Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Powershell Mailbox Search

Posted on 2013-05-23
4
Medium Priority
?
1,486 Views
Last Modified: 2013-06-06
Experts,

I am looking for a script that can do the following:

Search All Mailboxes in our Exchange 2007 Environment for a specific attachment
Log the mailboxes that the search returned
Ensure that the file is deleted from my exchange environment

In exchange 2010 I could do the following:

Part1:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:trojan* -TargetMailbox Administrator -TargetFolder SearchLogs -LogOnly -LogLevel Full
Part2:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:trojan* -DeleteContent

However in Exchange 2007 I am not sure how to accomplish this.

Requirements:

I need this in two seperate scripts:
Script 1:
Search all mailboxes for the attachment and export results that include Mailbox Name to a log file

Script 2:
Search all Mailboxes and for the attachment and delete the message containing the attachment.
0
Comment
Question by:KLSMart
  • 2
4 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 39190770
Get-Mailbox -ResultSize unlimited | Export-Mailbox -whatif -AttachmentFilenames trojan* -TargetMailbox Administrator -TargetFolder SearchLogs >> Trojan.log

Open in new window

and
Get-Mailbox -ResultSize unlimited | Export-Mailbox -DeleteContent -AttachmentFilenames trojan* -TargetMailbox Administrator -TargetFolder SearchLogs 

Open in new window

You will have to delete the moved emails from the admin mailbox, as only copy or move is available with MSX 2007.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39190831
FYI, If you have Exch 2007 SP 1 + then you don't have to specify the TargetMailbox parameter with DeleteContent, you can delete content from the user mailbox without exporting it to another mailbox.

Get-Mailbox -ResultSize unlimited | Export-Mailbox -DeleteContent -AttachmentFilenames "trojan*"

Open in new window

0
 

Author Comment

by:KLSMart
ID: 39190899
I ran the whatif simulator that you gave me above and changed the file name to an attachment file name that I know doesn't exist and got some interesting results.

The whatif simulator tried to export content from every users mailbox. I don't believe that the -AttachmentFilenames switch is working in that script as I know that every user does not have access to that attachment and that was confirmed when I put a bogus attachment name into the script.
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1500 total points
ID: 39191278
export-mailbox on MSX 2007 works different from 2010 and above. It completely exports a mailbox into a target mailbox, then deletes anything not matching. What you see with -WhatIf is (probably) everything done - I cannot check, without MSX SP the -WhatIf seems not to work (does nothing).
Thinking about it, I doubt you can do the same as in 2010, because of the different behaviour. Aside from export-mailbox, there is no means to search users mailboxes.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question