Assign eDiscovery permissions in Exchange 2013
Applies to: Exchange Server 2013
If you want users to be able to use Microsoft Exchange Server 2013 In-Place eDiscovery, you must first authorize them by adding them to the Discovery Management role group. Members of the Discovery Management role group have Full Access mailbox permissions for the Discovery mailbox that's created by Exchange Setup.
Caution
Members of the Discovery Management role group can access sensitive message content. Specifically, these members can use In-Place eDiscovery to search all mailboxes in your Exchange organization, preview messages (and other mailbox items), copy them to a Discovery mailbox and export the copied messages to a .pst file. In most organizations, this permission is granted to legal, compliance, or Human Resources personnel. >
To learn more about the Discovery Management role group, see Discovery Management. To learn more about Role Based Access Control (RBAC), see Understanding Role Based Access Control.
Interested in scenarios where this procedure is used? See the following topics:
What do you need to know before you begin?
Estimated time to complete: 1 minute.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Role groups" entry in the Role management permissions topic.
By default, the Discovery Management role group doesn't contain any members. Administrators with the Organization Management role are also unable to create or manage discovery searches without being added to the Discovery Management role group.
In Exchange 2013, members of the Organization Management role group can create an In-Place Hold and Litigation Hold to place all mailbox content on hold. However, to create a query-based In-Place Hold, the user must be a member of the Discovery Management role group or have the Mailbox Search role assigned.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts for the Exchange admin center in Exchange 2013.
Use the EAC to add a user to the Discovery Management role group
Go to Permissions > Admin roles.
In the list view, select Discovery Management and then click Edit
In Role Group, under Members, click Add .
In Select Members, select one or more users, click Add, and then click OK.
In Role Group, click Save.
Use the Shell to add a user to the Discovery Management role group
This example adds the user Bsuneja to the Discovery Management role group.
Add-RoleGroupMember -Identity "Discovery Management" -Member Bsuneja
For detailed syntax and parameter information, see Add-RoleGroupMember.
How do you know this worked?
To verify that you've added the user to the Discovery Management role group, do the following:
In the EAC, go to Permissions > Admin roles.
In the list view, select Discovery Management.
In the details pane, verify that the user is listed under Members.
You can also run this command to list the members of the Discovery Management role group.
Get-RoleGroupMember -Identity "Discovery Management"
Tip
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.