Read time: 5 minutes
The Exchange Management Shell provides the administrator with a means to get firm control over the Exchange environment. You can not only search the details of mailboxes and databases but also execute certain actions. While it may not offer the same user-friendly experience as the Exchange admin center, it excels in performing a broader range of tasks with greater comprehensiveness. In this discussion, we will explore the utilization of the Search-Mailbox command to search and delete messages from Exchange user mailboxes.
What do you understand with Search-Mailbox?
Search-Mailbox, a PowerShell cmdlet, allows easy search and deletion of messages from one or multiple mailboxes. It can help you get rid of messages that you no longer need or that you must abide by industry-specific compliances.
With different parameters available, it allows you to specify the target mailboxes, search criteria, and suitable actions when a value is matched. Some critical parameters required for performing query to search and delete Exchange user mailboxes are here mentioned:
- TargetMailbox: Defines the destination/target mailbox where search results are copied once found. You can define values that uniquely pinpoint the mailbox. For example, Name, Alias, Email address, GUID, etc.
- DeleteContent: The switch tells that whenever a match is found, the message is permanently deleted from the source mailbox. Using it with the TargetMailbox parameter yields copying the messages to the target mailbox while deleting them from the source mailbox.
- Force: It hides the messages showing warnings and confirmation. No need to define a value with this switch.
- Identity: Provides you with the identity of a mailbox that you want to search. You can define values that help to identify the mailbox uniquely.
- LogOnly: It will perform a search but only provides a log. Messages that are found using this switch aren’t copied to the target mailbox.
- Search Query: It defines the search parameters used to find out the messages in a mailbox using criteria such as keywords, message size, and others.
Why do you need to search and delete messages?
Exchange emails usually contain a lot of critical and sensitive information. Getting this information into the wrong hands is not desirable as it may cause severe financial losses and damage to the business’s reputation. If you have sent some emails to unintended recipients, administrators have rights to search and delete them using the Search-Mailbox command.
How to Search & Delete Messages from Exchange User Mailboxes?
Here is how you can search & delete messages from Exchange user mailboxes using Exchange Management Shell cmdlets.To check the contents of mailboxes, the command is Search-Mailbox.Other than searching specific items in a mailbox, the following tasks can also be performed using this cmdlet:
- Recover items from the Recoverable Items folder.
- Copy messages to a specified target.
- Clean up the Recoverable Items folder from the mailbox once it reaches the specified limit.
- Delete messages from a mailbox.
Before starting the process to search & delete email messages, make sure that:
- The account must have been assigned a Mailbox Search role to search for messages in multiple mailboxes. This role is not assigned to the administrator by default. You can assign this role by adding yourself as a member of the Discovery Management Role Group.
- The user must know how to use Exchange Management Shell to run the cmdlets.
- To delete messages from a mailbox, the Mailbox Import Export Management Role must be assigned to the administrator.
- The user can search a maximum of 10,000 mailboxes using the Search-Mailbox cmdlet. For unlimited mailbox searches, the user can run the New-Compliance Search cmdlet.
- If the user includes a search query with the cmdlet, it provides a maximum of 10,000 items in the search.
- Search-Mailbox cmdlet also searches the archive mailboxes.
- The facility is available for on-premises Exchange Server 2010 and later versions of Exchange Online.
How to search mailboxes and delete Messages?
The primary requirement is assigning two management roles to the account via Exchange Management Shell or Exchange Admin Center.
- Mailbox Import Export Role:
- Mailbox Search Role:
To assign Import Export role, the Exchange Management Shell cmdlet is
To assign the Mailbox Search role, the Exchange Management Shell cmdlet is
To start with, run the Exchange Management Shell application as an administrator.
The below cmdlet is for searching specific message(s) in the user mailboxes. Just provide your mailbox name and specific phrase or words, and the target folder name where you want to save the data.
For Example:
Now, let us see how to search messages using the SearchQuery of attachment parameter in all the mailboxes.
The output result would be all the messages containing that attachment with the specified file name. It also sends a log message to the administrator’s mailbox.
Let us see the commands to search for emails with particular phrases or words coming in the email subject, copy them to the target folder, and delete them from the source mailbox.
The below command will help you search & delete messages from Exchange user mailboxes containing a specific phrase in the subject.
Run this command if you want to search specific messages that contain a specified phrase in the subject. It copies these messages to deleted messages folder and deletes those messages from the Source mailbox folder.
So, you have just read the technical way to search for items in the Exchange user mailbox. It definitely requires some skills to get the desired results, as a minor mistake can cause more damage by affecting the file data.
Note:
1.The Search-Mailbox has a limit to performing multiple mailbox searches, up to 10,000 mailboxes.
2.The search results when performing Search-Mailbox with -SearchQuery are limited to a maximum of 10,000 results.
Use professional EDB recovery software
For easier search and conversion of items (from EDB file, live Exchange, or Office 365), users can seek support from Kernel for Exchange Server, an efficient third-party EDB Recovery software that facilitates search and conversion of mailbox items within minutes.
Using its advanced Search features, the tool can search for specific emails based on various criteria like Subject, Body, From, To, Cc, Bcc, etc. One can also preview these items after the search. Then these items can be selectively exported, migrated, or saved as per the user’s requirements. Also, there is a facility to search within the search results. One can search offline EDB files, live Exchange Server, and Office 365 using this tool. Moreover, this tool can be used to recover accidentally deleted Exchange mailbox items.
Conclusion
This article demonstrates how Exchange Management Shell supports efficient search and deletion of messages on an on-premises Exchange Server. It helps administrators in easily search & delete messages from Exchange user mailboxes. However, if somehow, there occurs accidental deletion of important items, the admins can employ a reliable Exchange Server recovery software.Kernel for Exchange Server Recovery helps in scanning EDB files and recover mailboxes from the EDB file effortlessly.
