In Exchange 2010, you can use Multi-Mailbox Search to search mailboxes for e-Discovery or similar purposes. To preserve data in user mailboxes and protect its integrity, you can place a mailbox on Litigation Hold (also known as legal hold). This prevents mailbox items from being purged from the Store, without impacting user workflow. Additionally, when a mailbox is on litigation hold, a process known as copy-on-write (yes, COW) preserves a copy of the original item when a modification is made to certain item properties.

Note, COW also kicks in for a mailbox when you enable Single Item Recovery - check out RS4’s (also known as Ross Smith IV) post Single Item Recovery in Exchange Server 2010 and Understanding Recoverable Items in Exchange 2010 documentation for details.

When creating or modifying a discovery search using the ECP, a discovery manager can specify the mailboxes to search or select the Search all mailboxes option. If you select the latter, all Exchange 2010 mailboxes in the organization are searched. If you're using the New-MailboxSearch cmdlet to create a discovery search and don't specify the SourceMailboxes parameter, all Exchange 2010 mailboxes are searched by default.

Screenshot: Exchange 2010 Discovery - Search all mailboxes
Figure 1: In Exchange 2010, you can use Multi-Mailbox Search to search all mailboxes in your organization

This works if you have less than 25,000 mailboxes in your organization, but exceed that number and you'll see the following error message:

The search exceeded the maximum number of mailboxes that can be searched at a time. Please try searching less than 25,000 mailboxes.

In on-premises Exchange 2010 deployments, the maximum number of mailboxes you can search at a time is capped at 25,000. In Understanding Multi-Mailbox Search, we state:

To perform a mailbox search for more than 25,000 mailboxes, you can split the search into multiple searches, for example by searching mailboxes in a distribution group, including dynamic distribution groups.

Feedback from most customers indicates that the majority of discovery searches do not exceed 20 mailboxes, although there have been some questions on whether this limit can be raised (or lowered).

In Exchange 2010 SP1, you can modify the default by creating the following registry entry on all Exchange 2010 Mailbox servers in your organization:

  • Path: HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\Discovery
  • Name: MaxNumberOfMailboxes
  • Type: DWORD
  • Value: Maximum number of mailboxes to search in a single discovery search.

The requisite PowerShell one-liner: You can use the Registry Editor to create the Discovery registry key and the MaxNumberOfMailboxes value, but if you need to do this on more than 2-3 servers, automating it would be a good idea. Here's a PowerShell one-liner to accomplish this – this one will set it to 300 mailboxes. (As usual, make sure you test all scripts/commands/code downloaded from the web in a test environment!)

$path="HKLM:\Software\Microsoft\ExchangeServer\v14\Discovery"; If (Test-Path $path){"exists"} Else {"$path does not exist"; md $path}; new-itemproperty $path -Name "MaxNumberOfMailboxes" -PropertyType "DWord" -Value 300

Yes, you can. But should you?

Although it’s possible to raise the maximum number of mailboxes searched to a much higher number, for example – 100,000 mailboxes, or even a million mailboxes, keep in mind that each mailbox searched adds some memory overhead on the Mailbox server where the discovery mailbox (aka the target mailbox – this is the discovery mailbox you selected to have search results copied to) is located.

An additional consideration may be the size of your search results and how large you want the discovery mailbox to grow. Depending on what you’re searching for, a discovery search of 100,000 mailboxes may result in a large number of messages in your search results. In Exchange 2010 SP1, we added deduplication of discovery search results, so only one instance of a message is copied if multiple copies are found in the same mailbox or across multiple mailboxes, which can reduce the result size quite a bit. Nevertheless, consider the size of the discovery mailbox, which is controlled by mailbox quotas.

Finally, network bandwidth may be an additional consideration in larger deployments. Do you want to search mailboxes across slower WAN links and copy all data to a single discovery mailbox in one location? A better alternative may be to divide the task and perform a few searches with smaller number of users restricted by location, department or other factors. As stated earlier in this post, you can specify a distribution group or dynamic distribution group to search mailboxes of its members.

If there are other factors you would consider in your environment when deciding to perform a discovery search, we'd love to hear from you! You can share them in the comments section or send us feedback using the contact form.

Bharat Suneja