Exchange 2010 SP1/SP2 – Deleting email sent to Wrong DL

As an Exchange Admin, how many times have you got a request to delete email, from your senior management, for deleting specific emails from specific mailboxes? I am sure most of you would say, ”Its Crazy Man”. I personally have seen very important emails being sent to a wrong DL and management coming to us for help. Users may even try to recall the message, with only some being successful. This would add a new set of emails in the mailbox. There can also be situations like, where Spam emails are sent to the DL users’ mailbox, or there is a requirement to delete emails between specific dates. These are the various possible requirements from users, and it does not come as a surprise to me.

In Exchange 2000 and 2003, this can be achieved by using Exmerge.

In Exchange 2007, this can be achieved by using export-mailbox and this cmdlet has enhanced in Exchange 2010 to New-MailboxExportrequest. The cmdlet does not comes with the option to delete the contents. MS also have added couple new cmdlets to export and import the content of the mailbox

In Exchange 2010, this can be achieved using search-Mailbox

Here are simple steps for the Exchange Admins, who can get this task done real quick in Exchange 2010 SP1/SP2 using search-mailbox. But, keep in mind that, these steps suggest permanent deletion, which removes emails from dumpster as well. So only option to recover is go back to backup.

  1. In Exchange 2010, if you want to Import and Export mailbox content and delete unwanted email from the mailbox then, you need to have Mailbox Import Export management role assigned.
  2. Below Powershell cmdlet, New-ManagmentRoleAssignment helps us to assign the right management role “mailbox Import Export” to a particular user.
New-managementRoleAssignment –Role “Mailbox Import Export” –User administrator

clip_image002

Figure 1.  Assigning a new Management role for a user Administrator

3. Similarly if you want to have the permission assigned to a group of users, then you can use the below cmdlet. Make sure you assign the permission to the universal security group.

New-ManagementRoleAssignment -Name "Import-Export Admins" -SecurityGroup "Security group name" -Role "Mailbox Import Export"

4. Once you have the necessary permission to run the search-mailbox then, we are good to start. Lets start with search and on logging mode, so that we have the search result logged in the target mailbox

5.  Below is the Powershell cmdlet search-mailbox, which goes through each mailbox in distribution group OrgVIP, in log only mode. It will generate the report on the log, in the Target mailbox temp, under the folder the Search result. Figure 2. shows the details of the execution.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -TargetMailbox Temp -TargetFolder SearchResult -LogLevel Full

clip_image004

Figure 2. Execution details of the Search-mailbox cmdlet with logonly mode

6. With loglevel Full option the cmdlet will generate the CSV in the target mailbox. Figure 3. shows the details of the CSV result file.

clip_image006

Figure 3. Details after execution of search-mailbox in log only mode.

6. It’s always recommended to have a copy of these emails, which are being searched for, as a back-up reference. To get a copy of all the reference email, just remove the -logonly option

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -TargetMailbox Temp -TargetFolder SearchResult -LogLevel Full

7. Figure 4. Shows the details of the searched emails in the target mailbox. It has the copy of the emails with the detail location. If an email is deleted/moved, it will show the current location folder, and if it is moved to the dumpster, then the result would also show the dumpster folder details.

clip_image008

Figure 4. Copy the searched email to the target mailbox.

8. Finally we have the copy of the emails. Now, It is time to delete the emails. Below is the Powershell cmdlet, which searches each mailbox from the DL and deletes the contents. To delete the content we need to use the option Deletecontent. You really don’t have to provide the target mailbox parameter for deleting the emails.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery subject:"Organization Financial Report" -DeleteContent

9. The search query is the important attribute of the cmdlet. It can be passed with various options, to get more accurate search results. TechNet Reference

Property Example
Attachments attachment:annualreport.pptx
Cc cc:paul shencc:paulscc:pauls@contoso.com
From from:bharat sunejafrom:bsunejafrom:bsuneja@contoso.com
Sent sent:yesterday
Subject Subject:”patent filing”
To to:”ben Smith” “to:bsmithto:besmith@contoso.com”
Body Financial Report

10. Couples of various situation to use search-mailbox with delete content

A. Searching and deleting email containing attachment spam.csv in all the mailbox in the organization

get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery attachment:"spam.csv" -DeleteContent

D. Searching and deleting emails containing attachment spam.csv and subject is hi against all the mailbox in the organization

get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery 'attachment:"spam.csv" and subject:Hi' -DeleteContent

C. If you wanted to display the details of the search result on the shell then you need to use the option Estimateresultonly

get-mailbox -server <Servername> | Search-Mailbox -SearchQuery 'attachment:"spam.csv" and subject:Hi' -Estimateresultonly

D. Delete all the email from all the mailbox of a before the specific date. In the below example I am deleting all the email before the date 18th Sep 2011(“dd/mm/yyy’)

get-mailbox -database <Databasename> -resultsize unlimited | Search-Mailbox -SearchQuery Received:<$("09/18/201") -deletecontent

E. Delete all the email from all the mailbox of a database between the specific dates. In the below example I am deleting all the email before the date 18th Sep 2011(“dd/mm/yyy’) – 1st Jan 2012

get-mailbox -database <Databasename> -resultsize unlimited | Search-Mailbox -SearchQuery Received:<$("09/18/2011") –deletecontent

F. Delete all the email from the mailbox between the specific date

Search-Mailbox -Identity <mailboxname> -SearchQuery 'Received:>$("09/18/2011") and Received:<$("01/27/2012")` -deletecontent

G. Delete all the email from yesterday against the member of the distribution group.

get-DistributiongroupMember Orgvip | Search-Mailbox -SearchQuery Received:today -deletecontent -confirm:false   

H. Delete all the email on a specific date from a specific mailbox.

Search-Mailbox <usermailbox> -SearchQuery Received:01/27/2012 -deletecontent

Search-mailbox is a cool and nice cmdlet with some good options to get the required result. I think this is make life of the exchange administrator easier on a tough situations. Hope this helps you to face a real time scenarios Winking smile

2 thoughts on “Exchange 2010 SP1/SP2 – Deleting email sent to Wrong DL

  1. I used your commands after got error out , by doing this ‘Received:>09/18/2011’ instead of this ‘Received:>$(“09/18/2011”)’

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s