Exchange: Find and Remove Emails

Scenario For whatever reason, management or enterprise security comes to you and says they need an email removed from all users who received it.  No one knows who all received it.  Luckily, your organization has an Exchange server that makes this easy to do and in a short time, depending on how specific your query below is. Get-Mailbox and Search-Mailbox with -DeleteContent You will use two commands to get a list of mailboxes and search the subject, body, or several other attributes for the string that uniquely identifies the email.  You can use * as a wildcard before and after the text as seen in the example below.  When using the wildcard, be cautious to be very specific and avoid strings that would cast too big of a net.  For example, I would probably never use -SearchQuery ‘Body:”*a*”‘ as that would delete every email that contained the letter “a” in the body.  If you believe the email has been forwarded or replied to and you are searching by Subject, adding the * wildcard before the string you are searching for in the Subject will help find emails even with multiple FW or RE strings prefixed. Login to your mail server.  Open a PowerShell session with administrator privileges. Add-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery ‘Subject:”*Text that needs to be removed*”‘ -DeleteContent | Where-Object {$_.ResultItemsCount} > filename_to_save_results_into.txt For a list...

Read More