Enterprise Vault™ Discovery Accelerator Administrator's Guide
- Introducing Discovery Accelerator
- Overview and latest updates
- Configuring Compliance Accelerator Desktop Client- Importing configuration data from an XML file
- Specifying the Windows domains with which to synchronize employee details
- Setting up custom message types
- Setting Discovery Accelerator system configuration options- Ad Hoc Searches configuration options
- Auditing configuration options
- Diagnostics configuration options
- Document Conversion configuration options
- Export/production configuration options
- General configuration options
- Home Page configuration options
- Item Prefetch Cache configuration options
- Item Prefetch Cache (Advanced) configuration options
- Policy Integration configuration options
- Profile Synchronization configuration options
- Reviewing configuration options
- Search configuration options
- Security configuration options
- System configuration options
- Vault Directory Synchronization configuration options
 
 
- Setting up and assigning roles
- Working with cases
- Setting up review marks and tags
- Using rules to mark and tag items automatically
- Using Custodian Manager- About Custodian Manager
- Guidelines on using Custodian Manager
- Setting up custodians
- Setting up custodian groups
- Setting up custom custodian attributes
- Setting the primary custodian attribute
- Specifying the user account under which to synchronize custodians
- Synchronizing with entire Active Directory domains and Domino servers
- Setting the configuration options for Custodian Manager
 
- Searching for items- About searching with Discovery Accelerator
- Creating and running Discovery Accelerator searches
- About the search criteria options
- Guidelines on conducting effective searches
- Pausing and resuming Discovery Accelerator searches
- About the Monitor Searches tab
- Selecting the archives in which to search
- Specifying the details of custom search attributes
- Restricting search results to correspond to Compliance Accelerator departments
- Defining email targets with Address Manager
- Building Discovery Accelerator search schedules
- Setting up custom message types
- Using Discovery Accelerator to search archived Skype for Business content
 
- Manually reviewing items- About reviewing with Discovery Accelerator
- About the Review pane
- Filtering the items in the Review pane
- Searching within the review set
- Finding all items in the same conversation
- Assigning review marks and tags to items
- Adding comments to items
- Viewing the history of items
- Displaying printable versions of items
- Downloading the original versions of items
- Copying the item list to the Clipboard
- Deleting items from Enterprise Vault archives
- Changing how the Review pane looks
- Setting your Review pane preferences
 
- Working with research folders- About research folders
- Creating research folders
- Editing the properties of research folders
- Copying items to research folders
- Reviewing the items in research folders
- Exporting items from research folders
- Giving other users access to your research folders
- Removing items from research folders
- Converting research folders into cases
- Deleting folders
 
- Exporting and producing items- About exporting and producing items
- How exporting differs from producing
- Performing an export or production run
- About the limits on the number of simultaneous export and production runs
- Identifying the archives that contain duplicates of a specific item
- How to optimize export and production runs
- Making the export IDs or Bates numbers visible in Microsoft Outlook
 
- Creating and viewing reports- About the Discovery Accelerator reports
- Enhanced reporting
- Creating Discovery Accelerator reports
- Available Discovery Accelerator reports
- Viewing existing reports
- Accessing reports through the OData web service
- Configuring a Power BI template for reporting
 
- Appendix A. Enterprise Vault properties for use in Discovery Accelerator searches- About the Enterprise Vault search properties
- System properties
- Custom Enterprise Vault properties
- Custom Enterprise Vault properties for File System Archiving items
- Custom Enterprise Vault properties for SharePoint items
- Custom Enterprise Vault properties for Compliance Accelerator-processed items
- Custom properties for use by policy management software
- Custom properties for Enterprise Vault SMTP Archiving
 
- Appendix B. Troubleshooting- Display issues when you open a Discovery Accelerator website in Internet Explorer 10 or later
- Vault stores not displayed in the Veritas Surveillance web client
- Full-text search indexing is disabled by default in SQL Server
- TNEF-encoded attachments to Internet Mail (.eml) messages may not be readable after you export the messages from a review set
- Synchronization errors after you rename the SQL Server computer
- Performance counter errors when the Accelerator Manager service starts
- SQL Service Broker warning when restoring a customer database to a different server
- Issues with Custodian Manager- Custodian Manager lets you synchronize multiple custodians with the same Active Directory account
- Custodian Manager does not list the members of a custodian group after you delete the group and then restore it by synchronizing with Active Directory
- If a custodian belongs to one Active Directory domain but is a member of a group in a second domain, Custodian Manager may not update the custodian's details when it synchronizes with the second domain
- Custodian Manager fails to synchronize with Domino LDAP users and groups whose names contain certain double-byte characters
 
- Troubleshooting Privileged Delete failures
 
About the search criteria options
Discovery Accelerator groups the search criteria options into multiple sections, which are described below. Click the arrow icons at the right to expand or collapse the sections.
When you construct a search that contains multiple options, pay attention to how each option interacts with the others in the search properties pane. Discovery Accelerator links all the selected options together with Boolean AND operators rather than OR operators. For example, suppose that you construct a search whose criteria include the following:
- A data range in the Date range section 
- A search term in the Search terms section 
- A file extension in the Attachments section 
The search results contain only those items that match all the search criteria. Discovery Accelerator ignores any items that match some of the search criteria options but not others.
The search properties pane has the following sections:
The Search section identifies the search and specifies when it runs.
| Context | Identifies the case or research folder in which the search runs. When the folder is not linked to any case, "My Research" appears. | 
| Name | Specifies a name for the search, such as "Daily Message Capture (London)". | 
| Based on Search | Lets you select an existing search as the basis on which to set the criteria for the new search. | 
| Save results in | If displayed, lets you select a location in which to save the results. Select New folder in <Context> in the drop-down list if you want to specify the details of a new folder in which to save the results. This option is available only when you create a search in a folder that is not linked to any case (you have selected "My Research" in the left pane). | 
| Search Type | Specifies whether the search runs immediately or at a scheduled time. If you select Scheduled, you can specify a period during which the search is to run. You can also choose from one of a number of existing schedules. | 
| Automatically accept search results | Specifies whether to add the search results to the review set automatically. This option may be useful for any proven searches that you intend to run on a regular basis. If you select , you cannot reject the results and change the search criteria. We recommend that you clear until you have tested that the search returns the expected results. A search that returns an error from any archive is not automatically accepted, regardless of this setting. | 
| Include items already in review | Specifies whether the search results can include the items that you have previously captured and added to this case's review set. This option does not apply to the items that you have previously included in the review sets for other cases. For an immediate search or scheduled search, we recommend that you select this box to ensure that the results include the items that may already be in review from other searches. | 
The Date range section lets you search for items according to when they were sent or received.
| Today / Yesterday / Last 7 days / Last 14 days / Last 28 days | Limits the search to items that were sent or received during the selected period. The date ranges are relative to when the search runs, which is today in the case of an immediate search. You may find these options useful when creating a scheduled, recurrent search that runs once every day, week, two weeks, or four weeks. For example, if the search runs once a week, select to limit the range to the days since the search last ran. | 
| Specific date range | Lets you search the items that were sent or received during a longer or more specific period than the other date range options permit. To enter a date, click the options at the right of the From and To boxes and then select the required date. Enter the time in the format hh:mm, using the 24-hour clock. Unlike the other date range boxes, a specific date range remains static and not relative to when the search runs. Select to use both the current information and historical information for custodians and custodian groups in the search. If you clear this option, Discovery Accelerator uses only the current set of custodians, groups, and email addresses. Any users or groups whose names or email addresses have changed, or who have been deactivated for some reason, are excluded from the search. | 
| Since search last ran | For a scheduled search only, lets you search the new items that have arrived since the last time you ran the search. This option is similar to options such as Today and Yesterday. However, it lets you set an explicit start date for the first run of the search. By default, this option searches from the date of the last run (or the start date for the first search) to the current day minus 1 (that is, up to yesterday). | 
The following table contains a few proximity search syntax and examples:
The Search terms section specifies the words or phrases for which Discovery Accelerator should search in items. Click to add each word or phrase for which you want to search. Note the following:
- Discovery Accelerator searches are case-insensitive. 
- Regular expressions are not permitted. 
- To search for a phrase, enclose the words in quotation marks. - For example, you can search for all items whose subject lines contain the phrase "organizational changes" by defining a search term like this one: - SUBJ: "organizational changes" - Discovery Accelerator considers the file names of message attachments to be their subjects. So, the preceding search term finds both items that contain the phrase "organizational changes" in their subject lines and attachments that have this phrase in their file names. 
- If you type multiple words on the same line, Discovery Accelerator finds all items that contain any of the words or phrases on the line. - Note that you must separate all the words in the search term with spaces. The following search term does not return the expected results because there is no space between the words "changes" and "license" - and consequently Discovery Accelerator searches for items that contain one or more of the following words: "organizational", "changeslicense", and "agreements". - SUBJ: "organizational changes""license agreements" - Similarly, the search terms license;agreements and license; agreements differ because, in the second case, a space follows the semicolon. The presence of the space causes Discovery Accelerator to find the items that contain either word, whereas the absence of the space causes Discovery Accelerator to treat the search term as a phrase. 
- Press the Return key in a search box to add another line to it. If you type multiple lines in a search box, choose or in the left box to determine whether OR or AND conditions connect the lines. 
- To add the details of email targets or custodians to the box or box, click the button at the right of the box. - Note: - If you specify as a target or custodian a Domino user whose details you synchronize with a Domino directory, you must ensure that this user has an SMTP address defined in the Domino directory. Otherwise, the search fails to find the matching items. Alternatively, you can search for such users by their display names. 
- Use the fields in the Custodian Manager options area to specify how to search for custodians or custodian groups. You can choose to search email addresses, display names, or both email addresses and display names. If you select , a custodian or custodian group must have either a matching email address or a matching display name to meet the search criteria; it does not need to have both. - Select if you want Discovery Accelerator to search not only the display name and email address of a custodian group but also the email addresses of all the members of the group. - The conditions that you enter in the Custodian Manager options area use the custodian information that is available at the time that you build the search. This information is not updated unless you edit the search again. For example, when you create a search and select the option , the list members at that time are saved with the search. If the membership of the list changes later, these changes are not applied to the search until you edit and save it again. 
- Place the plus sign (+) in front of a word or phrase to connect it to every other word or phrase on the line with a Boolean AND condition. This sign instructs Discovery Accelerator to treat the specified word or phrase as required criteria. For example, the following search string means "(server AND test) OR (group AND test) OR (cluster AND test)": - [Any Of] server group +test cluster - In the following example, the search string means "(server AND test AND group) OR (cluster AND test AND group)" - [Any Of] server +group +test cluster 
- Place the minus sign (-) in front of a word or phrase to connect it to every other word or phrase on the line with a Boolean AND NOT condition. This sign instructs Discovery Accelerator to exclude from the result set those results that match the other search criteria and contain the excluded term. For example, the following search string means "(server AND NOT test) OR (group AND NOT test) OR (cluster AND NOT test)": - [Any Of] server group -test cluster - In the following example, the search string means "(server AND cluster AND (group AND NOT test))": - [All Of] server cluster group -test- A search term cannot comprise an excluded word or phrase only. When you specify such words or phrases, you must also specify a positive word or phrase that you want to appear in the search results. 
- A search term cannot start with any of the following characters on any line: - = + - @ - For example, "server -cluster" is a valid search term but "-cluster server" is not. 
- You can use an asterisk (*) wildcard to represent zero or more characters in your search. Use a question mark (?) wildcard to represent any single character. - A wildcard search always finds items that match your search criteria and that were archived in Enterprise Vault 10.0 or later. To ensure that the search results also include items that Enterprise Vault 9.0 or earlier has archived, enter at least three other characters before the wildcard. For example, the following search string returns hits for the words "make", "maker", "making", "wonder", "wondering", and so on: - [Any Of] mak* Wonder*- You can include wildcard characters in the email addresses that you specify in a box or box. The following example finds items from users with an email address that includes "acme.uk" or "acme.hk": - [Any Of] acme.?k - However, you cannot use either wildcard character after a special character, such as the ampersand (@). For example, the search string "@?cme.uk" does not produce the expected results. 
- Discovery Accelerator ignores any nonalphanumeric characters in the search term, except for those that have special significance, such as the plus sign, minus sign, and question mark. - For example, a search for the term US@100 may find instances not only of US@100 but also of US 100 and US$100. Including nonalphanumeric characters in the search term may therefore return more results than you expect. 
In the Discovery Accelerator client, you can create a proximity search by using operators such as , , or in the uppercase.
Note the following points about the search terms:
- If you use an operator such as , , or in the uppercase in the search term, that search term behaves as a proximity search query. - The default operator between two terms is . 
- You can specify phrases in double quotation marks and apply the proximity operators. 
 
- If you do not use an operator such as , , in the uppercase in the search term, that search term behaves as a regular search term. 
The following table contains a few proximity search syntax and examples:
Table:
| Operator | Description | Examples | 
|---|---|---|
| BEFORE | Items in which the first specified term appears within a maximum of 10 words before the second term. Optionally, you can specify a maximum number of words between the two terms. | John Smith matches items in which John appears within 10 words before the word Smith. It does not match with Sue Smith met John. John /1 Smith matches items that contain John Smith or John B. Smith. It does not match items that contain John has met Smith or Sue Smith met John. | 
| NEAR | Items in which the first specified term appears within 10 words of the second term. Optionally, you can specify a maximum number of words between the two terms. | John Smith matches items in which John appears within 10 words of Smith. John /1 Smith matches items in which John appears within one word of Smith, as in John Smith, John B. Smith, or Smith sued John. It does not match items that contain John has met Smith or Sue Smith asked for John. | 
| NOTWITHIN | Items in which the first specified term appears outside the context that you have defined with the second term. | confidential "Disclaimer: This email and any files transmitted with it are confidential" matches items that contain the word confidential outside the context of the disclaimer. | 
Note:
This feature is available only if you have the Select Archives in Search permission in the case.
The feature is not available when you define the criteria for a scheduled search; you can use it when you set up immediate searches only.
The Archives section lets you restrict the scope of a case-level search or folder-level search to certain archives only. By default, Discovery Accelerator searches all the archives in the vault stores that you have selected for the case. However, this may be undesirable and time-consuming if Discovery Accelerator must search many thousands of archives unnecessarily.
To select the archives in which to search
- Click Search these archives.
- Click the Archive Picker option at the right.
- In the Select Archives dialog box, select the  required archives.You can select up to 5000 archives from the case-level archive list. 
- Click Apply.
The Attachments section lets you search for items with a certain number or type of attachments.
| Number | Specifies the required number of attachments. The default option, "Does not matter", means that the item can have zero or more attachments. All the other options require you to type one or two values that specify the required number of attachments. | 
| File extensions | Specifies the file name extensions of particular types of attachments for which to search. Separate the extensions with space characters. For example, type the following to search for items with HTML or Microsoft Excel file attachments: 
 This search option evaluates attachments by their file names 
only; it does not check their file type. For example, suppose that a user changes the file name extension of a 
 | 
| The contents of some attachments may not be searchable because Enterprise Vault has not indexed them. In particular, file formats such as Fax and Voice do not have any indexable content. Some Enterprise Vault registry entries prevent it from indexing the contents of selected file types. For example, this is the case with the ExcludedFileTypesFromConversion entry. For more information, see the Enterprise Vault Registry Values guide. For more information on how Discovery Accelerator conducts searches in which you have specified file name extensions, see the following article on the Veritas Support website: | 
The Miscellaneous section lets you search for items of a certain size and type or that have the specified retention category.
| Message size | Specifies the size in kilobytes of each item for which to search, as reported by the message store (Exchange, Domino, and so on). The item size includes the size of any attachments. | 
| Message type | Searches for items of the selected types. | 
| Include only non-indexed items | Lets you search for the unindexed items that do not normally appear in the search results, such as binary files and encrypted mail items. If you select this option, you must leave the Content field empty. | 
| Retention category | Searches for items to which Enterprise Vault has assigned the selected retention categories. | 
The Policies section lets you search for items according to the tags with which any additional policy management software has classified them.
| Policy | Lets you search for the items that match certain classification policies. There are several types of policies: 
 These policy types are not mutually exclusive. Your policy management software may apply multiple policies of different types to the same item. However, note that inclusion policies always take precedence over the other types of policies. Select the required policy type and then select the names of the policies for which you want to search. Alternatively, you can select as the policy type and then type the names of one or more policies. Separate multiple policy names with commas, like this: CustomPolicy1,CustomPolicy2 If you choose to search for multiple policies, the search results will contain items that match any one of the policies. | 
| Filter policies by current case | Lets you omit from the list those policies that are not in use in the current case. | 
The Custom attributes section lets you search for the items that have the specified attributes. When Enterprise Vault processes an item, it populates a number of the item's attributes with information and stores this information with the archived item. Some third-party software may also attach additional attribute information to items. If you know the name of an attribute that interests you, you can enter its details here as a custom attribute.
Note the following:
- If you enter the details of several attributes, use the options in the Attribution inclusion box to determine whether the search results should match any of the attributes or all of them. 
- For attributes that accept string values, you can add the details of email targets or custodians by clicking the buttons at the right of the boxes. - If you set Custodian Manager options to , it is important to understand how Discovery Accelerator processes the details of any custodian that you enter in a custom attribute field. Discovery Accelerator links the custodian's email address to the display name with either a Boolean AND operator or an OR operator, depending on what you choose in the Operator box. For example, with Operator set to , only items that match both the custodian's email address and the display name meet the search criteria; an item that matches just one of these details does not meet the search criteria. Set Operator to to link the email address and display name with an OR operator. Then any item that matches at least one detail (but not necessarily both) meets the search criteria. 
- To search for attribute information that third-party software has added to the X-Headers of SMTP items, add the prefix EVXHDR. to the name of the required attribute. For example: - EVXHDR.X-CompanyID - The attribute name and value are case-sensitive. 
- Do not enclose attribute values in quotation marks if you want to indicate that they are phrases. Instead, select as the operator for these attributes, if you have a choice. Alternatively, you can indicate that an attribute value is a phrase by replacing all the spaces with periods, as follows: - sample.attribute.value - This technique lets you specify multiple phrase values for the same custom attribute. For example, consider the following attribute value: - Enterprise.Vault.Service.Account system DA.Administrator - This value matches "Enterprise Vault Service Account", "system", and "DA Administrator".