Let’s face it: IT fire drills happen. Nobody likes them and everybody tries to prevent them, but yet you’ve found this blog post because you have an urgent need to delete a message from every mailbox in your organization. Maybe there’s a virus infestation, maybe a disgruntled employee sent an inappropriate email to everyone, or maybe HR accidently sent around some social security numbers. It doesn’t particular matter what the reasoning is, you just know that you need to get this message deleted quickly.
I’ll cut to the chase: If you’re running Exchange 2010 SP1+ or Exchange 2013, follow the steps below:
- Create a mailbox.
- This is a temporary mailbox where you will dump all of the deleted content.
- Remember the name you give the mailbox. You’ll need it shortly.
- In the Exchange Management Shell, grant an administrative account full access to all mailboxes
- Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -User YourAdminAccountName -AccessRights FullAccess -InheritanceType All
- Run the following command to delete the specified mailbox content:
- Get-Mailbox –ResultSize Unlimited | Search-Mailbox -SearchQuery ‘SearchString‘ -TargetMailbox “TemporaryMailboxNameHere” -TargetFolder “DeletedContent” -LogLevel Full –DeleteContent
- The search string can be a wide variety of things, for example
- Microsoft outlines the full options in this MSDN article.
- When the searching and deletion process is complete, delete or archive the temporary mailbox depending on your specific scenario.
- Don’t forget to revoke the full-access permissions you gave your administrative account:
- Get-Mailbox -ResultSize Unlimited | Remove-MailboxPermission -User YourAdminAccountName -AccessRights FullAccess -InheritanceType All