Using Advanced Query Syntax for searching in Exchange 2010.


I’ve noticed for some time now that we don’t have a lot of documentation on searching in Exchange 2010 which I believe has led to our customer having issues when doing searches in their environments.  I’ve noticed that a majority of search cases I’ve handled were related to inconsistent results, which have been resolved by using AQS to define the search rather than running a very broad search.
 
When using AQS to search it enables your query to be more defined, for example if you’re looking for an email with the subject of “please review this email”, and you want to find any user who has this email if you run:
 
Without AQS:
get-mailbox | search-mailbox -searchquery “please review this email” -TargetMailbox administrator -targetfolder search  
 
The results that this will give you will be skewed, you will receive emails that have the subject of that, that phrase in the body, possibly even if that phrase is the name of an attachment or it is contained within the attachment itself.  When using AQS you can define where you want to search specifically.
 
With AQS:
Get-mailbox | search-mailbox -searchquery ‘subject:Please review this email’ -TargetMailbox administrator -targetfolder search
 
This query will specifically look for emails with the subject “please review this email” and not return results from the body or any attachments.  This will improve your search results dramatically!
 
Now what if you want to define it even further, what if you want to find emails with that subject, but were send from a specific employee, let’s say Steven Brown?  Well for that you can build upon your query like this.
 
Get-mailbox | search-mailbox -searchquery ‘(subject:Please review this email) AND (from:Steven brown)’ -TargetMailbox administrator -targetfolder search   
 
So the above command will find email with a specific subject and from a particular user.  I used my lab to show an example of the expected results.  Below is a snapshot of user303’s inbox.  It’s important to remember that you want to wrap the query in a single quotation so it knows where the query starts and ends, the parenthesis helps separate the different Boolean parameters you have in place. 
 

 
Now for an example I’m going to run a search where I’m looking ONLY for emails with the subject “search test 3” and from “user302”, my query will look like this.
 
-SearchQuery ‘(subject:search test 3) AND (from:user302)’
 

 
With the search-mailbox you have the option to either copy the emails to a mailbox or delete the content with the -deletecontent switch, I’ve elected to copy the messages.
 

 
So as you can tell we only got results for our specific query, the email “search test” was not included in our results.  I really hope this helps everyone define they’re searches and avoid any issues or search timeouts!  I have also included a link to the documented AQS page for you to reference, this will have the available Boolean operators you can use as well as how to incorporate Boolean properties into your queries.  Biggest advice I can give is to just keep trying different variations of the query if you don’t get your expected results, a lot of times the logic of the query is correct, it may just be a parenthesis out of place or quotation.

https://msdn.microsoft.com/en-us/library/aa965711.aspx – Advance Query Syntax

All the best!

Comments (0)