Solved

Powershell Mailbox Search

Posted on 2013-05-23
4
1,458 Views
Last Modified: 2013-06-06
Experts,

I am looking for a script that can do the following:

Search All Mailboxes in our Exchange 2007 Environment for a specific attachment
Log the mailboxes that the search returned
Ensure that the file is deleted from my exchange environment

In exchange 2010 I could do the following:

Part1:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:trojan* -TargetMailbox Administrator -TargetFolder SearchLogs -LogOnly -LogLevel Full
Part2:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:trojan* -DeleteContent

However in Exchange 2007 I am not sure how to accomplish this.

Requirements:

I need this in two seperate scripts:
Script 1:
Search all mailboxes for the attachment and export results that include Mailbox Name to a log file

Script 2:
Search all Mailboxes and for the attachment and delete the message containing the attachment.
0
Comment
Question by:KLSMart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 39190770
Get-Mailbox -ResultSize unlimited | Export-Mailbox -whatif -AttachmentFilenames trojan* -TargetMailbox Administrator -TargetFolder SearchLogs >> Trojan.log

Open in new window

and
Get-Mailbox -ResultSize unlimited | Export-Mailbox -DeleteContent -AttachmentFilenames trojan* -TargetMailbox Administrator -TargetFolder SearchLogs 

Open in new window

You will have to delete the moved emails from the admin mailbox, as only copy or move is available with MSX 2007.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39190831
FYI, If you have Exch 2007 SP 1 + then you don't have to specify the TargetMailbox parameter with DeleteContent, you can delete content from the user mailbox without exporting it to another mailbox.

Get-Mailbox -ResultSize unlimited | Export-Mailbox -DeleteContent -AttachmentFilenames "trojan*"

Open in new window

0
 

Author Comment

by:KLSMart
ID: 39190899
I ran the whatif simulator that you gave me above and changed the file name to an attachment file name that I know doesn't exist and got some interesting results.

The whatif simulator tried to export content from every users mailbox. I don't believe that the -AttachmentFilenames switch is working in that script as I know that every user does not have access to that attachment and that was confirmed when I put a bogus attachment name into the script.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39191278
export-mailbox on MSX 2007 works different from 2010 and above. It completely exports a mailbox into a target mailbox, then deletes anything not matching. What you see with -WhatIf is (probably) everything done - I cannot check, without MSX SP the -WhatIf seems not to work (does nothing).
Thinking about it, I doubt you can do the same as in 2010, because of the different behaviour. Aside from export-mailbox, there is no means to search users mailboxes.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question