After the huge responses I received from my previous article on how to remove an email from an Exchange 2010 mailbox, I am adding some small enhancements to the script that will allow Exchange admins to analyse the emails from another mailbox.
A user has received an email that needs to be removed and/or analysed (for whatever reason). You want to extract the email into another mailbox so you can analyse it.
Set up a new mailbox on your Exchanger server – in this case we are going to call it “EmailAnalysis”.
Create a folder in the new mailbox called “ToExamine”
Powershell Script to extract email
Using the following script, will allow you to take a copy of the emails and place them into your new mailbox “EmailAnalysis” and drop them into the “ToExamine” folder.
$suser = "sourceuser" #name of mailbox to be searched
$tm = "EmailAnalysis" #name of the mailbox to copy the emails into, in this case 'EmailAnalysis'
$tf = "ToExamine" #name of the folder that you want to copy/drop the emails into, in this case 'ToExamine'
Get-mailbox -id $suser | Search-Mailbox -SearchQuery 'Subject:"whatever the subject is"' -TargetMailbox $tm -TargetFolder $tf
If there is a need to remove the emails from the original mailbox and keep a copy in your “EmailAnalysis” mailbox you can add “-DeleteContent” to the end of the script
Get-mailbox -id $suser | Search-Mailbox -SearchQuery 'Subject:"whatever the subject is"' -TargetMailbox $tm -TargetFolder $tf -DeleteContent
Testing email extraction:
I sent an email to a colleague with the subject “123456789”, ran the top script above and below are the results:
As you can see from the results, a number of subfolders are created, one for the mailbox that the email was found in (with a time stamp of when the script was run), a subfolder called “Primary Mailbox” and another subfolder named after the location of the folder containing the original email.