Hello Readers,

Today I’ve made a small tool based on Windows Form to utilize the Exchange 2010 cmdlet Search-Mailbox  under the  hood.

PURPOSE : 

Search & Remove emails from mailbox(es) or make a copy of emails in order to review them . It could be utilized in scenarios such as :

  • Someone mistakenly sent an sensitive email to wrong recipients and now he wants it to be removed from the mailboxes of the recipients of those emails.
  • Unwanted emails (Malware, Spam, Virus) delivered to email addresses and you want to remove them, to avoid user machines getting infected of malicious content.
  • Email content auditing and review, without liaising with the mailbox owner. Since you can Copy emails from back end and no user intervention is required.

PREREQUISITES :

  1. Access to Exchange Management Shell (EMS).
  2. Administrative rights on Exchange 2010.
  3. Admin Mailbox where you can copy the emails.

GET THE SCRIPT : 

Click Here to go to my GitHub gist to get the code.

HOW TO RUN THE SCRIPT :

  1. Log onto the Exchange Mailbox Server where the script has been copied and open Exchange Management Shell.
  2. Browse to the directory path where the script is placed and hit Enter.
    1
  3. A windows form will popup, where in you are required to fill the details in order to search mailboxes.
    5
  1. Before filling the form, you should know what each of the above fields actually mean
    • Recipient Email : mention the email addresses of mailbox(es) separated by a semicolon ‘;’  .Like, in the above screenshot there are 2 email addresses to search for emails, so we have inserted a “;” in between them.
    • Sender Email : Internal or external email must have a sender information (sender Email address), that information will come here.
    • Search Keyword : All mailboxes will be searched for the emails with this matching Keyword. By default it will search all items Folders, Calendars, Attachments, Notes
    • Search only in Subject Line : If you check this check box only the emails that contains a matching keyword only in Subject Line will be identified. This sould be used to avoid unwanted keyword matches and to Pin point specific emails.
    • Start Date & End Date : This defines a date range in which emails will be searched. All dates would be Server local time from where script is ran.Let’s suppose you have to target an email that was received on 02/26/2016, so you’ll set the dates like-

      Start date = 02/25/2016  (A day before the original date)
      End date = 02/27/2016 (A day after the original date)

    • Delete Email : In case you want the Identified emails to be deleted from the target mailboxes mentioned in Recipient Email TextBox, you can check this box and those emails will be deleted.
      PLEASE NOTE :
      As a precaution, please run the script once without this checkbox checked, in order to make sure you’re deleting the exact emails not any unwanted emails. 
    • Admin email to keep a Copy : Mention the email address of the Admin mailbox where you want to copy the targeted emails.
  1. Once you’ve filled all required details, click on Search Button.
  1. Script execution will start and you’ll see a progress bar while the mailboxes are searched for the emails one by one.In case you’ve checked the Delete email Checkbox you’ll be prompted to confirm if you want to delete those emails, like in the below screenshot.

    2

  2. Once the script execution completes you’ll notice some information on the console that Search Succeeded or failed and where on the admin mailbox the emails had been copied. By default folder name will be “\Email Captures”3
  3. Now open the admin mailbox in outlook and you’ll find the target emails copied under “Email Captures folder” .4

Hope you find it useful, follow me on twitter @SinghPrateik for more interesting stuff 🙂