Exchange 2010 SP1/SP2 – Deleting email sent to Wrong DL

As an Exchange Admin, how many times have you got a request to delete email, from your senior management, for deleting specific emails from specific mailboxes? I am sure most of you would say, ”Its Crazy Man”. I personally have seen very important emails being sent to a wrong DL and management coming to us for help. Users may even try to recall the message, with only some being successful. This would add a new set of emails in the mailbox. There can also be situations like, where Spam emails are sent to the DL users’ mailbox, or there is a requirement to delete emails between specific dates. These are the various possible requirements from users, and it does not come as a surprise to me.

In Exchange 2000 and 2003, this can be achieved by using Exmerge.

In Exchange 2007, this can be achieved by using export-mailbox and this cmdlet has enhanced in Exchange 2010 to New-MailboxExportrequest. The cmdlet does not comes with the option to delete the contents. MS also have added couple new cmdlets to export and import the content of the mailbox

In Exchange 2010, this can be achieved using search-Mailbox

Here are simple steps for the Exchange Admins, who can get this task done real quick in Exchange 2010 SP1/SP2 using search-mailbox. But, keep in mind that, these steps suggest permanent deletion, which removes emails from dumpster as well. So only option to recover is go back to backup.

  1. In Exchange 2010, if you want to Import and Export mailbox content and delete unwanted email from the mailbox then, you need to have Mailbox Import Export management role assigned.
  2. Below Powershell cmdlet, New-ManagmentRoleAssignment helps us to assign the right management role “mailbox Import Export” to a particular user.
New-managementRoleAssignment –Role “Mailbox Import Export” –User administrator


Figure 1.  Assigning a new Management role for a user Administrator

3. Similarly if you want to have the permission assigned to a group of users, then you can use the below cmdlet. Make sure you assign the permission to the universal security group.

New-ManagementRoleAssignment -Name "Import-Export Admins" -SecurityGroup "Security group name" -Role "Mailbox Import Export"

4. Once you have the necessary permission to run the search-mailbox then, we are good to start. Lets start with search and on logging mode, so that we have the search result logged in the target mailbox

5.  Below is the Powershell cmdlet search-mailbox, which goes through each mailbox in distribution group OrgVIP, in log only mode. It will generate the report on the log, in the Target mailbox temp, under the folder the Search result. Figure 2. shows the details of the execution.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -TargetMailbox Temp -TargetFolder SearchResult -LogLevel Full


Figure 2. Execution details of the Search-mailbox cmdlet with logonly mode

6. With loglevel Full option the cmdlet will generate the CSV in the target mailbox. Figure 3. shows the details of the CSV result file.


Figure 3. Details after execution of search-mailbox in log only mode.

6. It’s always recommended to have a copy of these emails, which are being searched for, as a back-up reference. To get a copy of all the reference email, just remove the -logonly option

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -TargetMailbox Temp -TargetFolder SearchResult -LogLevel Full

7. Figure 4. Shows the details of the searched emails in the target mailbox. It has the copy of the emails with the detail location. If an email is deleted/moved, it will show the current location folder, and if it is moved to the dumpster, then the result would also show the dumpster folder details.


Figure 4. Copy the searched email to the target mailbox.

8. Finally we have the copy of the emails. Now, It is time to delete the emails. Below is the Powershell cmdlet, which searches each mailbox from the DL and deletes the contents. To delete the content we need to use the option Deletecontent. You really don’t have to provide the target mailbox parameter for deleting the emails.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -DeleteContent

9. The search query is the important attribute of the cmdlet. It can be passed with various options, to get more accurate search results. TechNet Reference

Property Example
Attachments attachment:annualreport.pptx
Cc cc:paul
From from:bharat
Sent sent:yesterday
Subject Subject:”patent filing”
To to:”ben Smith” “”
Body Financial Report

10. Couples of various situation to use search-mailbox with delete content

A. Searching and deleting email containing attachment spam.csv in all the mailbox in the organization

get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery attachment:"spam.csv" -DeleteContent

D. Searching and deleting emails containing attachment spam.csv and subject is hi against all the mailbox in the organization

get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery 'attachment:"spam.csv" and subject:Hi' -DeleteContent

C. If you wanted to display the details of the search result on the shell then you need to use the option Estimateresultonly

get-mailbox -server <Servername> | Search-Mailbox -SearchQuery 'attachment:"spam.csv" and subject:Hi' -Estimateresultonly

D. Delete all the email from all the mailbox of a before the specific date. In the below example I am deleting all the email before the date 18th Sep 2011(“dd/mm/yyy’)

get-mailbox -database <Databasename> -resultsize unlimited | Search-Mailbox -SearchQuery Received:<$("09/18/201") -deletecontent

E. Delete all the email from all the mailbox of a database between the specific dates. In the below example I am deleting all the email before the date 18th Sep 2011(“dd/mm/yyy’) – 1st Jan 2012

get-mailbox -database <Databasename> -resultsize unlimited | Search-Mailbox -SearchQuery Received:<$("09/18/2011") –deletecontent

F. Delete all the email from the mailbox between the specific date

Search-Mailbox -Identity <mailboxname> -SearchQuery 'Received:>$("09/18/2011") and Received:<$("01/27/2012")` -deletecontent

G. Delete all the email from yesterday against the member of the distribution group.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery Received:today -deletecontent -confirm:false   

H. Delete all the email on a specific date from a specific mailbox.

Search-Mailbox <usermailbox> -SearchQuery Received:01/27/2012 -deletecontent

Search-mailbox is a cool and nice cmdlet with some good options to get the required result. I think this is make life of the exchange administrator easier on a tough situations. Hope this helps you to face a real time scenarios Winking smile

Configuring Exchange 2010 clients Outlook and Outlook Web App as Lync 2010 end points(IM and presence Integration with Exchange 2010 clients) using PowerShell

One of the main purposes of Lync is IM and presence in the organization. The main idea is to initiate IM conversation on whichever the client you are and also to know the presence status if user is available for chat and kick the chat conversation. The main and cool idea of Microsoft is to integrate all its application and that’s been one of the key successes with Lync and Exchange.

Lync 2010 IM and Presence Integration with Outlook


1. Deployed Microsoft Exchange Server 2010 and Lync Server 2010.
2. Lync Frontend pool where user is located and client Access server can connect
3. Lync and mailbox enabled users

Lync 2010 IM and presence integration with outlook is automatically performed when you install Lync client on the work satiation. Lync client installs all the necessary add-ins for the outlook to pick up the presence details and also allows to chat directly from the outlook. This feature is only available in outlook 2007 and outlook 2010 clients. Below Figure 1 is reference snap.


Figure 1. Lync user presence on outlook client

You can configure the bunch of settings on the Lync client to integrate with Microsoft Exchange or Microsoft Outlook. Some of the settings like below Figure 2.

1. Update the presence based on my calendar information.
2. Save instance message conversations in my email conversations history folder etc..


Figure 2. Lync client integration with Microsoft Exchange and Microsoft outlook

Lync 2010 IM and Presence Integration with Outlook Web App

Lync 2010 IM and presence with outlook Web App is not automatically integrated. Specific configuration has to be performed.


1. Deployed Microsoft Exchange Server 2010 and Lync Server 2010.
2. Lync Frontend pool where user is located and client Access server can connect
3. Lync and mailbox enabled users
4. Exchange Certificate to be configured with Lync for integration (Make sure CA is trusted by both Exchange 2010 and Lync 2010)

Preparing the CAS servers for the integration

1. Download CWAOWASSPMain.msi from Microsoft Office Communications Server 2010 R2 Web Service Provider and extract the file  “c:\Web Service provider Installer Package” and it will extract below mentioned files. Execute and install “CWAOWAASSP.msi”

2. Donnetfx35setup.exe
3. UcamRedist.msi
4. Vcredist_x64.exe

2. Download and Install the hotfix for OCS 2007 R2 web service provider from OCS 2007 R2 Web Service Provider Hotfix

3. Update Unified Communications Managed API 2.0 Redist (64 Bit) from Hotfix KB 2282949

Configuring Exchange 2010

1. Get the exchange certificate using the below PowerShell command

$Excert = (Get-ExchangeCertificate | Where {$_.Services -like “*IIS*”}).Thumbprint


2. Using the above exchange certificate configure the OWA virtual directory.  Need to make sure to provide appropriate parameter “Instantmessagingservername” with front end pool name. In the below example I have given as which is the front end pool name in my lab.

Get-ExchangeServer | Get-OWAVirtualDirectory | Set-OWAVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true -InstantMessagingCertificateThumbprint $Excert -InstantMessagingServerName


Configure the Lync 2010

1. Access Lync Server management shell and execute the PowerShell cmdlet Get-Cssite to get the Site ID. In our lab the site ID is 1. Below is reference snap


2. Next we need to configure the Trusted application pool and Add ExchangeOutlookWebAccess as Trusted application

3. To configure Trusted application pool use the below mentioned PowerShell command on Lync management shell with the below parameter. You can ignore the warning message as its refering to the computer object which does not exists in the AD

  • Identity = CAS server or CAS Server Arrayname or any SAN name defined in the certificate
  • Registrar = Lync Frontend pool
  • SiteID = site id which we picked above
  • RequiresReplication = $false

New-CsTrustedApplicationPool -Identity -Registrar -Site 1 -RequiresReplication $false


4. Add Exchangeoutlookwebapp to the Trusted application using the PowerShell cmdlet and parameter as defined below

  • ApplicationId = ExchangeOutlookWebApp
  • TrustedApplicationPoolFqdn = CAS server or CAS Server Array name or any SAN name defined in the certificate
  • pool = Any free port (You can check the unused port using netstat -a | findstr 5060)

New-CsTrustedApplication -ApplicationId ExchangeOutlookWebApp -TrustedApplicationPoolFqdn -Port 5060


5. Finally its time to publish the topology using the PowerShell cmdlet Enable-CStopology


6. login to the OWA and you should be able to view the status of the users.


I think every organization should use this feature to integrate between Lync 2010 and Exchange 2010. This makes life easier where users can initiate chat from any client they are in. In the above example I have defined only the integration with one front end pool from a specific CAS server. If you have multiple front end pool then the connected pool will proxy the request to the other pool. In a bigger organization where you have multiple AD site and frontend pool for each site then you may follow the same progress and configure the CAS server and the frontend pool on the specific site. Its also a best practice to configure in this fashion but there is definitely a additional load on the CAS server.

Reference link : Microsoft TechNet

I hope you can use this in your organization as well Winking smile