Search + Save a copy of mail items using PowerShell | Part 2#5 5/5 (4) 17 min read

In the current article, we will review how to use the Search-Mailbox PowerShell cmdlet for performing a search on a specific Exchange mailbox + copy the search results to a “destination mailbox” (Target Mailbox).

PowerShell | Help & additional information

Running PowerShell commands in Office 365 based environment
To be able to run the PowerShell commands specified in the current article, you will need to create a remote PowerShell with Azure Active Directory or Exchange Online. In case that you need help with the process of creating a Remote PowerShell session, you can use the links on the bottom of the Article.

Scenario description

The Goals

The goals we seek to achieve are:

  1. Perform a search in a specific Exchange mailbox (Bob Mailbox). The search is implemented by defining a specific Search Query (search criteria), that will help us to locate specific mail items that answer the Search Query.
  2. The Search Results (mail items) will be copied to a Target Mailbox and saved in a dedicated folder (Target Folder).
  3. In addition, we want to create a detailed report (Log), about each mail items that appear in the Search Results (the Log \ Report file will be saved in the Target Folder)

Source mailbox + Target mailbox (and Target Folder)

  • The Source Mailbox (the mailbox on which we perform the search) is Bob’s mailbox
  • The Target Mailbox which we use for storing the search result (the mail items) is Adele’s
  • The Target Folder name will be – Search Results – Bob.

Scenario description - Search mailbox + Save search results to other mailbox

The mailbox search scope

By default, the Search-Mailbox cmdlet performs a search in the “Source Mailbox” that includes the following “Mailbox spaces”:

Primary mailbox

  1. The Search-Mailbox cmdlet will perform a search that relates to all folders and sub folders in the Primary mailbox.
  2. Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the Recovery mail folder (the Dumpster).

Archive mailbox

In case that the Source Mailbox has Archive mailbox,

  1. The Search-Mailbox cmdlet will perform a search that relates to all folders and sub folders in the Archive mailbox.
  2. Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the mailbox archive Recovery mail folder (the Dumpster).

In the following screenshot, we can see an example to a scenario in which the Source Mailbox belongs to Bob, and the Target mailbox is – Adele’s mailbox.

The Search-Mailbox cmdlet creates a New folder (Target Folder) and stores all the Search Results (copy the mail items) in this folder (the Target folder).

The search results folder hierarchy includes two separated “spaces”:

  1. Archive mailbox (A in screenshot)
  2. Primary mailbox (B in screenshot)

Each of the “mailbox spaces” (Archive and Primary) includes a dedicated folder named – Recoverable Items, that store the Search Results that were “fetched” from the Recovery mail folder -the Dumpster (number 2 in the diagram), that include Soft deleted + Hard deleted mail items.

search mailbox - Mailbox and folder scope

Using the Search-Mailbox for performing a search | PowerShell command syntax

As mentioned, the Search-Mailbox cmdlet is a very powerful PowerShell cmdlet, that can use many types of Search Query filter that will help us to “fetch” (find and copy) a very specific mail items.

In the following section, we review a couple of examples to the various Search Query that we can use.

Search and Copy mail items | ALL mail items

 

In this example, we use the Search-Mailbox cmdlet without any “filter” or Search query filters.

In this scenario, our goal is to copy all the mail items that exist in the Source Mailbox to the Target Mailbox. The search results will include all the mail items from the Primary Mailbox, Archive Mailbox (if exists) and the Recovery mail folder (the Dumpster).

Search + Save a copy ALL mail items | Search Query – NO Filter (no Search Query)

PowerShell command syntax

PowerShell command Example

Search and Copy mail items | Search query Filter – specific Type of Mail item

In this scenario, we want to locate (search) and copy only a specific type of mail items from the Source Mailbox.

Search + Save a copy of mail items | Search Query filter – Calendar items

Search for specific type of mail items – Calendar items

PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Search Query – Contact items

Search for specific type of mail items – Contacts items
PowerShell command syntax

PowerShell command Example

Note

By default, if not specified, the Search-Mailbox cmdlet will look for all types of message types.

When using the option the “kind” search filter, valid values can be one or more of the following:

  • Email
  • Meetings
  • Tasks
  • Notes
  • Docs
  • Journals
  • Contacts
  • IM

Search and Copy mail items | Search query Filter – Text String

In this section, we use Search Query that looks for mail items that include a specific text string.

General note – because we use the quotation marks, the search will fetch only results in which all the words in the text string that we define appear.

For example, in our example, we look for the text string: “A meeting in New York.”
Mail items that include the words “New York” or “meeting” will not appear in the Search Results.

Only mail items that include all the text phrases that appear inside the quotation marks, will be considered as “valid mail items” that answer the Search Query (exact phrases or keywords in subjects of items).

Search + Save a copy of mail items | Search Query – Mail items with Text String in mail SUBJECT

Search for mail items with a specific TEXT string that appears is an E-mail Message Subject line.
PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Search Query – Mail items with Text String in mail BODY

Search for mail items with a specific TEXT string that appears is an E-mail Body.

PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Search Query – Mail items with Text String in mail BODY or Mail Subject

Search for mail items with a specific TEXT string that appears is an E-mail Message Subject line or Mail Subject.
PowerShell command syntax

PowerShell command Example

Additional PowerShell command syntax that we can use for performing a search that includes two types of search criteria is:

PowerShell command Example

Search and Copy mail items | Search query Filter – specific Date or Date Range

General information about the subject of “Date and Date format.”

The subject of the date format that we use in the Search-Mailbox query is a little tricky because the date format is affected the Windows OS Date format, the Exchange Online Mailbox Date format, etc.

Case 1 – most of the time, the date format that you need to use in the Search Query is your Windows OS Date format.

Case 2 – when using a date format in Search-Mailbox queries needs to be in a format that conforms to the Exchange server’s Regional settings.

In case that you get an error such as – “The KQL parser threw an exception,”, use the “month name” instead of the format of “month number.”

For example, instead of using the Date format – 07/21/2017 use the following format –  02/July/2017

Search + Save a Copy of mail items | Search Query – Emails SENT on a Specific date

Search for mail items with Sent on a specific Date.

PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Search Query – Emails SENT in a specific Date Range

Search for mail items with Sent on a specific Date Range.

PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Search Query – Emails RECEIVED in a specific Date Range

Search for mail items that was Received on a specific Date range.
PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Search Query – Emails SENT in a specific Date + Emails RECEIVED in a specific Date

Search for mail items that was Sent or Received on a specific Date range.

PowerShell command syntax

PowerShell command Example

Search and Copy mail items | Search query Filter – sender or by Recipient

In this section, we would like to search mail items that were sent from a specific sender or reach to a specific recipient.

Search + Save a copy of mail items | Filter scope – Email sent by a specific SENDER

Search for mail items that was Sent from a specific Sender (the FROM mail felid).
PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Filter scope – Emails sent TO a specific RECIPIENT

Search for mail items that were Received from a specific recipient (sent to a specific recipient – the TO mail felid)

PowerShell command syntax

PowerShell command Example

Search and Copy mail items | Search query Filter – E-mail Attachments

In this section, we would like to search mail items that have an attachment.

Search + Save a copy of mail items | Filter scope – Emails that include a specific attachment file name

Search for mail items, that have an attachment with a specific File extension.

PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Filter scope – specific attachment type (suffix)

Search for mail items, that have an attachment with a specific file name suffix.

PowerShell command syntax

PowerShell command Example

Search + Save a copy of mail items | Filter scope – Emails with Attachment

Search for mail items, that have an attachment.
PowerShell command syntax

PowerShell command Example

Search and Copy mail items | Search query Filter – Additional search queries

Search for mail items, that their size is “bigger” (greater) than a specific size.

Search + Save a copy of mail items | Filter scope – E-mail items size greater than X MB

PowerShell command syntax

PowerShell command Example

Search-Mailbox | Mailbox Search scope| The Recovery mail folder (Dumpster) and Archive Mailbox

In the following section, I would like to briefly review the subject of “Mailboxes search scope.”

As mentioned, the Search-Mailbox cmdlet will perform by default search in all the following mailbox locations:

  1. Primary mailbox
  2. Primary mailbox – Recovery mail folder (the Dumpster)
  3. Archive mailbox
  4. Archive mailbox – Recovery mail folder (the Dumpster)

The Search-Mailbox cmdlet enables us to define a specific mailbox search scope or to exclude a specific mailbox scope from the search results.

Mailbox scope Recovery mail folder (the Dumpster)

One of the most conspicuous advantages of the Search-Mailbox cmdlets is, the ability that it provides to Exchange administrator to view (search) the content of the Recovery mail folder (the Dumpster) and “fetch” a copy of Soft Deleted + Hard Deleted mail items stored in the Recovery mail folder.

By default, the Search-Mailbox cmdlets will perform a search in the Primary mailbox + in the Recovery mail folder (the Dumpster).

For example, in case that we don’t define a specific mailbox scope filter the search task will include the Primary mailbox space + the Recovery mail folder (the Dumpster)

Exclude the Recovery mail folder (dumpster) search

In case that we want to exclude the Recovery mail folder (the Dumpster) from the search, we can use the parameter SearchDumpster and set the switch to $False, for example –SearchDumpster:$False

Search Dumpster Only

In case that we want to perform a search only in the Recovery mail folder (the Dumpster), we can use the parameter – SearchDumpsterOnly which specifies that only the Recoverable Items folder of the specified mailbox be searched.

Archive mailbox scope

By default, in case that as specific Exchange mailbox has an archive, the archive is always searched.

To exclude the Archive from the search, use the DoNotIncludeArchive parameter

Writing advanced \ combined search filters.

An additional part that I would like to briefly, mention is the subject of defining a more advanced or more sophisticated search query that combines two or more “filter” or search conditions.

To define two or more filters, we can use the logical operators such as – “OR”, “AND” and more.

In the following diagram, we can see some example of the syntax that we use for defining a more advanced Search Query.

Using a combination of Search Query parameters

Example 1

Look for all mail items, that answer the following search criteria’s:

E-mail items that have attachment + in addition, the mail subject is “Test

Example 2

Look for all mail items, that answers the following search criteria’s:

E-mail message mail items or calendar mail items or Contact

Example 3

Look for all mail items, that answers the following search criteria’s:

Mail items that have the subject Test + sent from [email protected] + sent on a specific date 30/07/2017


The Search-Mailbox | PowerShell scripts series

The Search-Mailbox PowerShell cmdlet is very powerful and can be used for a various type of administrative scenarios. For this reason, I have created a “series” of PowerShell scripts, that will help you to “enroll” the Search-Mailbox PowerShell cmdlet for implementing different type of tasks:

Search for mail items using the Search-Mailbox PowerShell cmdlet (1#4)

A PowerShell menu script that is used for – performing a search in a single Exchange Online mailbox, by using various types of filters such as – specific text, specific date, a specific type of mail items (calendar, contact, etc.), mail with attachment and more.
Searching hidden Email addresses Using PowerShell - Office 365 - Part 11-13


Recover mail items using the Search-Mailbox PowerShell cmdlet (2#4)

PowerShell menu script, that is used for – Recovers mail items that are stored in the Recovery mail folder (Exchange Online Mailbox Dumpster). The PowerShell script, will help you to Recover all the content of the recovery mail folder or, use a search filter that will recover only specific mail items that answer a specific character such as – specific text, specific date, specific type of mail items (calendar, contact, etc.), mail with attachment and more.
Using the Search-Mailbox PowerShell command - Recover mail abc- Part 3-5u


Delete mail items – Multiple Exchange mailboxes (Bulk) using PowerShell (3#4)

PowerShell menu script, that is used for – performing a Deletion of specific mail items from multiple Exchange Online mailboxes (bulk mode). The “Deletion” of this mail item, is implemented by selecting a “search filter” that will delete only mail items that have specific characters such as – specific text, specific date, a specific type of mail items (calendar, contact, etc.), mail with attachment and more.

Search and Delete mail items from Multiple Exchange mailboxes Bulk using Search-Mailbox PowerShell cmdlets-Part 4-5


Search and Delete mail from Single Exchange mailboxes using PowerShell (4#4)

PowerShell menu script, that is used for – performing a Deletion of specific mail items from a single Exchange Online mailbox.
The “Deletion” of this mail item, is implemented by selecting a “search filter” that will delete only mail items that have specific characters such as – specific text, specific date, a specific type of mail items (calendar, contact, etc.), mail with attachment and more.
Search and Delete mail items from the Exchange mailbox using Search-Mailbox PowerShell cmdlets - Single mailbox-Part 5-5


Getting started with Office 365 PowerShell

PowerShell Naming Conventions & general information
Get more information about the Naming Conventions that are used in the PowerShell articles – Help and additional information – o365info.com PowerShell articles
Creating a remote PowerShell session to Exchange Online 
To get more information about the required remote PowerShell commands that you need to use for connecting to Exchange Online, read the following article:
Connect to Exchange Online by using Remote PowerShell
Creating a remote PowerShell session to Azure Active Directory
To get more information about the required software component + the remote PowerShell commands that you need to use for connecting Azure Active Directory, read the following article: Part 2: Connect to Office 365 by using Remote PowerShell
Basic introduction to PowerShell in Office 365 based environment
If you are new in the PowerShell world, you can read more information about how to start working with PowerShell in Office 365 based environment in the following article series:  Getting started with Office 365 PowerShell – Part 1, Part 2, Part 3.
Running and using o365info PowerShell scripts
In case that you need more information about how to use the o365info PowerShell scripts that I add to the PowerShell articles, you can read the article – How to run and use o365info PowerShell menu script

Restore Exchange Online mailbox | Article series index

Now it’s Your Turn!
It is important for us to know your opinion on this article

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron

Share your knowledge.

It’s a way to achieve immortality.

Dalai Lama


Leave a Reply

Your email address will not be published. Required fields are marked *