The following is a blog entry from one of my colleagues that I am currently working with at the moment. This is written in his style. Thank you John for taking the time putting this together and sharing your experience.

---

Requirement:
The boss asked us how much effort would be involved in finding all emails sent from the company to another organisation over an extended period. Thankfully the answer is that this is relatively straightforward.

Solution 1, Journal mailbox – no good
We have an Exchange journaling mailbox configured that is aimed at queries such as this. The problem was that ours is over 14GB in size and only appears to include mail from over the past 3 months. This may be due to our archiving solution – an entirely separate blog entry. The upshot was that outlook kept crashing as I attempted to search the journal mailbox and OWA wouldn’t even open it.

Solution 2, New-MailboxSearch Cmdlet – got the job done
A relatively simple but powerful command that allows you to search a nominated list of mailboxes for items matching criteria such as recipient domain, keywords within the message, and whether the messages have attachments.

The TechNet link can be found here:

http://technet.microsoft.com/en-us/library/dd298064(v=exchg.141).aspx

Note a mistake in the “-Recipients” criteria: the article uses the example “*@contoso.com” to match all items sent to address with this SMTP domain. In practice, powershell didn’t allow the use of “*” as a wildcard:

Thankfully, the command works fine without the “*”, e.g., “@gmail.com”.

Working example syntax is given below:

New-MailboxSearch -Name "Search gmail" -SourceMailboxes jsmith -TargetMailbox DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852} -StartDate "01/11/2012" -EndDate "1/04/2013" -Recipients "@gmail.com" -StatusMailRecipients "jmith"

This performed a new search called <Search gmail> on my own mailbox <jsmith> for all mail items sent to “…@gmail.com” addresses over the period shown.

Matching items (9) were copied to a new subfolder within the dedicated mailbox <DiscoverySearchMailbox>.

A completion notice with summary was emailed to my inbox <jsmith>:

The search ‘Search gmail’ has ‘Search Succeeded’.  To review the search results, open the mailbox where the results are stored and expand subfolders under the ‘Search gmail’ folder.

Percent Complete:	100%
Started by:	John Smith
Stopped by:	N/A
Start Time:	4/01/2013 11:23:01 AM
End Time:	4/01/2013 11:23:40 AM
Mailboxes to search:	(1) dc\John Smith
Mailboxes searched successfully:	(1) dc\John Smith
Mailboxes not searched successfully:	(0) None
Exclude Duplicate Messages:	True
Resume:	False
Size:	54.69 KB (56,004 bytes), Estimated size was: 54.73 KB (56,045 bytes)
Items:	9, Estimated number of items was: 9 (Estimates don’t exclude duplicates)
Results:	dc\DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}
Errors:	None
Keyword Hits:	Keyword hits table was not populated because the search query was empty.

From here I just needed to grant permission to the boss to view the output items in the Discovery Search Mailbox. E.g.,

Add-MailboxPermission –Identity " DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}" –User "DOMAIN\The.Boss" -AccessRights FullAccess -InheritanceType all -Automapping $false