Condividi tramite


Update to the Get-UserHoldPolicies tool

While working with a customer last week, it came to my attention that the Get-UserHoldPolicies script I had put together to enumerate retention policies and eDiscovery cases that put a hold on content wasn't displaying policies that were global.  The types of policies I checked for were enumerated in a user's InPlaceHolds mailbox property, but apparently, that field is populated only if a Security & Compliance retention policy explicitly specifies the mailbox.

If you have created a global policy that specifies all mailboxes, the InPlaceHolds property is not updated.  In fact, there is no mailbox-level property available that reflects a global policy.  The only way to determine if a retention policy applies to a mailbox in that case is to connect to the Security & Compliance Center PowerShell endpoint and run:

 Get-RetentionCompliancePolicy -DistributionDetail | ? { $_.ExchangeLocation -match "All" -and $_.Enabled -eq $True -and $_.DistributionStatus -eq "Success" -and $_.Mode -eq "Enforce" }

I've added that output to the script, as well as the SMTP address of the recipient and an indicator in the Policy Type column of the export if the policy is inherited.  I may tinker around with the output a bit more, but it should provide you with a more comprehensive set of output.  I've also added an -OutputFile parameter, which took care of some output formatting issues when you attempted to pipe the output to Export-Csv.

As before, you can run Get-UserHoldPolicies.ps1 -Identity or pipe the Get-Mailbox cmdlet into it.  And, as a reminder, you need to be a member of the eDiscovery Managers eDiscovery Administrators role group in the Security & Compliance Center in order to evaluate data for all of the cases and to see if holds are applied to the target mailboxes.

You can pick up the new and improved Get-UserHoldPolicies script on the TN gallery at https://gallery.technet.microsoft.com/Get-User-Hold-Policies-c1fe0ca9.

Comments

  • Anonymous
    May 23, 2018
    Hello Aaron,As I understand, when a retention policy is created on the Security and Compliance Center, these retention settings will be applied on the underlying service (Exchange and/or Sharepoint).How can we be sure that the mailboxes are "on-hold" ? As you explain here, the user's InPlaceHolds mailbox property is empty.Best Regards,Yannick
    • Anonymous
      May 28, 2018
      The only way that we've published is the Get-RetentionCompliancePolicy with the -DistributionDetail parameter. Look for:-Enabled -eq $True-Mode -eq "Enforce"-DistributionStatus -eq "Success"If all three of those are set, it will be applied. I suppose one way to check might be to look at a the Recoverable Items folder in mailbox that a hold should be applied to see if it has messages older than the RetainDeletedItems parameter for the mailbox is set.https://technet.microsoft.com/en-us/library/ff637980(v=exchg.160).aspx#RIF