The current article is the first article of the five-article series, which is dedicated to…
Search + Save a copy of mail items using PowerShell | Part 2#5
In the current article, we will review how to use the Search-Mailbox PowerShell cmdlet for performing a search on a specific Exchange mailbox + copy the search results to a “destination mailbox” (Target Mailbox).
Table of contents
- Connect to Exchange Online PowerShell
- Scenario description
- Using the Search-Mailbox for performing a search | PowerShell command syntax
- Search and Copy mail items | ALL mail items
- Search and Copy mail items | Search query Filter – specific Type of Mail item
- Search and Copy mail items | Search query Filter – Text String
- Search and Copy mail items | Search query Filter – specific Date or Date Range
- Search + Save a Copy of mail items | Search Query – Emails SENT on a Specific date
- Search + Save a copy of mail items | Search Query – Emails SENT in a specific Date Range
- Search + Save a copy of mail items | Search Query – Emails RECEIVED in a specific Date Range
- Search + Save a copy of mail items | Search Query – Emails SENT in a specific Date + Emails RECEIVED in a specific Date
- Search and Copy mail items | Search query Filter – sender, or by Recipient
- Search and Copy mail items | Search query Filter – E-mail Attachments
- Search and Copy mail items | Search query Filter – Additional search queries
- Search-Mailbox | Mailbox Search scope| The Recovery mail folder (Dumpster) and Archive Mailbox
Connect to Exchange Online PowerShell
To be able to run the PowerShell commands specified in the current article, you will need to Connect to Exchange Online PowerShell.
Start Windows PowerShell as administrator and run the cmdlet Connect-ExchangeOnline.
Connect-ExchangeOnline
Scenario description
The Goals
The goals we seek to achieve are:
- Perform a search in a specific Exchange mailbox (Bob Mailbox). The search is implemented by defining a specific Search Query (search criteria), that will help us to locate specific mail items that answer the Search Query
- The Search Results (mail items) will be copied to a Target Mailbox and saved in a dedicated folder (Target Folder)
- In addition, we want to create a detailed report (Log), about each mail items that appear in the Search Results (the Log/Report file will be saved in the Target Folder)
Source mailbox + Target mailbox (and Target Folder)
- The Source Mailbox (the mailbox on which we perform the search) is Bob’s mailbox
- The Target Mailbox which we use for storing the search result (the mail items) is Adele’s
- The Target Folder name will be – Search Results – Bob
The mailbox search scope
By default, the Search-Mailbox cmdlet performs a search in the “Source Mailbox” that includes the following “Mailbox spaces”:
Primary mailbox
- The Search-Mailbox cmdlet will perform a search that relates to all folders and subfolders in the Primary Mailbox.
- Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the Recovery mail folder (the Dumpster).
Archive mailbox
In case that the Source Mailbox has Archive mailbox,
- The Search-Mailbox cmdlet will perform a search that relates to all folders and subfolders in the Archive mailbox.
- Recovery mail folder – by default, the Search-Mailbox cmdlet will also search for mail items stored in the mailbox archive Recovery mail folder (the Dumpster).
In the following screenshot, we can see an example to a scenario in which the Source Mailbox belongs to Bob, and the Target mailbox is – Adele’s mailbox.
The Search-Mailbox cmdlet creates a New folder (Target Folder) and stores all the Search Results (copy the mail items) in this folder (the Target folder).
The search results folder hierarchy includes two separated “spaces”:
- Archive mailbox (A in the screenshot)
- Primary mailbox (B in the screenshot)
Each of the “mailbox spaces” (Archive and Primary) includes a dedicated folder named – Recoverable Items, that store the Search Results that were “fetched” from the Recovery mail folder -the Dumpster (number 2 in the diagram), that include Soft deleted + Hard deleted mail items.
Using the Search-Mailbox for performing a search | PowerShell command syntax
As mentioned, the Search-Mailbox cmdlet is a very powerful PowerShell cmdlet, that can use many types of Search Query filter that will help us to “fetch” (find and copy) very specific mail items.
In the following section, we review a couple of examples to the various Search Query that we can use.
Search and Copy mail items | ALL mail items
In this example, we use the Search-Mailbox cmdlet without any “filter” or Search query filters.
In this scenario, our goal is to copy all the mail items that exist in the Source Mailbox to the Target Mailbox. The search results will include all the mail items from the Primary Mailbox, Archive Mailbox (if exists) and the Recovery mail folder (the Dumpster).
Search + Save a copy ALL mail items | Search Query – NO Filter (no Search Query)
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -TargetMailbox <Destination mailbox>-TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox Bob -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search and Copy mail items | Search query Filter – specific Type of Mail item
In this scenario, we want to locate (search) and copy only a specific type of mail items from the Source Mailbox.
Search + Save a copy of mail items | Search Query filter – Calendar items
Search for specific type of mail items – Calendar items.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery "Kind:meetings" -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery "Kind:meetings" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Search Query – Contact items
Search for a specific type of mail items – Contacts items.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery "Kind:contacts" -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery "Kind:contacts" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Note: By default, if not specified, the Search-Mailbox cmdlet will look for all types of message types.
When using the option the “kind” search filter, valid values can be one or more of the following:
- Meetings
- Tasks
- Notes
- Docs
- Journals
- Contacts
- IM
Search and Copy mail items | Search query Filter – Text String
In this section, we use Search Query that looks for mail items that include a specific text string.
General note – because we use the quotation marks, the search will fetch only results in which all the words in the text string that we define appear.
For example, in our example, we look for the text string: “A meeting in New York.” Mail items that include the words “New York” or “meeting” will not appear in the Search Results.
Only mail items that include all the text phrases that appear inside the quotation marks, will be considered as “valid mail items” that answer the Search Query (exact phrases or keywords in subjects of items).
Search + Save a copy of mail items | Search Query – Mail items with Text String in mail SUBJECT
Search for mail items with a specific TEXT string that appears in an E-mail Message Subject line.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery Subject:"<Text String>" -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery Subject:"A meeting in New York" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Search Query – Mail items with Text String in mail BODY
Search for mail items with a specific TEXT string that appears in an E-mail Body.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery body:"<Text String>" -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery Subject:"A meeting in New York" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Search Query – Mail items with Text String in mail BODY or Mail Subject
Search for mail items with a specific TEXT string that appears in an E-mail Message Subject line or Mail Subject.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery "<Text String>" -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
Powershell command example:
Search-Mailbox "Bob" -SearchQuery "A meeting in New York" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Additional PowerShell command syntax that we can use for performing a search that includes two types of search criteria is:
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery {Subject:"A meeting in New York" OR body:"A meeting in New York"} -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search and Copy mail items | Search query Filter – specific Date or Date Range
General information about the subject of “Date and Date format.”
The subject of the date format that we use in the Search-Mailbox query is a little tricky because the date format is affected by the Windows OS Date format, the Exchange Online Mailbox Date format, etc.
Case 1 – most of the time, the date format that you need to use in the Search Query is your Windows OS Date format.
Case 2 – when using a date format in Search-Mailbox queries needs to be in a format that conforms to the Exchange server’s Regional settings.
In case you get an error such as – “The KQL parser threw an exception,”, use the “month name” instead of the format of “month number.”
For example, instead of using the Date format – 07/21/2017 use the following format – 02/July/2017.
Search + Save a Copy of mail items | Search Query – Emails SENT on a Specific date
Search for mail items with Sent on a specific Date.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery sent:mm/dd/yyyy -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery sent:21/07/2017 -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Search Query – Emails SENT in a specific Date Range
Search for mail items with Sent on a specific Date Range.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery {sent:mm/dd/yyyy..mm/dd/yyyy} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery {sent:21/06/2017..07/21/2017} -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Search Query – Emails RECEIVED in a specific Date Range
Search for mail items that were Received on a specific Date range.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery {Received:mm/dd/yyyy..mm/dd/yyyy} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery {Received:21/06/2017..21/07/2017} -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Search Query – Emails SENT in a specific Date + Emails RECEIVED in a specific Date
Search for mail items that were Sent or Received on a specific Date range.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery {sent:mm/dd/yyyy OR Received: mm/dd/yyyy} -TargetMailbox <Destination mailbox> -TargetFolder <Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery {sent:30/07/2017 OR Received:30/07/2017}-TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search and Copy mail items | Search query Filter – sender, or by Recipient
In this section, we would like to search for mail items that were sent from a specific sender or reach to a specific recipient.
Search + Save a copy of mail items | Filter scope – Email sent by a specific SENDER
Search for mail items that were Sent from a specific Sender (the FROM mail field).
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery from:"<E-mail address>" -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery from:"John@o365info.com" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Filter scope – Emails sent TO a specific RECIPIENT
Search for mail items that were Received from a specific Recipient (sent to a specific recipient – the TO mail field).
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery to:"<E-mail address>" -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery to:"Alice@outlook.com" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search and Copy mail items | Search query Filter – E-mail Attachments
In this section, we would like to search mail items that have an attachment.
Search + Save a copy of mail items | Filter scope – Emails that include a specific attachment file name
Search for mail items that have an attachment with a specific File extension.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery attachment:"<Attachment file name>" -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery attachment:"Customer.pdf" -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Filter scope – specific attachment type (suffix)
Search for mail items, that have an attachment with a specific file name suffix.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery {Attachment -like "*.<suffix>"} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery {Attachment -like "*.PDF"} -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search + Save a copy of mail items | Filter scope – Emails with Attachment
Search for mail items, that have an attachment.
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery {HasAttachment -eq $true} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery -SearchQuery {HasAttachment -eq $true} -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search and Copy mail items | Search query Filter – Additional search queries
Search for mail items, that their size is “bigger” (greater) than a specific size.
Search + Save a copy of mail items | Filter scope – E-mail items size greater than X MB
PowerShell command syntax:
Search-Mailbox <Source Mailbox> -SearchQuery {Size -gt <size in KB or MB>} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
PowerShell command example:
Search-Mailbox "Bob" -SearchQuery -SearchQuery {Size -gt 5MB} -TargetMailbox Adele -TargetFolder "Search Results - Bob" -LogLevel Full
Search-Mailbox | Mailbox Search scope| The Recovery mail folder (Dumpster) and Archive Mailbox
In the following section, I would like to briefly review the subject of “Mailboxes search scope.”
As mentioned, the Search-Mailbox cmdlet will perform by default search in all the following mailbox locations:
- Primary mailbox
- Primary mailbox – Recovery mail folder (the Dumpster)
- Archive mailbox
- Archive mailbox – Recovery mail folder (the Dumpster)
The Search-Mailbox cmdlet enables us to define a specific mailbox search scope or to exclude a specific mailbox scope from the search results.
Mailbox scope Recovery mail folder (the Dumpster)
One of the most conspicuous advantages of the Search-Mailbox cmdlets is, the ability that it provides to Exchange administrator to view (search) the content of the Recovery mail folder (the Dumpster) and “fetch” a copy of Soft Deleted + Hard Deleted mail items stored in the Recovery mail folder.
By default, the Search-Mailbox cmdlets will perform a search in the Primary mailbox + in the Recovery mail folder (the Dumpster).
For example, in case that we don’t define a specific mailbox scope filter the search task will include the Primary mailbox space + the Recovery mail folder (the Dumpster).
Search-Mailbox <Source Mailbox> -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -LogLevel Full
Exclude the Recovery mail folder (dumpster) search
In case that we want to exclude the Recovery mail folder (the Dumpster) from the search, we can use the parameter SearchDumpster and set the switch to $False, for example -SearchDumpster:$False.
Search-Mailbox <Source Mailbox> -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -SearchDumpster:$false -LogLevel Full
Search Dumpster Only
In case that we want to perform a search only in the Recovery mail folder (the Dumpster), we can use the parameter -SearchDumpsterOnly which specifies that only the Recoverable Items folder of the specified mailbox be searched.
Search-Mailbox <Source Mailbox> -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -SearchDumpsterOnly -LogLevel Full
Archive mailbox scope
By default, in case that as specific Exchange mailbox has an archive, the archive is always searched.
To exclude the Archive from the search, use the DoNotIncludeArchive parameter.
Search-Mailbox <Source Mailbox> -TargetMailbox <Target mailbox> -TargetFolder <Target Folder> -DoNotIncludeArchive -LogLevel Full
Writing advanced/combined search filters.
An additional part that I would like to briefly, mention is the subject of defining a more advanced or more sophisticated search query that combines two or more “filter” or search conditions.
To define two or more filters, we can use logical operators such as – “OR”, “AND” and more.
In the following diagram, we can see some example of the syntax that we use for defining a more advanced Search Query.
Example 1
Look for all mail items, that answer the following search criteria’s:
E-mail items that have attachment + in addition, the mail subject is “Test”.
Search-Mailbox <Source Mailbox> -SearchQuery {HasAttachment -eq $true and subject:Test} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder>
Example 2
Look for all mail items, that answers the following search criteria’s:
E-mail message mail items or calendar mail items or Contact.
Search-Mailbox <Source Mailbox> -SearchQuery {kind:email OR kind:meetings} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder>
Example 3
Look for all mail items, that answers the following search criteria’s:
Mail items that have the subject Test + sent from john@o365info.com + sent on a specific date 30/07/2017.
Search-Mailbox <Source Mailbox> -SearchQuery {Subject:"Test" AND From:"john@o365info.com" AND Sent:"30/07/2017"} -TargetMailbox <Target mailbox> -TargetFolder <Target Folder>
This Post Has 0 Comments