15 Jan 2013
Restricting the Scope of a eDiscovery Search Using a Recipient Restriction Filter
I am currently working with a customer that is migrating about 180 000 Lotus Notes mailboxes to Exchange Server 2010. The Exchange Server environment is a private cloud provided by an external company. The mailboxes belong to employees from all over the world. Compliance is an important topic of the project. We have to technically ensure that a legal officer of a certain country, for example US, is only able to perform eDiscovery tasks with mailboxes belonging to US employees.
The AD OU structure is fixed. The customer is not allowed to change the AD structure of the resource forest hosting the Exchange environment. All mailboxes of the environment are beneath a single OU. Only contacts or distribution groups are located in another OU. The proposed solution was to use CustomAttribute9 to store a value that identifies the business unit / country of the corresponding employee.
However, we encountered a bug related to recipient restriction filters and multi-mailbox search / in-place eDiscovery that is currently existing in Exchange Server 2010 and Exchange Server 2013.
You can create the RBAC configuration and execute the New-MailboxSearch cmdlet without any issue. When the search is performed by Exchange in the background an error occurs that leads to the following error message: “Property ‘CustomAttribute9’ is not present on object ‘UserA’.”
The following picture shows the configuration steps including how to use a recipient restriction filter to define a management scope.
The next screenshot are the commands used by the legal officer to execute the mailbox search.
As long as the bug is not fixed you will encounter the following error.