Delete contents from users mailbox

Following steps help when accidentally sent email to undesirable participants or removing virus attachment for unsolicited emails.


Download and install followings:

Microsoft Online Services Sign-In Assistant for IT Professionals RTW

[Install BETA if you get any error installaing Azur AD]

Windows Azure Active Directory by using Windows PowerShell

Reference to Available PowerShell Cmdlets in Exchange Online

Click Start > All Programs > Windows Azure Active Directory > Windows Azure Active Directory Module

Type in the following command, a Windows PowerShell Credential request will open opens, type in your Office 365 credentials.


$LiveCred = Get-Credential

Type in Command:


$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LiveCred -Authentication Basic –AllowRedirection

[Set-ExecutionPolicy RemoteSigned]

Type in the following command:


Import-PSSession $Session

Administrators may need to search for / delete inappropriate or potentially harmful e-mail messages sent to multiple mailboxes across their organization. For example, e-mail messages can contain viruses or links to download a virus, inappropriate content, such as jokes or confidential information that was accidentally sent to the incorrect recipients.

Exchange Control Panel (ECP) or 0ffice365doesn’t provide this feature yet but Windows PowerShell does by using the Search-Mailbox cmdlet with the DeleteContent switch parameter.

Note.  Search-Mailbox cmdlet with the DeleteContent parameter, email items are permanently deleted from the user’s mailbox and it is not recoverable.

Administrator needs required rights to perform the tasks.

Mailbox Search   This role allows you to search for messages across multiple mailboxes in your organization. Administrators aren’t assigned this role by default. To search multiple mailboxes, add yourself as a member of the Discovery Management role group.

Add or Remove Role Group Members.
Use administrator role groups to assign users permissions to perform specific administrative tasks, such as creating new mailboxes, resetting passwords, or troubleshooting the Outlook Web App Options page of another user.

To assign users’ permissions to perform specific administrative tasks, you add the user as a member of the administrator role group for those administrative tasks. Here’s how:

  1. In the Exchange Control Panel, select Manage My Organization > Roles & Auditing > Administrator Roles.
    —————- For Microsoft Office365———-
    For office365 and Permission
    link from left.
    we may create new user and add these two roles or add in the exiting role where administrator name is belonged.

  2. __________End O65 steps_________

  3. Select the role group that you want to add the user to, and then click Details.
  4. Under Members, click Add.
  5. In the Select Members dialog box, select the user, security group, or role group. You can search for a name by typing all or part of a display name, and then clicking . You can also sort the list by clicking the Name or Display Name column headings.
  6. Click Add.
  7. Click OK to return to the role group page.
  8. Click Save to save the change to the role group.
    The new member is displayed under Members in the details pane for the selected role group.

Mailbox Import Export   This role allows you to delete messages from a user’s mailbox. This role isn’t assigned to administrators by default. To delete messages from users’ mailboxes, add the Mailbox Import Export role to the Organization Management role group.

Edit Role Group Properties
Use the Role Group dialog box to view or change the configuration of the role group.

A unique, descriptive name for the role group.


A description of the role’s capabilities.

Write Scope

The write scope defines the administrative boundary of the roles assigned to the role group. In other words, the write scope defines where members of the role group can make changes.

When you select a write scope from the drop-down list, it is applied to all the roles that are assigned to the role group. You can select from two kinds of write scopes:

  • Default   This is the implicit write scope that applies to all the roles assigned to the role group. For built-in administrator roles that allow users to modify objects, the default write scope is the entire organization.
  • Custom   These are custom write scopes you created using the New-ManagementScope cmdlet.
    • Cloud-based organizations can create custom write scopes based on recipient filters. For example “All users where CustomAttribute1 contains ‘students'”.
    • On-premises implementations of Microsoft Exchange Server 2010 can also create custom write scopes based on Exchange Server attributes, Exchange database attributes, or organizational units.

    Note   Exclusive write scopes don’t appear in the drop down list. An exclusive write scope isolates specific mailboxes so they can be managed by designated administrators only.

If any of the following conditions are true, you can’t view or change the write scope here:

  • An end-user role is assigned to the role group.
  • A role is assigned to the role group using a different write scope than the other roles.
  • Roles are assigned to the role group using exclusive write scopes.

To view or change the write scope of role assignments that you can’t manage here, you can use the Get-ManagementRoleAssignment or Set-ManagementRoleAssignment cmdlets.



Deleting email content from Robiul Islam’s mailbox email subject matches with: Attached Image’

Search-Mailbox -Identity “Robiul Islam” -SearchQuery ‘Subject:”Attached Image’ –DeleteContent

The following command searches Scott Johnson’s mailbox for messages that have the phrase Download this file in the Subject field and logs the search results in the SearchLogs folder in the administrator’s mailbox.


Search-Mailbox -Identity "Scott Johnson" -SearchQuery subject:"Download this file" -TargetMailbox Administrator -TargetFolder SearchLogs -LogOnly -LogLevel Full

The following command searches all mailboxes for messages that have any type of attached file named Virus and sends a log message to the administrator’s mailbox.

Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:virus* -TargetMailbox Administrator -TargetFolder SearchLogs -LogOnly -LogLevel Full

The following command searches all the mailboxes for messages with the subject line Download this file, and then permanently deletes them.

Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery subject:"Download this file" -DeleteContent

Note. Before you permanently delete messages, we recommend that you either use the LogOnly parameter to generate a log of the messages found in the search before they’re deleted, or copy the messages to another mailbox before deleting them from the source mailbox.

The following command searches all mailboxes for messages with the subject line Download this file, copies the search results to the DeletedMessages folder in the administrator’s mailbox, and then permanently deletes the messages from users’ mailboxes.

Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery subject:"Download this file" -TargetMailbox Administrator -TargetFolder DeletedMessages -DeleteContent


The script below only deletes the emails from last year.  I want to delete any emails older than 30 days.

get-mailbox -Identity spam -resultsize unlimited | Search-Mailbox -SearchQuery ‘sent:lastyear’ -deletecontent

Email content deletes from 30 days before.

$a= Get-Date
get-mailbox -Identity spam -resultsize unlimited | Search-Mailbox -SearchQuery ‘sent:>$a.AddDays(-30)’ –deletecontent

Using Search-Mailbox to search emails

For example:

Get-Mailbox -Identity “UserMailbox To Search” | Search-Mailbox -SearchQuery subject:”This email is PRANK!”,from:”” -TargetMailbox “Mailbox to put search results into” -TargetFolder “A folder in that mailbox”

This will search “UserMailbox to search” for any emails with a subject that contains “This email is Prank!” and from “”. If it finds any emails that fit the criteria, then it will copy them all to “Mailbox to put search results into” in the folder “A folder in that mailbox”. Simple huh!

Note – if you leave the -Identity off the Get-Mailbox cmdlet, then it will search EVERY mail box in Exchange. Could be quite slow, depending on number of mailboxes you have.

Using Search-Mailbox to delete emails

Now, if you want to delete emails, it’s pretty much the same command, just put a -DeleteContent onto the Search-Mailbox cmdlet and remove the TargetMailbox/TargetFolder options.

For example:

Get-Mailbox -Identity “UserMailbox To Search” | Search-Mailbox -SearchQuery subject:”This email is Prank!”,from:”” -DeleteContent


About Robiul

Robiul has 15 years of continuous successful career experience in ICT with extensive background in System Engineering, IT infrastructure design, operations and service delivery, managing IT projects / MIS functions for local and multi-national companies with in-depth knowledge of multiple operating systems as well as construct / manage small to medium size Data Center. Proven ability to design and implement medium to semi-large scale LAN/WAN/WLAN and system infrastructures. Academic qualification: Master of Science in Information Systems. Professional certifications are: MCSE, CCNA, ITIL and FoundStone Security Professional, VCP, NetAPP, CISSP etc.
This entry was posted in Others and tagged . Bookmark the permalink.