<img height="1" width="1" src="https://www.facebook.com/tr?id=1529264867168163&amp;ev=PageView &amp;noscript=1">

Exchange 2010 SP1/ SP2- Deleting Emails Sent to Wrong DL

As an Exchange administrator I am sure you have received a request from senior management asking to delete an email sent to wrong distribution list or user. Most of you would say, “It’s Crazy!!!” Mistakes tend to happen. I personally have seen very important emails being sent to a wrong DL. Senders may try to recall the message but the success ratio is very small, if not impossible, if the message has already been read. The Exchange administrator’s job is then to delete the email. There can also be situations where spam emails are sent to the DL or there is a requirement to delete emails between specific dates. These are just a few of the various possible scenarios.

How would you go about removing the message from the various users mailbox? Well the answer to that question depends up on the version of Exchange. In this article, while I briefly skim the procedures for Exchange 2000-2007, I focus on Exchange 2010 SP1/ SP2.

In Exchange 2000 and 2003, this can be achieved by using Exmerge. This was a bit complex and a tedious process.

In Exchange 2007, this can be achieved using export-mailbox and this cmdlet has been enhanced in Exchange 2010 to cmdlet "New-MailboxExportrequest". The cmdlet does not come with the option to delete the contents. Microsoft has also added a couple new cmdlets to export and import the content of the mailbox.

In Exchange 2010, this can be achieved using search-Mailbox.

Here are a few simple steps for the Exchange Administrators, who can get this task done quickly in Exchange 2010 SP1/SP2 using search-mailbox. Keep in mind that these steps can perform permanent deletion, which removes emails from the dumpster as well. So the only option to recover is to go back to backups.

1. In Exchange 2010, if you want to Import and Export mailbox content and delete unwanted email from the mailbox then, you need to have Mailbox Import Export management role(RBAC) assigned.

2. Below Powershell cmdlet, New-ManagmentRoleAssignment helps us to assign the right management role "Mailbox Import Export" to a particular user.

New-managementRoleAssignment –Role “Mailbox Import Export” –User administrator



 describe the image

 Figure 1.  Assigning a new Management role for a user Administrator

3. Similarly if you want to have the permission assigned to a group of users, then you can use the below cmdlet. Make sure you assign the permission to the universal security group. Below is the example powershell cmdlet

New-ManagementRoleAssignment -Name "Import-Export Admins" -SecurityGroup "Security group name" -Role "Mailbox Import Export"


 4. Once you have the necessary permission to run the search-mailbox then, we are good to start. Let's start search with logging mode, so that we have search result logged in the target mailbox for review.

 5.  Below is the Powershell cmdlet search-mailbox, which goes through each mailbox in distribution group "OrgVIP", in log only mode (Parameter -logonly). It will generate the report log file in the Target mailbox temp, under the folder Search result.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -TargetMailbox Temp -TargetFolder SearchResult -logonly -LogLevel Full


6. With loglevel Full option, cmdlet will generate CSV in the target mailbox. Figure 2. shows the details of the CSV result file.

  describe the image

Figure 2. Details after execution of search-mailbox in log only mode.

 7. It’s always recommended to have a copy of these emails, which are being searched as a back-up reference. To get a copy of all the reference email, just remove the -logonly option

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -TargetMailbox Temp -TargetFolder SearchResult -LogLevel Full


 8. Figure 3 shows the details of the searched emails in the target mailbox. It has the copy of the emails with the detail location. If an email is deleted/moved, it will show the current location folder, and if it is moved to the dumpster, then the result would also show the dumpster folder details.

 describe the image

Figure 3. Copy the searched email to the target mailbox.

 9. Finally we have the copy of the emails. Now, it is time to delete the emails. Below is the Powershell cmdlet, which searches each mailbox from the DL and deletes the contents. To delete the content we need to use the option delete content. You really don’t have to provide the target mailbox parameter for deleting the emails.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -DeleteContent


10. The search query is the important attribute of the cmdlet. It can be passed with various options, to get more accurate search results. TechNet Reference






cc:paul shencc:paulscc:pauls@contoso.com


from:bharat sunejafrom:bsunejafrom:bsuneja@contoso.com




Subject:"patent filing"


to:"ben Smith" "to:bsmithto:besmith@contoso.com"


Financial Report

11. Couple of various situations to use search-mailbox with delete content

 A. Searching and deleting email containing attachment spam.csv in all the mailbox in the organization

get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery attachment:"spam.csv" -DeleteContent


B. Searching and deleting emails containing attachment spam.csv and subject is hi against all the mailbox in the organization

get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery 'attachment:"spam.csv" and subject:Hi' -DeleteContent


C. If you wanted to display the details of the search result on the shell then you need to use the option Estimateresultonly

get-mailbox -server <Servername> | Search-Mailbox -SearchQuery 'attachment:"spam.csv" and subject:Hi' -Estimateresultonly


 D. Delete all the email from all the mailbox of a before the specific date. In the below example I am deleting all the email before the date 18th Sep 2011("dd/mm/yyy')

get-mailbox -database <Databasename> -resultsize unlimited | Search-Mailbox -SearchQuery Received:<$("09/18/201") -deletecontent


 E. Delete all the email from the mailbox between the specific date

Search-Mailbox -Identity <mailboxname> -SearchQuery 'Received:>$("09/18/2011") and Received:<$("01/27/2012")` -deletecontent


F. Delete all the email from yesterday against the member of the distribution group.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery Received:today -deletecontent -confirm:false


G. Delete all the email on a specific date from a specific mailbox.

Search-Mailbox <usermailbox> -SearchQuery Received:01/27/2012 -deletecontent


Search-mailbox is a cool and nice cmdlet with some good options that will get you the required result. I think this makes life easier for the exchange administrator facing tough situations. Hope this helps you when facing those tough real world scenarios.