Search & Delete Messages from Exchange User Mailboxes with Search-Mailbox PowerShell Command

As an administrator, you can use Exchange Management Shell to search user mailboxes to find specific emails. The cmdlet that is used for searching mailboxes is Search-Mailbox.

Other than searching specific items in a mailbox, following tasks can be also performed using this cmdlet:

• Recover items from Recoverable Items folder
• Copy messages to a specified target
• Clean up Recoverable Items folder of a mailbox once it reaches the specified limit
• Delete messages from a mailbox

Requirements for using the cmdlet

Before starting, be sure that:

• The account must have assigned Mailbox Search management role to search for messages in multiple mailboxes. This role is not assigned to the administrator by default. You can assign this role by adding yourself as a member of the Discovery Management Role Group.
• The user must use Exchange Management Shell to run the cmdlets.
• The user can search a maximum of 10,000 mailboxes using the Search-Mailbox cmdlet. For unlimited searching of mailboxes, the user can run New-Compliance Search cmdlet.
• If the user includes a search query with the cmdlet, it provides a maximum of 10,000 items in the search.
• Search-Mailbox cmdlet also searches the archive mailboxes.

How to search mailboxes and delete messages?

Let us see how to run the cmdlet:

The below cmdlet is for searching specific message(s) in the user mailboxes. Just provide your mailbox name and specific phrase or words and the target folder name where you want to save the data.

For Example:

Now, let us see how to search messages by using SearchQuery of attachment parameter in all the mailboxes.

The output result would be all the messages containing that attachment with the specified file name. It also sends a log message to the administrator’s mailbox.

Let us see the commands to search for emails with particular phrase or words coming in the email subject, copy them to the target folder and then delete them from the source mailbox.

• Using this command, you can simply search and delete the messages having a specific phrase in the subject.
Search-Mailbox -Identity “user mailbox name” –SearchQuery Subject:”specific phrase or words” –DeleteContent
• Run this command if you want to search specific messages that contain the specified phrase in the subject. It copies these messages to deleted messages folder and deletes those messages from the Source mailbox folder.
Search-Mailbox -Identity “user mailbox name” –SearchQuery Subject:”specific phrase or words” –TargetMailbox “BackupMailbox” –TargetFolder “DeletedMessages” –LogLevel Full -DeleteContent

For easier search and conversion of items (from EDB file, live Exchange, or Office 365), users can take the help of Kernel for Exchange Recovery which is efficient third-party software that facilitates search and conversion of mailbox items within minutes.

Conclusion

Use of PowerShell commands to manually search and delete Exchange mailboxes messages is explained here. If you need to save search results to some other destinations or formats, you can use tools like Kernel for Exchange Recovery.