Tuesday, September 6, 2016

Enable EDiscovery Permissions in Exchange Server 2016

In this blog write up we will discuss about Enabling EDiscovery Permissions in Exchange Server 2016. Within an enterprise environment, if admin wants other users to use In-Place eDiscovery feature of Exchange 2016, then he will have to add them to the Discovery Management (DM) role group. After becoming the member of role group, users will get full access mailbox permissions to Discovery Search Mailbox (default discovery mailbox).
Members of DM role will now be able to access content of any confidential message. Moreover, such members can use In-place eDiscovery in order to search, preview, copy, and export entire mailboxes of Exchange. In general, these permissions are being assigned to legal, compliance, or Human resources personnel.

Some Prerequisites Before Enabling EDiscovery Permissions

  • Initially, the DM role group does not contain any members within it. Therefore, admin can not create or manage discovery searches until and unless he is not added to the DM role group.
  • Administrator will first have to take the permissions before assigning them to other user.
  • Organization management role group members will have to create an In-Place hold for taking control on entire mailbox.
  • Exchange 2016 users can add only security principals to the Discovery management role group like user mailboxes, mail users, security groups, and other role groups.
  • While assigning permissions using Powershell, it is mandatory to have on-premises Exchange.

Approaches to Enable Permissions in Exchange 2016

Using Exchange Management Shell

In order to enable Ediscovery permissions in Exchange 2016 with help of Exchange Management Shell, users will have to use following syntax:
Add role groupmember - Enable Ediscovery permissions in Exchange 2016
To demonstrate that how to use the above-mentioned syntax, below is the example to understand the same:
Enable EDiscovery Permissions in Exchange Server 2016
Here, we are adding a user Kelly in Discovery Management role group. To verify that whether the member is added to DM group or not, run the following command:
Get Role Group member - Enable EDiscovery permissions in Exchange Server 2016

Using Exchange Admin Center

  • Launch Admin center on your Exchange server 2016
  • Go to Permissions >> Admin roles and select the Discovery Management role group, and then click on Edit button
  • Now from Select Members dialog, choose an available valid user or group, and then click on Add button.
  • Perform the above step again and again as much required & then click on OK button.
  • Now you will be back to Role Group page, click on Save button in order to add the member within the group.
To verify that whether members have been added to the group or not, go through the following steps:
  1. From Exchange Admin Center, go to Permissions >> Admin roles
  2. Select Discovery Management role group and then go to Members section.
  3. From the list appearing in front of you, you will find the name of the member whom you have recently added.


As we have discussed about how to enable EDiscovery permissions in Exchange Server 2016, by which one will be able to find all the possible solutions by which they can enable the permissions of EDiscovery and also verify the newly added members.

Tej Pratap Shukla


Post a Comment

Post a reply