Skip to content

Delete mail items from Single Exchange mailbox using PowerShell | Part 5#5

In this article, we review various scenarios of using the Search-Mailbox cmdlet for deleting mail items from a Single Exchange mailbox (Bulk Deletion).

Table of contents

Connect to Exchange Online PowerShell

To be able to run the PowerShell commands specified in the current article, you will need to Connect to Exchange Online PowerShell.

Start Windows PowerShell as administrator and run the cmdlet Connect-ExchangeOnline.

Connect-ExchangeOnline

Before you run the PowerShell commands that we review in this article, we must strongly emphasize that you should be careful with this use of the Search-Mailbox PowerShell cmdlet, because the cmdlets perform Hard Delete of mail items.

You should have a good reason for using this option, and we recommend that you get familiar with the PowerShell syntax and understand the exact Search Query you use. For example, what happens to the deleted mail, what Exchange mailboxes are impacted, and so on.

The logic of the Search-Mailbox cmdlet relating to mail item deletion

Given that we decide that we must use the Search-Mailbox cmdlet for deleting mail items, there are two main scenarios which we can choose from:

Option 1 – Delete mail items from the source mailbox without saving a copy of the Deleted mail items.

In this scenario, we wish to delete from the Source Mailbox the specific mail items (the mail items that answer our Search Query of Filter scope) without saving any copy of these deleted mail items.

In this case, we use the PowerShell command syntax without providing information about the Target Mailbox + The Target Folder.

An example of the PowerShell command syntax could be:

Search-Mailbox "Source Mailbox" -DeleteContent -Force

Option 2 – Delete mail items from Source mailbox + saving a copy of the Deleted mail items

In this scenario, we wish to delete from the Source Mailbox the specific mail items (the mail items that answer our Search Query of Filter scope) but save a copy of the Deleted mail items in a Target Mailbox (in a Target Folder)

In this case, we use the PowerShell command syntax + providing information about the Target Mailbox + The Target Folder.

An example of the PowerShell command syntax could be:

Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force

Option 3 – Perform a search – locate the mail items that we are going to delete from Source mailbox + Generate Report (Log)

In this scenario, we wish to generate a report (Log file) which includes details about the mail items that we are “going to delete but without performing any “action” besides of the generating the report.

To generate only report without performing any action we use the PowerShell parameter -LogOnly

My recommendation is to consider using this option before we start with the actual deletion. In other words-  better safer than sorry!

After we look at the information that appears on the report (Log) and after we “approve” to delete the specific mail items only then, go back and use one of the options mentioned above (delete the mail items without saving a copy or save a copy of the deleted mail items in the Target Mailbox).

In this case, we use the PowerShell command syntax + providing information about the Target Mailbox + The Target Folder that will “store” the report file.

An example of the PowerShell command syntax could be:

Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogOnly

The logic of the Search-Mailbox cmdlet relating to mail item deletion -01

Scenario description

In the following example, I prefer to be on the safe side. For this reason, all the PowerShell command examples will be based on a scenario in which we save a copy of the Deleted mail items in the “Target Mailbox.” In case you prefer to avoid this option, you can remove the section about the Target Mailbox + the Target Folder from the PowerShell command syntax.

The Goals

The goals we seek to achieve are:

  1. Perform a search in a specific Exchange mailbox (Bob Mailbox). The search is implemented by defining a specific Search Query (search criteria), that will help us to locate specific mail items that answer the Search Query.
  2. We wish to Delete all the mail items that appear in the Search Results.
  3. The Search Results will be copied to a Target Mailbox, and saved in a dedicated folder (Target Folder).
  4. In addition, we want to create a detailed report (Log), about each mail items that appear in the Search Results and that was Deleted (the Log \ Report file will be saved in the Target Folder).

Source mailbox + Target mailbox (and Target Folder)

  • The Source Mailbox (the mailbox on which we perform the search) is Bob’s mailbox
  • The Target Mailbox which we use for storing the search result (the mail items) is Adele’s
  • The Target Folder name will be – Search Results Bob -Backup – DELETED mail items.
Scenario description - Search mailbox only the Recovery mail folder -Save search results to other mailbox

The mailbox search scope

By default, the Search-Mailbox cmdlet performs a search in the Source Mailbox that includes the following “Mailbox spaces”:

Primary mailbox

  1. The Search-Mailbox cmdlet will perform a search that relates to all folders and subfolders in the Primary Mailbox.
  2. Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the Recovery mail folder (the Dumpster).

Archive mailbox

In case that the Source Mailbox has Archive mailbox:

  1. The Search-Mailbox cmdlet will perform a search that relates to all folders and subfolders in the Archive mailbox.
  2. Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the mailbox archive Recovery mail folder (the Dumpster).
Using the Search-Mailbox cmdlet for Deleting mail items

Using the Search-Mailbox for deleting mail items | PowerShell parameters

The “active” the option of Deleting mail items using the Search-Mailbox cmdlet we need to add the following PowerShell command parameters:

1. DeleteContent

This “DeleteContent” parameter instructs the Search-Mailbox cmdlet to “search and destroys” the mail items that match the Search query criteria.

2. Force

This “Force” parameter is not a mandatory parameter. The purpose of this parameter is, to prevent from the Search-Mailbox cmdlet to ask us for a confirmation for each mail items that are going to be deleted.

In the following diagram, we can see the additional parameters that “turn” the Search-Mailbox cmdlet from a tool that searches and locate information (mail items) into a deadly weapon that destroys (Hard Delete) mail items!

Search and Delete mail items + save a Copy of mail items | Delete mail items from the Recovery mail folder (the Dumpster)

In this example, we use the Search-Mailbox cmdlet without any “filter” or Search query filters.

Instead, we use that the PowerShell parameter SearchDumpsterOnly for restricting the search (and the deletion of mail items) only to mail items stored in the Recovery mail folder (the Dumpster).

In this scenario, our goal is to delete all Soft Deleted mail items stored in the Recovery mail folder (the Dumpster) + Save a copy all the mail items that were deleted from the Source Mailbox to the Target Mailbox.

As mentioned, the Search-Mailbox cmdlet cannot delete Hard Deleted mail items that are stored in the Purges subfolder (a subfolder of the Recovery mail folder)

Search and Delete mail items + Save a Copy of mail items | Mailbox Search Scope Recovery mail folder (the Dumpster)

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchDumpsterOnly -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchDumpsterOnly -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search query Filter – specific Type of Mail item

In this scenario, we want to:

  • Look (search), only a specific type of mail items (such as calendar or contact mail items) in a single Source Mailbox.
  • Delete these mail items.
  • Save a copy of the deleted mail items in the Target mailbox.

Search + Save a copy of mail items | Search Query filter – Calendar items

Search + Delete specific type of mail items – Calendar items.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery "Kind:meetings" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery "Kind:meetings" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search + Save a copy of mail items | Search Query – Contact items

Search + Delete specific type of mail items – Contacts items

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery "Kind:contacts" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery "Kind:contacts" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Note: By default, if not specified, the Search-Mailbox cmdlet will look for all types of message types.

When using the option the kind search filter, valid values can be one or more of the following:

  • Email
  • Meetings
  • Tasks
  • Notes
  • Docs
  • Journals
  • Contacts
  • IM

Search and Delete mail items + Save a Copy of mail items | Search query Filter – Text String

In this section, we use Search Query that looks for mail items that include a specific text string.

General note – because we use the quotation marks, the search will fetch only results in which all the words in the text string that we define appear.

For example, in our scenario, we look for the text string: “A meeting in New York.”
Mail items that include the words “New York” or “meeting” will not appear in the Search Results.

Only mail items that include all the text phrases that appear inside the quotation marks, will be considered as “valid mail items” that answer the Search Query (exact phrases or keywords in subjects of items).

Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail SUBJECT

Search + Delete mail items with a specific TEXT string that appears in an E-mail Message Subject line.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery Subject:"Text String" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery Subject:"A meeting in New York" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail BODY

Search + Delete mail items with a specific TEXT string that appears in an E-mail Body.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery body:"Text String" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery Subject:"A meeting in New York" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search Query – Mail items with Text String in mail BODY or Mail Subject

Search + Delete mail items with a specific TEXT string that appears in an E-mail Message Subject line or Mail Subject.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery "Text String" -TargetMailbox "Destination mailbox" -TargetFolder "Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery "A meeting in New York" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Additional PowerShell command syntax that we can use for performing a search that includes two types of search criteria is:

Search-Mailbox "Bob" -SearchQuery {Subject:"A meeting in New York" OR body:"A meeting in New York"} -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search query Filter – specific Date or Date Range

General information about the subject of “Date and Date format.”

The subject of the date format that we use in the Search-Mailbox query is a little tricky because the date format is affected by the Windows OS Date format, the Exchange Online Mailbox Date format, etc.

Case 1: Most of the time, the date format that you need to use in the Search Query is your Windows OS Date format.

Case 2: When using a date format in Search-Mailbox queries needs to be in a format that conforms to the Exchange server’s Regional settings.

In case you get an error such as – “The KQL parser threw an exception,”, use the “month name” instead of the format of “month number.”

For example, instead of using the Date format – 07/21/2017 use the following format –  02/July/2017.

Search and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT on a Specific Date

Search + Delete mail items with Sent on a specific Date.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery sent:mm/dd/yyyy -TargetMailbox "Destination mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery sent:21/07/2017 -TargetMailbox "Adele -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT in a specific Date Range

Search + Delete mail items with Sent on a specific Date Range.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery {sent:mm/dd/yyyy..mm/dd/yyyy} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery {sent:21/06/2017..07/21/2017} -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search Query – Emails RECEIVED in a specific Date Range

Search + Delete mail items that were Received on a specific Date range.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery {Received:mm/dd/yyyy..mm/dd/yyyy} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery {Received:21/06/2017..21/07/2017} -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search Query – Emails SENT in a specific Date + Emails RECEIVED in a specific Date

Search + Delete mail items that were Sent or Received on a specific Date range.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery {sent:mm/dd/yyyy OR Received: mm/dd/yyyy} -TargetMailbox "Destination mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery {sent:30/07/2017 OR Received:30/07/2017}-TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search query Filter – the sender or by Recipient

In this section, we would like to Search + Delete mail items that were sent from a specific sender or reach to a specific recipient.

Search and Delete mail items + Save a Copy of mail items | Filter scope – Email sent by a specific SENDER

Search + Delete mail items that were Sent from a specific Sender (the FROM mail field).

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery from:"E-mail address" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery from:"John@o365info.com" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails sent TO a specific RECIPIENT

Search + Delete mail items that were Received from a specific recipient (sent to a specific recipient – the TO mail field).

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery to:"E-mail address" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery to:"Alice@outlook.com" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search query Filter – E-mail Attachments

In this section, we would like to Search + Delete mail items that have an attachment.

Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails that include a specific attachment file name

Search + Delete mail items, that have an attachment with a specific File extension.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery attachment:"Attachment file name" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery attachment:"Customer.pdf" -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Filter scope – specific attachment type (suffix)

Search + Delete mail items, that have an attachment with a specific file name suffix.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery {Attachment -like "*.suffix"} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery {Attachment -like "*.PDF"} -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Filter scope – Emails with Attachment

Search + Delete mail items, that have an attachment.

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery {HasAttachment -eq $true} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DeleteContent -Force -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery -SearchQuery {HasAttachment -eq $true} -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search and Delete mail items + Save a Copy of mail items | Search query Filter – Additional search queries

Search + Delete mail items, that their size is “bigger” (greater) than a specific size.

Search and Delete mail items + Save a Copy of mail items | Filter scope – E-mail items size greater than X MB

PowerShell command syntax:

Search-Mailbox "Source Mailbox" -SearchQuery {Size -gt <size in KB or MB>} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogLevel Full

PowerShell command example:

Search-Mailbox "Bob" -SearchQuery -SearchQuery {Size -gt 5MB} -TargetMailbox "Adele" -TargetFolder "Search Results - Bob" -DeleteContent -Force -LogLevel Full

Search-Mailbox | Mailbox Search scope| The Recovery mail folder (dumpster) and Archive Mailbox

In the following section, I would like to briefly review the subject of “Mailboxes search scope.”

As mentioned, the Search-Mailbox cmdlet will perform by default search in all the following mailbox locations:

  1. Primary mailbox
  2. Primary mailbox – Recovery mail folder (the Dumpster)
  3. Archive mailbox
  4. Archive mailbox – Recovery mail folder (the Dumpster)

The Search-Mailbox cmdlet enables us to define a specific mailbox search scope or to exclude a specific mailbox scope from the search results.

Mailbox scope Recovery mail folder (the Dumpster)

One of the most conspicuous advantages of the Search-Mailbox cmdlets is the ability that it provides to Exchange administrator to view (search) the content of the Recovery mail folder (the Dumpster) and “fetch” a copy of Soft Deleted + Hard Deleted mail items stored in the Recovery mail folder.

By default, the Search-Mailbox cmdlets will perform a search in the Primary mailbox + in the Recovery mail folder (the Dumpster).

For example, in case that we don’t define a specific mailbox scope filter the search task will include the Primary mailbox space + the Recovery mail folder (the Dumpster).

Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -LogLevel Full

Exclude the Recovery mail folder (dumpster) search

In case that we want to exclude the Recovery mail folder (the Dumpster) from the search, we can use the parameter SearchDumpster and set the switch to $False, for example -SearchDumpster:$false.

Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -SearchDumpster:$false -LogLevel Full

Search Dumpster Only

In case that we want to perform a search only in the Recovery mail folder (the Dumpster), we can use the parameter -SearchDumpsterOnly which specifies that only the Recoverable Items folder of the specified mailbox be searched.

Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -SearchDumpsterOnly -LogLevel Full

Archive mailbox scope

By default, in case that as specific Exchange mailbox has an archive, the archive is always searched.

To exclude the Archive from the search, use the DoNotIncludeArchive parameter.

Search-Mailbox "Source Mailbox" -TargetMailbox "Target mailbox" -TargetFolder "Target Folder" -DoNotIncludeArchive -LogLevel Full

Writing advanced/combined search filters

An additional part that I would like to mention briefly is the subject of defining a more advanced or more sophisticated search query that combines two or more “filter” or search conditions.

To define two or more filters, we can use logical operators such as “OR”,”AND” and more.

In the following diagram, we can see some examples of the syntax that we use for defining a more advanced Search Query.

Using a combination of Search Query parameters

Example 1

Look for all mail items that answer the following search criteria:

Mail items with an attachment + in addition, the mail subject is “Test”.

Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {HasAttachment -eq $true and subject:Test} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder"

Example 2

Look for all mail items that answer the following search criteria:

Mail items in mail or calendar.

Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {kind:email OR kind:meetings} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder"

Example 3

Look for all mail items that answer the following search criteria:

Mail items that have the subject Test + sent from john@o365info.com + sent on a specific date 30/07/2017.

Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery {Subject:"Test" AND From:"john@o365info.com" AND Sent:"30/07/2017"} -TargetMailbox "Target mailbox" -TargetFolder "Target Folder"
o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *