Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Symptoms
You run an In-Place eDiscovery search in a Microsoft Exchange Server 2019 environment. Your search uses a keyword query language (KQL) query that specifies the attachment property to filter messages by the file name of attachments. However, your search doesn't find messages that have an attached mail item for which the attachment name matches the search criteria.
For example, you run the following command to create an eDiscovery search to find attachments that have a name that contains the word "marketing":
New-MailboxSearch -Name <search name> -SearchQuery 'attachment:marketing' -SourceMailboxes <user mailbox> -TargetMailbox <destination mailbox>
When you run the search, it returns messages that have non-mail item attachments that are named, for example, Marketing plan.pdf or Marketing plan.docx, but not messages that have mail item attachments that are named, for example, Marketing plan.
Note
Mail items include messages, contacts, calendar items, tasks, and notes.
The issue also occurs for eDiscovery searches that you create in the on-premises Exchange admin center (EAC).
Cause
In Exchange Server 2019, an eDiscovery attachment search compares the attachment property value in a query to the PR_ATTACH_LONG_FILENAME MAPI property value of attached files. However, for mail item attachments, the PR_ATTACH_LONG_FILENAME property value is empty.
Workaround
To work around this issue, don't specify the attachment property in your search query. Instead, use a KQL free-text query to search for keywords in messages and attachments, including the name of mail item attachments. For example, run the following command to create your eDiscovery search:
New-MailboxSearch -Name <search name> -SearchQuery 'marketing' -SourceMailboxes <user mailbox> -TargetMailbox <destination mailbox>