As an Exchange administrator I am sure you have received a request from senior management asking to delete an email sent to wrong distribution list or user. Most of you would say, “It’s Crazy!!!” Mistakes tend to happen. I personally have seen very important emails being sent to a wrong DL. Senders may try to recall the message but the success ratio is very small, if not impossible, if the message has already been read. The Exchange administrator’s job is then to delete the email. There can also be situations where spam emails are sent to the DL or there is a requirement to delete emails between specific dates. These are just a few of the various possible scenarios.
How would you go about removing the message from the various users mailbox? Well the answer to that question depends up on the version of Exchange. In this article, while I briefly skim the procedures for Exchange 2000-2007, I focus on Exchange 2010 SP1/ SP2.
In Exchange 2000 and 2003, this can be achieved by using Exmerge. This was a bit complex and a tedious process.
In Exchange 2007, this can be achieved using export-mailbox and this cmdlet has been enhanced in Exchange 2010 to cmdlet "New-MailboxExportrequest". The cmdlet does not come with the option to delete the contents. Microsoft has also added a couple new cmdlets to export and import the content of the mailbox.
In Exchange 2010, this can be achieved using search-Mailbox.
Here are a few simple steps for the Exchange Administrators, who can get this task done quickly in Exchange 2010 SP1/SP2 using search-mailbox. Keep in mind that these steps can perform permanent deletion, which removes emails from the dumpster as well. So the only option to recover is to go back to backups.
1. In Exchange 2010, if you want to Import and Export mailbox content and delete unwanted email from the mailbox then, you need to have Mailbox Import Export management role(RBAC) assigned.
2. Below Powershell cmdlet, New-ManagmentRoleAssignment helps us to assign the right management role "Mailbox Import Export" to a particular user.
|
Figure 1. Assigning a new Management role for a user Administrator
3. Similarly if you want to have the permission assigned to a group of users, then you can use the below cmdlet. Make sure you assign the permission to the universal security group. Below is the example powershell cmdlet
|
4. Once you have the necessary permission to run the search-mailbox then, we are good to start. Let's start search with logging mode, so that we have search result logged in the target mailbox for review.
5. Below is the Powershell cmdlet search-mailbox, which goes through each mailbox in distribution group "OrgVIP", in log only mode (Parameter -logonly). It will generate the report log file in the Target mailbox temp, under the folder Search result.
|
6. With loglevel Full option, cmdlet will generate CSV in the target mailbox. Figure 2. shows the details of the CSV result file.
Figure 2. Details after execution of search-mailbox in log only mode.
7. It’s always recommended to have a copy of these emails, which are being searched as a back-up reference. To get a copy of all the reference email, just remove the -logonly option
|
8. Figure 3 shows the details of the searched emails in the target mailbox. It has the copy of the emails with the detail location. If an email is deleted/moved, it will show the current location folder, and if it is moved to the dumpster, then the result would also show the dumpster folder details.
Figure 3. Copy the searched email to the target mailbox.
9. Finally we have the copy of the emails. Now, it is time to delete the emails. Below is the Powershell cmdlet, which searches each mailbox from the DL and deletes the contents. To delete the content we need to use the option delete content. You really don’t have to provide the target mailbox parameter for deleting the emails.
|
10. The search query is the important attribute of the cmdlet. It can be passed with various options, to get more accurate search results. TechNet Reference
Property |
Example |
Attachments |
attachment:annualreport.pptx |
Cc |
cc:paul shencc:paulscc:pauls@contoso.com |
From |
from:bharat sunejafrom:bsunejafrom:bsuneja@contoso.com |
Sent |
sent:yesterday |
Subject |
Subject:"patent filing" |
To |
to:"ben Smith" "to:bsmithto:besmith@contoso.com" |
Body |
Financial Report |
11. Couple of various situations to use search-mailbox with delete content
A. Searching and deleting email containing attachment spam.csv in all the mailbox in the organization
|
B. Searching and deleting emails containing attachment spam.csv and subject is hi against all the mailbox in the organization
|
C. If you wanted to display the details of the search result on the shell then you need to use the option Estimateresultonly
|
D. Delete all the email from all the mailbox of a before the specific date. In the below example I am deleting all the email before the date 18th Sep 2011("dd/mm/yyy')
|
E. Delete all the email from the mailbox between the specific date
|
F. Delete all the email from yesterday against the member of the distribution group.
|
G. Delete all the email on a specific date from a specific mailbox.
|
Search-mailbox is a cool and nice cmdlet with some good options that will get you the required result. I think this makes life easier for the exchange administrator facing tough situations. Hope this helps you when facing those tough real world scenarios.