• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1503
  • Last Modified:

Powershell Mailbox Search

Experts,

I am looking for a script that can do the following:

Search All Mailboxes in our Exchange 2007 Environment for a specific attachment
Log the mailboxes that the search returned
Ensure that the file is deleted from my exchange environment

In exchange 2010 I could do the following:

Part1:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:trojan* -TargetMailbox Administrator -TargetFolder SearchLogs -LogOnly -LogLevel Full
Part2:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:trojan* -DeleteContent

However in Exchange 2007 I am not sure how to accomplish this.

Requirements:

I need this in two seperate scripts:
Script 1:
Search all mailboxes for the attachment and export results that include Mailbox Name to a log file

Script 2:
Search all Mailboxes and for the attachment and delete the message containing the attachment.
0
KLSMart
Asked:
KLSMart
  • 2
1 Solution
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Get-Mailbox -ResultSize unlimited | Export-Mailbox -whatif -AttachmentFilenames trojan* -TargetMailbox Administrator -TargetFolder SearchLogs >> Trojan.log

Open in new window

and
Get-Mailbox -ResultSize unlimited | Export-Mailbox -DeleteContent -AttachmentFilenames trojan* -TargetMailbox Administrator -TargetFolder SearchLogs 

Open in new window

You will have to delete the moved emails from the admin mailbox, as only copy or move is available with MSX 2007.
0
 
SubsunCommented:
FYI, If you have Exch 2007 SP 1 + then you don't have to specify the TargetMailbox parameter with DeleteContent, you can delete content from the user mailbox without exporting it to another mailbox.

Get-Mailbox -ResultSize unlimited | Export-Mailbox -DeleteContent -AttachmentFilenames "trojan*"

Open in new window

0
 
KLSMartAuthor Commented:
I ran the whatif simulator that you gave me above and changed the file name to an attachment file name that I know doesn't exist and got some interesting results.

The whatif simulator tried to export content from every users mailbox. I don't believe that the -AttachmentFilenames switch is working in that script as I know that every user does not have access to that attachment and that was confirmed when I put a bogus attachment name into the script.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
export-mailbox on MSX 2007 works different from 2010 and above. It completely exports a mailbox into a target mailbox, then deletes anything not matching. What you see with -WhatIf is (probably) everything done - I cannot check, without MSX SP the -WhatIf seems not to work (does nothing).
Thinking about it, I doubt you can do the same as in 2010, because of the different behaviour. Aside from export-mailbox, there is no means to search users mailboxes.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now