory court or compliance requirements, sysadmins should consider legal department requests to find messages or attached files for a selected user by specific search criteria as top priority requests.
- Internal investigations: In addition to the legal department, any manager in the company can ask sysadmins to find a message in the Exchange database for internal investigation.
Veeam Explorer for Microsoft Exchange fully supports Microsoft Exchange search and query syntax. For example, you can search within the selected Exchange mailbox:
John AND Green
These search criteria examples are similar to those used in Microsoft Outlook 2010. Read more here: How to narrow the search criteria for better searches in Outlook
All in all, it seems like some of the Veeam features can be easily used in non-virtualized environments, especially in cases of Exchange e-discovery. What about you? How do you use Veeam? Feel free to leave your comment below, reach me via email or follow Veeam on Twitter.