Deleting a specific message from an (or all) Exchange account(s)

In order to perform this operation we need to use the "New-MailboxImportRequest" - which is not actually available by default! So we must add the user executing the following commands to the Mailbox Import Export role group:

We should firstly create a dedicated security group for the users who our likely to run this command:

New-ManagementRoleAssignment -Name "Mailbox Import Export Admins" -SecurityGroup "Mailbox Admins" -Role "Mailbox Import Export"

or specify an individual user:

New-ManagementRoleAssignment -Name "Mailbox Import Export Admins" -User "Joe Bloggs" -Role "Mailbox Import Export"

Since this operation is potentially very dangerous we can issue the following command to firslty verify what *would* be deleted:

Get-Mailbox -Server  "MailboxServer01" | Search-Mailbox -SearchQuery 'Subject:"Offensive Email" and Body:"Joe Bloggs"' -targetmailbox "AdminUser" -targetfolder "Inbox" -logonly -loglevel full

The above example searches all mailboxes on all of the databases on MailboxServer01 for an email with a specific subject and body and sends the results to the 'AdminUser' mailbox's Inbox folder.

If we wanted to perform a search query on a individual user we could alternatively run:

Search-Mailbox "joebloggs@domain.com" -SearchQuery 'Subject:"Offensive Email" and Body:"Joe Bloggs"' -targetmailbox "AdminUser" -targetfolder "Inbox" -logonly -loglevel full

Now upon verification of the prior commands we can now perform the deletion operation on all mailboxes on the server:

Get-Mailbox -Server  "MailboxServer01" | Search-Mailbox -SearchQuery 'Subject:"Offensive Email" and Body:"Joe Bloggs"' -deletecontent

or on a specific user:

Search-Mailbox "joebloggs@domain.com" -SearchQuery 'Subject:"Offensive Email" and Body:"Joe Bloggs"' -deletecontent