You might have a situation when someone – it might have even been you – send or receive an email that shouldn’t be sent or received.
It might have been a SPAM sent to your organization or an email that supposed to be send to your colleague but was send to a bunch of other people and had naked ladies in the attachment.
After sending such email reaction chain is as follows:
First you noticed that you have might clicked “Send” button, maybe you clicked CTRL + Enter combination, but you still not sure…
…next you realize you indeed clicked “Send”…
…and then you realize what kind of sick shit you have added to the email…
…so you are buying proper things at Amazon…
…and plan to…
Well if message recall didn’t help (I am mentioning about how recall mechanism works in here: https://paweljarosz.wordpress.com/2015/10/03/exchange-message-tracking-finding-out-if-message-was-recalled-properly/), or it is not the thing as it might have been sent from external party, the only other option to delete the message or other items.
Remove-OnPremiseMailboxItem function comes here to help remove problematic element like email, meeting, notes, tasks, IM and contacts (so far only all contacts)
Examples on how to use it:
To generate just a report:
Remove-OnPremiseMailboxItem -SourceIsTxtFile "D:\PJarosz_scripts\mbx.txt" -ItemKind email -ItemSubject "Test6996" -EmailReportTo firstname.lastname@example.org -ReadOnlyReportMode
CSV will be generated in the current path, named: MailboxSearchReport.csv
Example to remove the items from the mailbox:
Remove-OnPremiseMailboxItem -SourceIsTxtFile "D:\PJarosz_scripts\mbx.txt" -ItemKind email -ItemSubject "Test6969" -EmailReportTo email@example.com
CSV will be generated in the current path, named: MailboxRemovalReport.csv
When you try to remove the items you will be prompted for confirmation (need to type ‘yes’) like below
All deleted emails go to the mailbox specified in $TargetMailbox variable (relevant folder in being created on the root folder level)
-ReadOnlyReportMode [<SwitchParameter>] Read only mode (report mode) switch. With this switch no items will be removed -SourceIsSingleExchMailbox <String> Process only single mailbox, input - single mailbox -SourceIsTxtFile <String> Process mailboxes that are in txt file (smtp addresses, samaccountnames etc.), input - file -SourceIsExchDatabase <String> Process mailboxes in one database, input - database name -SourceIsExchServer <String> Process mailboxes on one server, input - server name -ItemKind <String> Message type (specify if item is regular email, meeting, contact etc. ) -ItemSubject <String> Item subject - subject of searched item -ItemTime <String> Item time - specify when particular item has been received -ItemRecipient <String> Item recipient - specify who was the recipient of the particular item -ItemSender <String> Item sender - specify who was the sender of the particular item -EmailReportTo <String> Creates HTML email report and sends it to recipients SMTP address given as parameter value -Confirm -WhatIf
THERE IS ALWAYS A CSV REPORT GENERATED IN THE CURRENT PATH, optionally there is also HTML report send to a mailbox (if –EmailReportTo is used).
Variables you might need/would like to set/change are:
$TargetFolder = "MBX_Item_removal $Search_Time $env:UserName" $TargetMailbox = "spam" $EmailFrom = "EmailItemRemoval@domain.com" $EmailServer = "mailserver.domain.com"
Here comes real life example from today.
There was one meeting that was constantly keep comminig back decpite declinig it by the organizer.
Remove-OnPremiseMailboxItem -SourceIsTxtFile "C:\AdminTools\PJarosz\mbx.txt" -ItemKind meeting -ItemSubject "Subject of the meeting" -EmailReportTo firstname.lastname@example.org -ReadOnlyReportMode
According to the plan I got an email:
Report showed that elements were found so I triggered the command in removal mode:
Remove-OnPremiseMailboxItem -SourceIsTxtFile "C:\AdminTools\PJarosz\mbx.txt" -ItemKind meeting -ItemSubject "Subject of the meeting" -EmailReportTo email@example.com cmdlet Remove-OnPremiseMailboxItem at command pipeline position 1 Supply values for the following parameters: (Type !? for Help.) Confirmation: yes
Items got removed:
After removal is done I got proper email:
And removed items were moved to the “spam” mailbox I defined in the script