PowerShell script for Exchange mailbox item (email, meeting, contacts, etc.) removal.

You might have a situation when someone – it might have even been you – send or receive an email that shouldn’t be sent or received.

It might have been a SPAM sent to your organization or an email that supposed to be send to your colleague but was send to a bunch of other people and had naked ladies in the attachment.

After sending such email reaction chain is as follows:

First you noticed that you have might clicked “Send” button, maybe you clicked CTRL + Enter combination, but you still not sure…

omg-what-have-i-done-jpg

…next you realize you indeed clicked “Send”…

email_send1

…and then you realize what kind of sick shit you have added to the email…

email_send2

…so you are buying proper things at Amazon…

rope_and-stool

…and plan to…

final_resolution

Well if message recall didn’t help (I am mentioning about how recall mechanism works in here: https://paweljarosz.wordpress.com/2015/10/03/exchange-message-tracking-finding-out-if-message-was-recalled-properly/), or it is not the thing as it might have been sent from external party, the only other option to delete the message or other items.

Screenshot-2017-01-08-19.35.31-300x197.png

Remove-OnPremiseMailboxItem function comes here to help remove problematic element like email, meeting, notes, tasks, IM and contacts (so far only all contacts)

Examples on how to use it:

To generate just a report:

Remove-OnPremiseMailboxItem -SourceIsTxtFile "D:\PJarosz_scripts\mbx.txt" -ItemKind email -ItemSubject "Test6996" -EmailReportTo pjarosz@objectivity.co.uk -ReadOnlyReportMode

CSV will be generated in the current path, named: MailboxSearchReport.csv

Example to remove the items from the mailbox:

Remove-OnPremiseMailboxItem -SourceIsTxtFile "D:\PJarosz_scripts\mbx.txt" -ItemKind email -ItemSubject "Test6969" -EmailReportTo pjarosz@objectivity.co.uk

CSV will be generated in the current path, named: MailboxRemovalReport.csv

When you try to remove the items you will be prompted for confirmation (need to type ‘yes’) like below

mbx_item_removal_1

All deleted emails go to the mailbox specified in $TargetMailbox variable (relevant folder in being created on the root folder level)

AVAILABLE SWITCHES:


-ReadOnlyReportMode [<SwitchParameter>]
Read only mode (report mode) switch. With this switch no items will be removed

-SourceIsSingleExchMailbox <String>
Process only single mailbox, input - single mailbox

-SourceIsTxtFile <String>
Process mailboxes that are in txt file (smtp addresses, samaccountnames etc.), input - file

-SourceIsExchDatabase <String>
Process mailboxes in one database, input - database name

-SourceIsExchServer <String>
Process mailboxes on one server, input - server name

-ItemKind <String>
Message type (specify if item is regular email, meeting, contact etc. )

-ItemSubject <String>
Item subject - subject of searched item

-ItemTime <String>
Item time - specify when particular item has been received

-ItemRecipient <String>
Item recipient - specify who was the recipient of the particular item

-ItemSender <String>
Item sender - specify who was the sender of the particular item

-EmailReportTo <String>
Creates HTML email report and sends it to recipients SMTP address given as parameter value

-Confirm

-WhatIf

THERE IS ALWAYS A CSV REPORT GENERATED IN THE CURRENT PATH, optionally there is also HTML report send to a mailbox (if –EmailReportTo is used).

Variables you might need/would like to set/change are:

$TargetFolder = "MBX_Item_removal $Search_Time $env:UserName"
$TargetMailbox = "spam"
$EmailFrom = "EmailItemRemoval@domain.com"
$EmailServer = "mailserver.domain.com"

keep-calm-and-give-me-an-example

Here comes real life example from today.

There was one meeting that was constantly keep comminig back decpite declinig it by the organizer.

Remove-OnPremiseMailboxItem -SourceIsTxtFile "C:\AdminTools\PJarosz\mbx.txt" -ItemKind meeting -ItemSubject "Subject of the meeting" -EmailReportTo pawel.jarosz@domain.com -ReadOnlyReportMode

According to the plan I got an email:

mbx_item_removal_2

Report showed that elements were found so I triggered the command in removal mode:

Remove-OnPremiseMailboxItem -SourceIsTxtFile "C:\AdminTools\PJarosz\mbx.txt" -ItemKind meeting -ItemSubject "Subject of the meeting" -EmailReportTo pawel.jarosz@domain.com
cmdlet Remove-OnPremiseMailboxItem at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Confirmation: yes

Items got removed:

mbx_item_removal_3

After removal is done I got proper email:

mbx_item_removal_4

And removed items were moved to the “spam” mailbox I defined in the script

mbx_item_removal_5

mbx_item_removal_8

 

Script can be found on TechNet and GitHub.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s