Assign eDiscovery permissions in Exchange 2016
Applies to: Exchange Server 2016
Topic Last Modified: 2015-09-04
If you want users to be able to use Exchange Server 2016 In-Place eDiscovery, you must first authorize them by adding them to the Discovery Management role group. Members of the Discovery Management role group have Full Access mailbox permissions to the discovery mailbox, which is called Discovery Search Mailbox, which is created by default.
Members of the Discovery Management role group can access sensitive message content. Specifically, these members can use In-Place eDiscovery to search all mailboxes in your Exchange organization, preview the search results (and other mailbox items), copy them to a discovery mailbox, and export the search results to a .pst file. In most organizations, this permission is assigned to legal, compliance, or Human Resources personnel.|
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Role groups" entry in the Role management permissions topic.
By default, the Discovery Management role group doesn't contain any members. Administrators with the Organization Management role are also unable to create or manage discovery searches without being added to the Discovery Management role group.
In Exchange 2016, members of the Organization Management role group can create an In-Place Hold to place all mailbox content on hold. However, to create a query-based In-Place Hold, the user must be a member of the Discovery Management role group or have the Mailbox Search role assigned.
Go to Permissions > Admin roles.
In the list view, select Discovery Management and then click Edit .
In Role Group, under Members, click Add .
In Select Members, select one or more users, click Add, and then click OK.
In Role Group, click Save.
This example adds the user Bsuneja to the Discovery Management role group.
Add-RoleGroupMember -Identity "Discovery Management" -Member Bsuneja
To verify that you’ve added the user to the Discovery Management role group, do the following:
In the EAC, go to Permissions > Admin roles.
In the list view, select Discovery Management.
In the details pane, verify that the user is listed under Members.
You can also run this command to list the members of the Discovery Management role group.
Get-RoleGroupMember -Identity "Discovery Management"