Exchange 2010 uses AQS (Advanced Search Syntax) to construct its discovery searches. Exchange 2013 takes a difference approach and uses KQL (keyword query language). Why the change?

AQS is shared with other Windows search components such as Windows Desktop Search. As explained in my article “Exchange searches are limited to certain item types”, Exchange 2010 only supports a subset of the full AQS capabilities. On the other hand, KQL is shared with other Office 2013 applications, the most important of which is SharePoint 2013 because the two applications can form a single discovery domain across the email stored in Exchange and the documents held in SharePoint.

Giving Exchange and SharePoint a common search syntax makes a heap of sense. Another advantage is gained in that KQL is able to perform “proximity searches”. Take the situation where you want to search for items that mention the words “Azur project” and have the word “bribe” somewhere close to those words. AQS can certainly find anything that includes “Azur project” AND “bribe” but it can’t find “Azur project” with “bribe” within 30 words (in KQL syntax, the word “bribe” is NEAR (n=30) the other phrase). As you can imagine, this capability could be very useful in searches that start out being somewhat imprecise because you’re not quite sure about what you’re looking for. It’s true that searches like this might throw up more results than you are able to deal with on a practical basis, but they could provide a hint as to how searches might be refined to hone in on the critical items.

You don’t need to deploy SharePoint 2013 and Exchange 2013 together to be able to use KQL, but if you do, the searches will uncover information stored in site mailboxes, modern public folders (but not their older equivalents), normal user mailboxes, and other SharePoint sites – and Lync conversations and other interactions if you deploy Lync 2013 alongside Exchange 2013.

Deployed alone, Exchange 2013 is quite capable of using KQL for Exchange-specific multi-mailbox searches executed through the Exchange Administration Center (EAC) console. The only dependency is on the content indexes generated from Exchange mailbox databases by Search Foundation. These content indexes are populated through normal user activity and as the Mailbox Replication Service (MRS) moves mailboxes over to Exchange 2013 servers. You’ll still have to use the Exchange Control Panel (ECP) to perform the older AQS-style searches for mailboxes that remain on Exchange 2010 and then combine the results of both searches by exporting content from both searches to a common discovery mailbox.

You might expect the Search-Mailbox cmdlet to use KQL when executed on an Exchange 2013 server but this is not the case. The older syntax is used. I think this is actually quite logical because it means that code written for older versions of Exchange will run against Exchange 2013 too – and the Search-Mailbox cmdlet is often used to scan mailboxes for content that needs to be removed. Search-Mailbox includes the powerful (and potentially destructive) DeleteContent switch for this purpose. Use with care!

KQL syntax is pretty powerful. I’m sure that the Exchange community will learn KQL tips and techniques to improve searches from those who work with SharePoint and vice versa. It’s nice when a change makes life easier.

Follow Tony @12Knocksinna