Search & delete messages from Exchange user mailboxes with Search-Mailbox command

Read time: 5 minutes

The Exchange Management Shell provides the administrator a means to get firm control over the Exchange. You can search not only the details of mailboxes and databases but also perform several actions. Though it is not as easy as using the Exchange admin center, it performs more tasks in a more comprehensive way. So, we will discuss how you can search and delete messages from Exchange user mailboxes with the Search-Mailbox command.

Why do you need to search and delete messages?

Exchange emails usually contain a lot of critical and sensitive information. Getting this information in the wrong hands is not desirable as it may cause severe financial losses and damage to reputation. If you have sent some emails to some wrong people, administrators can find them and delete them using the Search-Mailbox command.

Here is how you can Search & Delete Messages from Exchange User Mailboxes using Exchange Management Shell cmdlets.

To check the contents of a mailboxes, the command is Search-Mailbox.
Other than searching specific items in a mailbox, the following tasks can also be performed using this cmdlet:

• Recover items from the Recoverable Items folder
• Copy messages to a specified target
• Clean up the Recoverable Items folder of a mailbox once it reaches the specified limit
• Delete messages from a mailbox

Before starting, be sure that:

• The account must have been assigned a Mailbox Search role to search for messages in multiple mailboxes. This role is not assigned to the administrator by default. You can assign this role by adding yourself as a member of the Discovery Management Role Group.
• The user must know how to use Exchange Management Shell to run the cmdlets.
• To delete messages from a mailbox, the Mailbox Import Export Management Role must be assigned to the administrator.
• The user can search a maximum of 10,000 mailboxes using the Search-Mailbox cmdlet. For unlimited searching of mailboxes, the user can run the New-Compliance Search cmdlet.
• If the user includes a search query with the cmdlet, it provides a maximum of 10,000 items in the search.
• Search-Mailbox cmdlet also searches the archive mailboxes.
• The facility is available for on-premises Exchange Server 2010 and later versions only along with Exchange Online.

The primary requirement is assigning two management roles to the account via Exchange Management Shell or Exchange Admin Center.

• Mailbox Import Export Role:

To assign Import Export role, the Exchange Management Shell cmdlet is

New-ManagementRoleAssignment -User <username> -Role “Mailbox Import Export”
• Mailbox Search Role:

To assign the Mailbox Search role, the Exchange Management Shell cmdlet is

New-ManagementRoleAssignment -User <username>-Role “Mailbox Search”

To start with, run the Exchange Management Shell application as an administrator.

The below cmdlet is for searching specific message(s) in the user mailboxes. Just provide your mailbox name and specific phrase or words, and the target folder name where you want to save the data.

For Example:

Now, let us see how to search messages using the SearchQuery of attachment parameter in all the mailboxes.

The output result would be all the messages containing that attachment with the specified file name. It also sends a log message to the administrator’s mailbox.

Let us see the commands to search for emails with particular phrases or words coming in the email subject, copy them to the target folder, and delete them from the source mailbox.

Using this command, you can simply search and delete the messages having a specific phrase in the subject.

Run this command if you want to search specific messages that contain a specified phrase in the subject. It copies these messages to deleted messages folder and deletes those messages from the Source mailbox folder.

So, you have just read the technical way to search for items in the Exchange user mailbox. It definitely requires some skills to get the desired results, as a minor mistake can cause more damage by affecting the file data.

For easier search and conversion of items (from EDB file, live Exchange, or Office 365), users can take the help of Kernel for Exchange Server, which is efficient third-party EDB Recovery software that facilitates search and conversion of mailbox items within minutes.

Using its advanced Search features, the tool can search for specific emails based on various criteria like Subject, Body, From, To, Cc, Bcc, etc. One can also preview these items after the search. Then these items can be selectively exported, migrated, or saved as per the requirements of the user. Also, there is a facility to search within the search results. One can search offline EDB files, live Exchange Server, and Office 365 using this tool. Moreover, this tool can be used to recover accidentally deleted Exchange mailbox items.

Conclusion

The article showed you the correct usage of the Exchange Management Shell for searching and deleting emails. It can work for on-premises Exchange Server very effectively. The administrator can use it to search and delete the mailboxes. If some mailboxes items are deleted accidentally, you should use this third party Exchange Server data recovery software and scan the EDB file. It will recover mailbox from EDB file easily.