cancel
Showing results for 
Search instead for 
Did you mean: 

Enterprise Vault archive search using Powershell

migeauxy
Level 3

Hi

Is there a possibility to search an Exchange mailbox Enterprise Vault user archive / journal Archive for selected items, using powershell scripts / cmdlets / Tools ? (filter based on Sender, subject, dates, etc ... )

I need to export some archived items information  from several individual archives on a regular shedule, and I'd like to try to automate it

thanks a lot

Regards

 

5 REPLIES 5

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello.

If you have Discovery Accelerator, you can use that to create a case, and run a scheduled search. If you need to do this for Compliance reasons, have a look at Compliance Accelerator.

If that is too much, have a look at the VIDEO 

Might help

Regards. Gertjan

ChrisLangevin
Level 6
Employee

You can export the items themselves using PowerShell with the Export-EVArchive cmdlet. This has a parameter called -SearchString, which allows you to export the results of a search. You just need to provide your filters (sender, subject, dates, etc.) as a search query using EV Search syntax.

So something like this will get you a PST full of all the items in archive XYZ where the sender is User 1, the subject contains the word "test," and the archived date is after January 1 2019:

Export-EVArchive -ArchiveId xyz -SearchString 'auth:"User 1" AND subj:test AND adat:>01-01-2019' -Format PST -OutputDirectory c:\temp

The only thing I'm not sure about is that you said you want to "export some archived items information." So if you're not looking for the full items but instead just a report with the metadata of the search results, then you're not going to find a built-in PowerShell cmdlet that can do this. (You can actually access this information and build such a report using the EV Search API, which is a SOAP 1.1 compliant web service API that you could call from PowerShell using Invoke-WebRequest if you really wanted to. However, this is not trivial to do, and the documentation is reserved for our VTE partners.)

Hope this helps!

--Chris

Edit: The smiley face in the code section is a : followed by a >.

 

CConsult
Moderator
Moderator
Partner    VIP   

@ChrisLangevin is there a way to define the specific time, not only date?

Prone2Typos
Moderator
Moderator
Partner    VIP    Accredited Certified
not really played with the EV PS but the value in the DB does have the time... its just that most do not want to use it. I bet it works:

It's true that we do record the time in both the database and the index. The trick is in searching on that value using our search syntax. I have tried numerous ways and cannot seem to find a way to issue a query that includes datetime criteria narrower than one day. I'll keep poking at it and see if I can find one, but so far, no luck.