As an Exchange administrator, you can use Exchange Management Shell to search user mailboxes to find specific emails. The main cmdlet that is used for searching mailboxes is Search-Mailbox.

Other than searching specific items in a mailbox, following tasks can be also performed using this cmdlet:

• Recover items from Recoverable Items folder
• Copy messages to a specified target
• Clean up Recoverable Items folder of a mailbox once it reaches the specified limit
• Delete messages from a mailbox

Requirements for Using the cmdlet

Before Starting, be Sure That:

• The account must have assigned Mailbox Search management role to search for messages in multiple mailboxes. This role is not assigned to the administrator by default. You can assign this role by adding yourself as a member of the Discovery Management Role Group.
• The user must know how to use Exchange Management Shell to run the cmdlets.
• To delete messages from a mailbox, the Mailbox Import Export Management Role must be assigned to the administrator.
• The user can search a maximum of 10,000 mailboxes using the Search-Mailbox cmdlet. For unlimited searching of mailboxes, the user can run New-Compliance Search cmdlet.
• If the user includes a search query with the cmdlet, it provides a maximum of 10,000 items in the search.
• Search-Mailbox cmdlet also searches the archive mailboxes.
• The facility is available for on-premises Exchange Server 2010 and later versions only along with Exchange Online.

How to Search Mailboxes and Delete Messages?

The primary requirement is assigning two management roles to the account via Exchange Management Shell or Exchange Admin Center.

• Mailbox Import Export Role:

To assign Import Export role, the Exchange Management Shell cmdlet is

New-ManagementRoleAssignment -User <username> -Role “Mailbox Import Export”
• Mailbox Search Role:

To assign the Mailbox Search role, the Exchange Management Shell cmdlet is

New-ManagementRoleAssignment -User <username>-Role “Mailbox Search”

Let us See How to Run the cmdlet:

To start with, run the Exchange Management Shell application as an administrator.

The below cmdlet is for searching specific message(s) in the user mailboxes. Just provide your mailbox name and specific phrase or words and the target folder name where you want to save the data.

For Example:

Now, let us see how to search messages by using SearchQuery of attachment parameter in all the mailboxes.

The output result would be all the messages containing that attachment with the specified file name. It also sends a log message to the administrator’s mailbox.

Let us see the commands to search for emails with particular phrase or words coming in the email subject, copy them to the target folder and then delete them from the source mailbox.

Using this command, you can simply search and delete the messages having a specific phrase in the subject.

Run this command if you want to search specific messages that contain the specified phrase in the subject. It copies these messages to deleted messages folder and deletes those messages from the Source mailbox folder.

So, you have just read the technical way to search for items in the Exchange user mailbox. It definitely requires some skills to get the desired results, as a minor mistake can cause more damage by affecting the file data.

For easier search and conversion of items (from EDB file, live Exchange, or Office 365), users can take the help of Kernel for Exchange Recovery which is efficient third-party software that facilitates search and conversion of mailbox items within minutes.

Conclusion

The use of Exchange PowerShell commands to search and delete Exchange mailbox messages manually is explained here. If you need to save search results to some other destinations or formats, you can use Kernel for Exchange Recovery tool.