Have you ever had the situation where you had to quickly remove an email from all mailboxes in an organisation? Maybe it was an accidental email by an assistant to the whole company, or worse, inappropriate content sent by a disgruntled employee? I have not yet been put in this position but i wanted to be prepared for the gloomy day. This will help you if you are in the same position.
Well here are some steps that i have tested in an Exchange 2010 SP1 environment.
Note: there is a different method for Exchange 2007/2010 RTM versions that has not been documented here.
Make sure the account running the PS command has the appropriate permissions; you need to specifically have access to the New-MailboxImportRequest cmdlet. By default, no-one has permissions to the cmdlet. If you don’t have the correct permissions you will get an error “The term ‘New-MailboxImportRequest’ is not recognized as the name of a cmdlet”.
To add the permission follow these simple steps:
- Create a Universal Security group in ADUC.
- Run the following command
New-ManagementRoleAssignment -Name "Import Export Mailbox Admins" -SecurityGroup "*SecurityGroupName*" -Role "Mailbox Import Export"
- Change *SecurityGroupName* in the above cmdlet to the actual name of your group
- The group needs to be a universal security group for the role assignment to work
- The New-MailboxImportRequest cmdlet only works with UNC shares, not local drives
- The “Exchange Trusted Subsystem” group should be granted read/write permission to the shared location
Use the Shell to search for messages and log the search results
The task uses a powerful/dangerous cmdlet that can do nasty things if incorrect, so i highly recommend running a test beforehand. Below is an example to test what you are going to delete. It will run a scan (based on what and where you searched) and give you a report of the output, along with the locations of the items and where they are located.
Get-Mailbox -Server "*Server*" | Search-Mailbox -SearchQuery 'Subject:"*Subject*" and Body:"*Body*"' -targetmailbox "*SearchMailbox*" -targetfolder "*SearchFolder*" -logonly -loglevel full
The above code searches a particular server (and all the databases on it) for a query that meets a particular subject and body. It then sends the logs to the particular mailbox and folder.
Preview of the output:
- the output mailbox will not be included as part of the search
- the search can be changed to search more detailed searches – refer to the technet article Understanding Multi-Mailbox Search – http://technet.microsoft.com/en-us/library/dd335072.aspx
Use the Shell to search for and delete messages
All that is left to do now is run the command that will commit the process. There are many variations in what you can do so i will include several examples to suit the most common scenarios:
- Delete all emails that meet the search query
Get-Mailbox -Server "*Server*" | Search-Mailbox -SearchQuery 'Subject:"*Subject*" and Body:"*Body*"' -deletecontent
- Copy all emails to a single mailbox, then delete the emails
Get-Mailbox -Server "*Server*" | Search-Mailbox -SearchQuery 'Subject:"*Subject*" and Body:"*Body*"' -targetmailbox "*SearchMailbox*" -targetfolder "*SearchFolder*" -loglevel full -deletecontent
Resources that i helped me get here
- Need to delete email from all users mailboxes – http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26939299.html
- Search-Mailbox – http://technet.microsoft.com/en-us/library/dd298173.aspx
- Use Mailbox Search to Delete Messages – http://technet.microsoft.com/en-us/library/ff459253.aspx
- Export and Import mailboxes in Exchange 2010 SP1 – http://www.zerohoursleep.com/2010/11/export-and-import-mailboxes-in-exchange-2010-sp1/