Electronic discovery, or eDiscovery, is the process of locating and managing content that you might need to provide as part of a legal case or an audit. SharePoint 2013 and Microsoft Exchange Server 15 work together to enable eDiscovery. To allow a SharePoint 2013 Exchange Server 15 to communicate, you must configure a trust relationship between the computers that are running the two servers. You must also perform several additional steps to grant users the appropriate permissions. This article contains the procedures for configuring a SharePoint Server 2013 and Exchange Server 15 to support eDiscovery.
Before we begin
Please ensure the following prerequisites are met:
- SharePoint Server 15 and Exchange Server 15must be installed in the same domain or the same forest.
- The Exchange Web Services Managed API must be installed on every server that is running SharePoint Server 15 . Download the Exchange Web Services from Microsoft Connect. When you install the Exchange Web Services Managed API, be sure to install it for everyone, not just the current user. Reset the Internet Information Services (IIS) server after installing the Exchange Web Services Managed API.
- You must have the appropriate permissions to run the SharePoint Server 15 You must be a member of the Administrators group on the computer that is running Exchange Server 15 . You must also be a member of the Organization Management role group.
Before you begin configuring the computers, gather and record the following information:
- eDiscovery users: The account names, in the format <domain>\<user> of the users who will manage eDiscovery cases.
- Discoverable mailboxes: The account names of all users whose mailboxes might contain discoverable content and should be searched.
- Realm: A word or phrase that will represent the connection between the computers that run SharePoint Server 15 and Exchange Server 15 . This value can be anything.
- Exchange trusted root authority: A word or phrase that will represent the Exchange Server computer's trusted root authority. This value can be anything.
Configuration procedure
Use the following procedure to configure SharePoint Server 15 and Exchange Server 15 to support eDiscovery.
Do not use this procedure if you have installed apps from the SharePoint Marketplace on the SharePoint farm.
1. Perform the following steps on the computer that is running SharePoint Server 15 Central Administration.
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, right-click SharePoint 2013 Management Shell, and then click Run as administrator.
- At the Windows PowerShell command prompt, type the following commands:
$farm = Get-SPFarm
$farm.AuthenticationRealm = "<RealmName>"
$farm.Update()
Where <RealmName> is the name of the realm that you recorded earlier.
- At the Windows PowerShell command prompt, type the following command:
Set-SPEnterpriseSearchCrawlLogReadPermission -SearchApplication (Get-SPEnterpriseSearchServiceApplication) -UserNames "<eDiscoveryUsers>"
Where <eDiscoveryUsers> is a semicolon-delimited list of the account names, including the domain, of the users who will manage eDiscovery cases.
- At the Windows PowerShell command prompt, type the following commands:
$spCert = (Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate
$spCert.export("Cert") | Set-Content "<PathAndFile>" -Encoding Byte
Where <PathAndFile> is the location to which you want to export the certificate, for example "c:\certificate".
- Copy the certificate that you exported to a location that is accessible to the computer that is running Exchange Server 15 .
2. Perform the following steps on the computer that is running Exchange Server 15 .
- On the Start menu, click All Programs, click Microsoft Exchange Server 2010, and then click Exchange Management Shell.
- At the Windows PowerShell command prompt, type the following commands:
$cert = New-Object System.Security.Cryptography.x509Certificates.x509Certificate2 "<PathAndFile>"
Set-PartnerApplication SharePoint -CertificateRawString ([Convert]::ToBase64String($cert.GetRawCertData()))
Where <PathAndFile> is the location to which you copied the certificate.
- At the Windows PowerShell command prompt, type the following commands:
Set-PartnerApplication SharePoint -Realm "<RealmName>"
Set-AuthConfig Realm "<RealmName>"
Set-AuthConfig -ServiceName 00000003-0000-0ff1-ce00-000000000000
New-ManagementRoleAssignment -SecurityGroup "Discovery Management" -Role ApplicationImpersonation
Where <RealmName> is the name of the realm that you recorded earlier.
- At the Windows PowerShell command prompt, type the following command once for each of the eDiscovery users that you recorded earlier:
Add-RoleGroupMember "Discovery Management" -member "<eDiscoveryUser>"
Where <eDiscoveryUser> is the account name, including the domain, of a user who will manage eDiscovery cases.
- At the Windows PowerShell command prompt, type the following command once for each combination of discoverable mailbox and eDiscovery user:
Add-MailboxPermission -Identity "<Mailbox>" -User "<eDiscoveryUser>" -AccessRights FullAccess
Where:
- <Mailbox> is the account name of a user whose mailbox should be searchable.
- <eDiscoveryUser> is the account name of a user who will manage eDiscovery cases.
- Open Microsoft Internet Explorer and navigate to https://<ExchangeServerName>/owa, where <ExchangeServerName> is the name of the computer that is running Exchange Server 15.
- On the Certificate Error: Navigation Blocked page, click Continue to this website (not recommended).
- In the Security Status bar (next to the Address bar), click Certificate Error.
- In the Untrusted Certificate box, click View certificates.
- On the Details tab of the Certificate dialog box, click Copy to File.
- In the Certificate Export Wizard dialog box, on the Welcome to the Certificate Export Wizard page, click Next.
- On the Export File Format page, select Base-64 encoded X.509 (.CER), and then click Next.
- On the File to Export page, select a location to store the certificate, type a name for the file, and then click Next.
- On the Completing the Certificate Export Wizard page, click Finish.
- In the Certificate Export Wizard dialog box, click OK.
- In the Certificate dialog box, click OK.
- Copy the certificate that you exported to a location that is accessible to the computer that is running SharePoint Server 15 .
3. Perform the following on the computer that is running SharePoint Server 15 Central Administration.
- On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, right-click SharePoint 2013 Management Shell, and then click Run as Administrator.
- At the Windows PowerShell command prompt, type the following commands:
$exCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$exCert.import("<ExchangeCertificateLocation>.cer")
New-SPTrustedRootAuthority -Name "<ExchangeRootAuthority>" -Certificate $exCert
Where:
- <ExchangeCertificateLocation> is the location to which you copied the certificate.
- <ExchangeRootAuthority> is the name of the Exchange Server computer's trusted root authority that you recorded earlier.
- From SharePoint Central Administration, click Manage service applications, and then click Search Service Application.
- On the Search Administration page, click Result Sources on the left.
- On the Manage Result Sources page, click New Source.
- On the Edit Result Source page, in the Source Name box, enter a name for search results that come from Exchange Server 15 , for example "Exchange".
- From the Source Protocol list, select Exchange Index.
- In the Exchange Source URL box, type the following:
https://<ExchangeServerName>/ews/exchange.asmx
Where <ExchangeServerName> is the fully qualified name of the computer that is running Exchange Server 15.
- Click OK.