In the current article, we will review how to use the PowerShell cmdlet Search-Mailbox to…
Delete mail items from Multiple Exchange mailboxes (Bulk) using PowerShell | Part 4#5
The current article serves as an introduction to the subject of Deleting mail items using the Search-Mailbox cmdlet. In this article, we review some various scenarios of using the Search-Mailbox cmdlet for deleting mail items from multiple Exchange mailboxes (Bulk Deletion).
Table of contents
- Connect to Exchange Online PowerShell
- The scenario in which we need to use the Search-Mailbox cmdlet for deleting mail items
- The “logic” of the Search-Mailbox cmdlet relating to “mail item deletion”
- Scenario description
- Cleaning the Recovery mail folder (the Dumpster).
- Using the Search-Mailbox for deleting mail items | PowerShell parameters
- The term “Multiple mailbox search”
- Use Search-Mailbox to perform a search
- Search and Delete mail items + save a Copy of mail items | Delete mail items from the Recovery mail folder (the Dumpster)
- Search and Delete mail items + Save a Copy of mail items | Mailbox Search Scope Recovery mail folder (the Dumpster)
- Search and Delete mail items + Save a Copy of mail items | Search query Filter – specific Type of Mail item
- Search + Save a copy of mail items | Search Query filter – Calendar items
- Search + Save a copy of mail items | Search Query – Contact items
- Search and Delete mail items + Save a Copy of mail items | Search query Filter – Text String
- Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail SUBJECT
- Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail BODY
- Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail BODY or Mail Subject
- Search and Delete mail items + Save a Copy of mail items | Search query Filter – specific Date or Date Range
- Search and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT on a Specific date
- Search and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT in a specific Date Range
- Search and Delete mail items + Save a Copy of mail items | Search Query – Emails RECEIVED in a specific Date Range
- Search and Delete mail items + Save a Copy of mail items | Search query Filter – by Sender or by Recipient
- Search and Delete mail items + Save a Copy of mail items | Filter scope – Email sent by a specific SENDER
- Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails sent TO a specific RECIPIENT
- Search and Delete mail items + Save a Copy of mail items | Search query Filter – E-mail Attachments
- Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails that include a specific attachment file name
- Search and Delete mail items + Save a Copy of mail items | Filter scope – specific attachment type (suffix)
- Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails with Attachment
- Search and Delete mail items + Save a Copy of mail items | Search query Filter – Additional search queries
- Search and Delete mail items + Save a Copy of mail items | Filter scope – E-mail items size greater than X MB
- Search-Mailbox | Mailbox Search scope | The Recovery mail folder (dumpster) and Archive Mailbox
Connect to Exchange Online PowerShell
To be able to run the PowerShell commands specified in the current article, you will need to Connect to Exchange Online PowerShell.
Start Windows PowerShell as administrator and run the cmdlet Connect-ExchangeOnline.
Connect-ExchangeOnlineBefore you run the PowerShell commands that we review in this article, we must strongly emphasize that you should be careful with this use of the Search-Mailbox PowerShell cmdlet, because the cmdlets perform Hard Delete of mail items.
You should have a good reason for using this option, and we recommend that you get familiar with the PowerShell syntax and understand the exact Search Query you use. For example, what happens to the deleted mail, what Exchange mailboxes are impacted, and so on.
In the next article – Delete mail items from Single Exchange mailbox using PowerShell | Part 5#5, we review a various scenario of using Search-Mailbox cmdlet for deleting mail items from a single Exchange mailbox.
The scenario in which we need to use the Search-Mailbox cmdlet for deleting mail items
An example of scenarios in which Exchange administrator need to enroll the Search-Mailbox cmdlet for “mail items deletion” from a single Exchange mailbox or from Multiple Exchange mailboxes (Bulk deletion) could be:
1. Virus attacks
A scenario in which a virus attacks your organization recipient. You need that the Virus sent for a couple of Exchange recipient, but you don’t know who is this recipient.
In this case, we would like to use the Search-Mailbox cmdlet for performing a search in ALL Exchange mailboxes looking for the virus file name, and after we locate this mail item, delete the mail items from the user mailbox.
2. A sensitive E-mail message that was sent by mistake to multiple recipients.
A scenario in which Exchange recipient sent by mistake a “sensitive E-mail message” to the recipients who were not supposed to read the specific mail item.
And again, in this case, we would like to use the Search-Mailbox cmdlet for performing a search in ALL Exchange mailboxes and “remove” (delete) this mail item.
The “logic” of the Search-Mailbox cmdlet relating to “mail item deletion”
Given that we decide that we must use the Search-Mailbox cmdlet for deleting mail items, there are two main scenarios which we can choose from:
Option 1 – Delete mail items from the source mailbox without saving a copy of the Deleted mail items.
In this scenario, we wish to delete from the Source Mailbox the specific mail items (the mail items that answer our Search Query of Filter scope) without saving any copy of these deleted mail items.
In this case, we use the PowerShell command syntax without providing information about
the Target Mailbox + The Target Folder.
An example of the PowerShell command syntax could be:
Search-Mailbox "Source Mailbox" -DeleteContent -ForceOption 2 – Delete mail items from Source mailbox + saving a copy of the Deleted mail items.
In this scenario, we wish to delete from the Source Mailbox the specific mail items (the mail items that answer our Search Query of Filter scope) but save a copy of the Deleted mail items in a Target Mailbox (in a Target Folder)
In this case, we use the PowerShell command syntax + providing information about the
Target Mailbox + The Target Folder.
An example of the PowerShell command syntax could be:
Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -ForceOption 3 – Perform a search – locate the mail items that we are going to delete from Source mailbox + Generate Report (Log).
In this scenario, we wish to generate a report (Log file) which includes details about the mail items that we are “going to delete but without performing any “action” beside of the generating the report.
To generate only report without performing any action, we use the PowerShell parameter -LogOnly
My recommendation is to consider using this option before we start with the actual deletion. In other words- better safer than sorry!
After we look at the information that appears in the report (Log) and after we “approve” to delete the specific mail items only then, go back and use one of the options mentioned above (delete the mail items without saving a copy or save a copy of the deleted mail items in the Target Mailbox).
In this case, we use the PowerShell command syntax + providing information about the Target Mailbox + The Target Folder that will “store” the report file.
An example of the PowerShell command syntax could be:
Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogOnlyScenario description
In the following example, I prefer to be on the safe side. For this reason, all the PowerShell command examples will be based on a scenario in which we save a copy of the Deleted mail items in the “Target Mailbox.” In case you prefer to avoid this option, you can remove the section about the Target Mailbox + the Target Folder from the PowerShell command syntax.
The Goals
The goals we seek to achieve are:
- Perform a search in Multiple Exchange mailboxes (Bulk Mailbox search). The search is implemented by defining a specific Search Query (search criteria), that will help us to locate specific mail items that answer the Search Query.
- We wish to Delete all the mail items that appear in the Search Results.
- The Search Results (deleted mail items) will be copied to a Target Mailbox, and saved in a dedicated folder (Target Folder).
- In addition, we want to create a detailed report (Log), about each mail items that appear in the Search Results, and that was Deleted (the Log \ Report file will be saved in the Target Folder).
Source mailbox + Target mailbox (and Target Folder)
- The Source Mailboxes (the mailboxes on which we perform the search) are ALL Exchange Mailboxes.
- The Target Mailbox which we use for storing the search result (the mail items) is Adele’s
- The Target Folder name will be – Search Results Multiple Mailbox search – DELETED mail item’s Backup.
The mailbox search scope
By default, the Search-Mailbox cmdlet performs a search in the “Source Mailbox” that includes the following “Mailbox spaces”:
Primary mailbox
- The Search-Mailbox cmdlet will perform a search that relates to all folders and subfolders in the Primary Mailbox.
- Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the Recovery mail folder (the Dumpster).
Archive mailbox
In case that the Source Mailbox has Archive mailbox,
- The Search-Mailbox cmdlet will perform a search that relates to all folders and subfolders in the Archive mailbox.
- Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the mailbox archive Recovery mail folder (the Dumpster).
Cleaning the Recovery mail folder (the Dumpster).
The Search-Mailbox cmdlet has the ability, to delete mail items stored in the Recovery mail folder (the Dumpster).
The Recovery mail folder (the Dumpster) uses two separated folders for storing the following type of deleted mail items:
- Deletion – the folder that store Soft Deleted mail items.
- Purges – the folder that store Hard Deleted mail items.
It is important to mention that in case that we use the Search-Mailbox cmdlet for deleting mail items stored in the Recovery mail folder (the Dumpster); the Search-Mailbox cmdlet can only delete mail items that stored in the Deletion folder (the folder that store Soft Deleted mail items) but cannot delete mail items that are stored in the Purges folder (the folder that store Hard Deleted mail items).
Using the Search-Mailbox for deleting mail items | PowerShell parameters
The “active” the option of Deleting mail items using the Search-Mailbox cmdlet we need to add the following PowerShell command parameters:
1. DeleteContent
This DeleteContent parameter instructs the Search-Mailbox cmdlet to “search and destroys” the mail items that match the Search query criteria.
2. Force
This “Force” parameter is not a mandatory parameter. The purpose of this parameter is, to prevent from the Search-Mailbox cmdlet to ask us for a confirmation for each mail items that are going to be deleted.
In the following diagram, we can see the additional parameters that “turn” the Search-Mailbox cmdlet from a tool that searches and locate information (mail items) into a deadly weapon that destroys (Hard Delete) mail items!
The term “Multiple mailbox search”
In the current article, we review how to use the Search-Mailbox cmdlet for performing a search + mail deletion of mail items that are stored on a “group” or “array” of Exchange mailboxes.
The definition of the Exchange mailboxes is a very flexible definition because there are multiple ways that we can use in addressing the Exchange mailboxes that consider as part of the “group.”
In other words, we have many options for defining the mailbox’s search scope.
The simplest example is – perform a mailbox’s search that relates to ALL existing Exchange mailboxes. In this scenario, we define the “group” of ALL existing Exchange mailboxes as:
Get-Mailbox -ResultSize UnlimitedAfter we define the characters or the specific mailbox “Group” (multiple mailboxes), we “pipe” the Exchange mailbox group to the Search-Mailbox PowerShell command.
There many options that we can use for defining a specific “group” of Exchange mailboxes.
Example 1: Perform Multiple mailbox search | All types of Exchange mailboxes.
For example, to perform a search for mail items in all existing Exchange mailboxes, we can use the following command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQueryExample 2: Perform Multiple mailbox search | All Exchange USER mailboxes.
Get-Mailbox -Filter '(RecipientTypeDetails -eq "UserMailbox")' | Search-Mailbox -SearchQueryExample 3: Perform Multiple mailbox search | All Exchange Shared mailboxes
Get-Mailbox -Filter '(RecipientTypeDetails -eq "SharedMailbox")' | Search-Mailbox -SearchQueryExample 4: Perform Multiple mailbox search | All Exchange Room mailboxes.
Get-Mailbox -Filter '(RecipientTypeDetails -eq "RoomMailBox")' | Search-Mailbox -SearchQueryExample 5: Perform Multiple mailbox’s search | Exchange Mailboxes – members in Distribution Group.
In this scenario, we want to perform a search by defining a “group of Exchange mailboxes” which “belong” (members) to a specific Distribution Group.
Get-DistributionGroupMember "Distribution Group name" | Search-Mailbox -SearchQueryUse Search-Mailbox to perform a search
Search and Delete mail items + save a Copy of mail items | Delete mail items from the Recovery mail folder (the Dumpster)
In this example, we use the Search-Mailbox cmdlet without any “filter” or Search query filters.
Instead, we use the PowerShell parameter SearchDumpsterOnly for restricting the search (and the deletion of mail items) only to mail items stored in the Recovery mail folder (the Dumpster).
In this scenario, our goal is to delete all Soft Deleted mail items stored in the Recovery mail folder (the Dumpster) + Save a copy all the mail items that were deleted from the Source Mailbox to the Target Mailbox.
As mentioned, the Search-Mailbox cmdlet cannot delete Hard Deleted mail items that are stored in the Purges subfolder (subfolder of the Recovery mail folder)
Search and Delete mail items + Save a Copy of mail items | Mailbox Search Scope Recovery mail folder (the Dumpster)
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchDumpsterOnly -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchDumpsterOnly -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search query Filter – specific Type of Mail item
In this scenario, we want to:
- Look (search), only a specific type of mail items (such as calendar or contact mail items) in multiple Source Mailboxes (Exchange mailboxes).
- Delete these mail items
- Save a copy of the deleted mail items in the Target mailbox
Search + Save a copy of mail items | Search Query filter – Calendar items
Search + Delete specific type of mail items – Calendar items.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery "Kind:meetings" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery "Kind:meetings" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch + Save a copy of mail items | Search Query – Contact items
Search + Delete specific type of mail items – Contacts items.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery "Kind:contacts" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery "Kind:contacts" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullNote: By default, if not specified, the Search-Mailbox cmdlet will look for all types of message types.
When using the option the kind search filter, valid values can be one or more of the following:
- Meetings
- Tasks
- Notes
- Docs
- Journals
- Contacts
- IM
Search and Delete mail items + Save a Copy of mail items | Search query Filter – Text String
In this section, we use Search Query that looks for mail items that include a specific text string.
General note – because we use the quotation marks, the search will fetch only results in which all the words in the text string that we define appear.
For example, in our scenario, we look for the text string: “A meeting in New York.”
Mail items that include the words “New York” or “meeting” will not appear in the Search Results.
Only mail items that include all the text phrases that appear inside the quotation marks, will be considered as “valid mail items” that answer the Search Query (exact phrases or keywords in subjects of items).
Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail SUBJECT
Search + Delete mail items with a specific TEXT string that appears in an E-mail Message Subject line.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery Subject:"Text String" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery Subject:"A meeting in New York" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item’s Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail BODY
Search + Delete mail items with a specific TEXT string that appears in an E-mail Body.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery body:"Text String" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery Subject:"A meeting in New York" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail BODY or Mail Subject
Search + Delete mail items with a specific TEXT string that appears in an E-mail Message Subject line or Mail Subject.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery "Text String" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery "A meeting in New York" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullAdditional PowerShell command syntax that we can use for performing a search that includes two types of search criteria is:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Subject:"A meeting in New York" OR body:"A meeting in New York"} -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search query Filter – specific Date or Date Range
General information about the subject of “Date and Date format.”
The subject of the date format that we use in the Search-Mailbox query is a little tricky because the date format is affected by the Windows OS Date format, the Exchange Online Mailbox Date format, etc.
Case 1: Most of the time, the date format that you need to use in the Search Query is your Windows OS Date format.
Case 2: When using a date format in Search-Mailbox queries needs to be in a format that conforms to the Exchange server’s Regional settings.
In case you get an error such as – “The KQL parser threw an exception,”, use the “month name” instead of the format of “month number.”
For example, instead of using the Date format – 07/21/2017 use the following format – 02/July/2017.
Search and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT on a Specific date
Search + Delete mail items with Sent on a specific Date.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery sent:mm/dd/yyyy -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery sent:21/07/2017 -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT in a specific Date Range
Search + Delete mail items with Sent on a specific Date Range.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {sent:mm/dd/yyyy..mm/dd/yyyy} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {sent:21/06/2017..07/21/2017} -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search Query – Emails RECEIVED in a specific Date Range
Search + Delete mail items that were Received on a specific Date range.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Received:mm/dd/yyyy..mm/dd/yyyy} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Received:21/06/2017..21/07/2017} -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search query Filter – by Sender or by Recipient
In this section, we would like to Search + Delete mail items that were sent from a specific sender or reach to a specific recipient.
Search and Delete mail items + Save a Copy of mail items | Filter scope – Email sent by a specific SENDER
Search + Delete mail items that were Sent from a specific Sender (the FROM mail field).
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery from:"E-mail address" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery from:"John@o365info.com" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Filter scope – Emails sent TO a specific RECIPIENT
Search + Delete mail items that were Received from a specific recipient (sent to a specific recipient – the TO mail field).
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery to:"E-mail address" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery to:"Alice@outlook.com" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search query Filter – E-mail Attachments
In this section, we would like to Search + Delete mail items that have an attachment.
Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails that include a specific attachment file name
Search + Delete mail items, that have an attachment with a specific File extension.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery attachment:"Attachment file name" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery attachment:"Customer.pdf" -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Filter scope – specific attachment type (suffix)
Search + Delete mail items, that have an attachment with a specific file name suffix.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Attachment -like "*.suffix"} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Attachment -like "*.PDF"}-TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Filter scope – Emails with Attachment
Search + Delete mail items, that have an attachment.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {HasAttachment -eq $true} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery -SearchQuery {HasAttachment -eq $true} -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch and Delete mail items + Save a Copy of mail items | Search query Filter – Additional search queries
Search and Delete mail items + Save a Copy of mail items | Filter scope – E-mail items size greater than X MB
Search + Delete mail items, that their size is “bigger” (greater) than a specific size.
PowerShell command syntax:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Size -gt <size in KB or MB>} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogLevel FullPowerShell command example:
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery -SearchQuery {Size -gt 5MB} -TargetMailbox "Adele" -TargetFolder "Search Results Multiple Mailbox search – DELETED mail item's Backup" -DeleteContent -Force -LogLevel FullSearch-Mailbox | Mailbox Search scope | The Recovery mail folder (dumpster) and Archive Mailbox
In the following section, I would like to briefly review the subject of “Mailboxes search scope.”
As mentioned, the Search-Mailbox cmdlet will perform by default search in all the following mailbox locations:
- Primary mailbox
- Primary mailbox – Recovery mail folder (the Dumpster)
- Archive mailbox
- Archive mailbox – Recovery mail folder (the Dumpster)
The Search-Mailbox cmdlet enables us to define a specific mailbox search scope or to exclude a specific mailbox scope from the search results.
Mailbox scope Recovery mail folder (the Dumpster)
One of the most conspicuous advantages of the Search-Mailbox cmdlets is, the ability that it provides to Exchange administrator to view (search) the content of the Recovery mail folder (the Dumpster) and “fetch” a copy of Soft Deleted + Hard Deleted mail items stored in the Recovery mail folder.
By default, the Search-Mailbox cmdlets will perform a search in the Primary mailbox + in the Recovery mail folder (the Dumpster).
For example, in case that we don’t define a specific mailbox scope filter the search task will include the Primary mailbox space + the Recovery mail folder (the Dumpster).
Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogLevel FullExclude the Recovery mail folder (dumpster) search
In case that we want to exclude the Recovery mail folder (the Dumpster) from the search, we can use the parameter SearchDumpster and set the switch to $false, for example -SearchDumpster:$False.
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -SearchDumpster:$false -LogLevel FullSearch Dumpster Only
In case that we want to perform a search only in the Recovery mail folder (the Dumpster), we can use the parameter -SearchDumpsterOnly which specifies that only the Recoverable Items folder of the specified mailbox be searched.
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -SearchDumpsterOnly -LogLevel FullArchive mailbox scope
By default, in case that as specific Exchange mailbox has an archive, the archive is always searched.
To exclude the Archive from the search, use the DoNotIncludeArchive parameter.
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DoNotIncludeArchive -LogLevel FullWriting advanced/ombined search filters
An additional part that I would like to briefly, mention is the subject of defining a more advanced or more sophisticated search query that combines two or more “filter” or search conditions.
To define two or more filters, we can use logical operators such as – “OR”,”AND” and more.
In the following diagram, we can see some example of the syntax that we use for defining a more advanced Search Query.
Example 1
Look for all mail items that answer the following search criteria:
Mail items with an attachment + in addition, the mail subject is “Test”.
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {HasAttachment -eq $true and subject:Test} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder"Example 2
Look for all mail items that answer the following search criteria:
Mail items in mail or calendar.
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {kind:email OR kind:meetings} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder"Example 3
Look for all mail items that answer the following search criteria:
Mail items that have the subject Test + sent from john@o365info.com + sent on a specific date 30/07/2017.
Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Subject:"Test" AND From:"john@o365info.com" AND Sent:"30/07/2017"} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder"
What Others Are Reading
I love the depth of these articles. They are the most complete explanation of using Search-Mailbox. I’ve been also trying to understand the analysis of the output log files when capturing data before deleting the emails. So far I have not found a site that deleves into that topic.