Okay, probably an exchange administrator's worst nightmare. Our legal department has requested a copy of each email sent to or received from any address at mysterydomain.com. We have a small system, only about 100 mailboxes so we've had no budget for 3rd party archiving or tracking tools. So that's the background of why I'm requesting help. I need to search all mailboxes and public folders for any items that were sent to or from mysterydomain.com for the last 10 months, or from 4/1/07. We are running exchange 2003 sp2. I view this as 3 distinct areas of investigation. 1. Search through the smtp service logs and find any instance of mysterydomain.com with a mail from or rcpt to entry. The only issue there is that I don't have any smtp logs before 9/1/07 but I might be able to get the previous logs off a backup. If not, it's not critical since I was just going to use these results as an audit list to make sure that I found each item, or at least be able to explain that yes, we received an email at that time, but we have been unable to locate it. 2. Search the current mailstore for any item with mysterydomain.com in the to:, from:, cc:, or bcc: fields. I have turned on full text indexing on the mailstore, but am having problems on how to run queries against it for across all mailboxes. Anyone have a script or asp code that can do this, or something similar? 3. Restore the mailbox store from tape where possible and then do a similar search as in #2 above. The issue that I have here is the tapes that I have are from an Exchange 2000 server that we migrated from to our current Exchange 2003 server. Can I restore these tapes into an Exchange 2003 recovery storage group, or do I need to build an Exchange 2000 server to restore to? Has anyone had to do something similar using native tools and spotty past practices? Any and all ideas are appreciated! Thanks, Scott

I had to do almost this exact same thing (minus the 2000 part). Ours was even worst as my legal dept. forced us to restore every night's backup and then search all mailboxes (to catch any emails that may have been deleted). The whole thing was manual for us. I was unable to find any way to do discovery on an Exchange database without third party software (after this particullarly brutal exercise we installed an archiving software). So we restored the mail stores, exmerged the data to PST, hooked all these PSTs to one Outlook and started searching. Good luck!