Deleting Emails from a Mailbox

Have you ever been in a situation whereby a client, friend, colleague, Executives etc. sends or receives and email and all of the sudden, the world comes to an end and you need to remove those emails. Today, I would like to run through some commands which can aid you in this emergency situation. I am sure many out know how to run tracking logs. But running certain criteria matching can be time consuming and in an emergency situation, you will need to match criteria quickly. Imagine an email being forwarded in the queues with 100’s if not 1000’s of users. Then you have a really big issue. Therefore, we will run through some commands with common searches which you may require on the spot.

Let us look at some basic commands:

User Level:

Search-Mailbox -Identity User@domain.com -SearchQuery ‘Subject:” Example of subject line”‘ –DeleteContent

Domain Level:

Search-Mailbox -Identity *@domain.com -SearchQuery ‘Subject:”Example of subject line”‘ –DeleteContent

Very Large Domain Level:

Get-Mailbox *@domain.com –ResultSize Unlimited | Search-Mailbox -SearchQuery ‘Subject:”Example of subject line”‘ –DeleteContent

Now to run against single or multiple criteria’s you need to amend the SearchQuery. And knowing what parameters can be searched is the key. These parameters are tied to Message properties and search operators for In-Place eDiscovery. Here are some of the parameters (Search Operators):

Property Property description Examples Search results returned by the examples
Attachment The names of files attached to an email message. attachment:annualreport.ppt
attachment:annual*
Messages that have an attached file named annualreport.ppt.
In the second example, using the wildcard returns messages with the word “annual” in the file name of an attachment.
Bcc The BCC field of an email message.1 bcc:pilarp@contoso.com
bcc:pilarp
bcc:”Pilar Pinilla”
All examples return messages with Pilar Pinilla included in the Bcc field.
Category The categories to search. Categories can be defined by users by using Outlook or Outlook Web App. The possible values are:
blue
green
orange
purple
red
yellow
category:”Red Category” Messages that have been assigned the red category in the source mailboxes.
Cc The CC field of an email message.1 cc:pilarp@contoso.com
cc:”Pilar Pinilla”
In both examples, messages with Pilar Pinilla specified in the CC field.
From The sender of an email message.1 from:pilarp@contoso.com
from:contoso.com
Messages sent by the specified user or sent from a specified domain.
Importance The importance of an email message, which a sender can specify when sending a message. By default, messages are sent with normal importance, unless the sender sets the importance as high or low. importance:high
importance:medium
importance:low
Messages that are marked as high importance, medium importance, or low importance.
Kind The message type to search. Possible values:
contacts
docs
email
faxes
im
journals
meetings
notes
posts
rssfeeds
tasks
voicemail
kind:email
kind:email OR kind:im OR kind:voicemail
Email messages that meet the search criteria. The second example returns email messages, instant messaging conversations, and voice messages that meet the search criteria.
Participants All the people fields in an email message; these fields are From, To, CC, and BCC.1 participants:garthf@contoso.com
participants:contoso.com
Messages sent by or sent to garthf@contoso.com.
The second example returns all messages sent by or sent to a user in the contoso.com domain.
Received The date that an email message was received by a recipient. received:04/15/2014
received>=01/01/2014 AND received<=03/31/2014
Messages that were received on April 15, 2014. The second example returns all messages received between January 1, 2014 and March 31, 2014.
Recipients All recipient fields in an email message; these fields are To, CC, and BCC.1 recipients:garthf@contoso.com
recipients:contoso.com
Messages sent to garthf@contoso.com.
The second example returns messages sent to any recipient in the contoso.com domain.
Sent The date that an email message was sent by the sender. sent:07/01/2014
sent>=06/01/2014 AND sent<=07/01/2014
Messages that were sent on the specified date or sent within the specified date range.
Size The size of an item, in bytes. size>26214400
size:1..1048576
Messages larger than 25 MB.
The second example returns messages from 1 through 1,048,576 bytes (1 MB) in size.
Subject The text in the subject line of an email message. subject:”Quarterly Financials”
subject:northwind
Messages that contain the exact phrase “Quarterly Financials” anywhere in the text of the subject line.
The second example returns all messages that contain the word northwind in the subject line.
To The To field of an email message.1 to:annb@contoso.com
to:annb
to:”Ann Beebe”
All examples return messages where Ann Beebe is specified in the To: line.

To reference more items, can be found in a deep dive article on the Microsoft. Article

However, here are some key searches which the above combining the a basic Search Query, this can be done quickly.

User Level:

Search-Mailbox -Identity User@domain.com -SearchQuery From:sender@domain.com –DeleteContent

Domain Level:

Search-Mailbox -Identity *@domain.com -SearchQuery From:sender@domain.com –DeleteContent

Very Large Domain Level:

Get-Mailbox *@domain.com –ResultSize Unlimited | Search-Mailbox -SearchQuery From:sender@domain.com –DeleteContent

This should help you with a combination of Excel to quick write up some fancy queries and keep the mailboxes clean.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.