View RSS Feed


Learnt the Hard Way: How to Forcibly Remove Messages in Exchange

Rate this Entry
by , 5th March 2012 at 03:42 PM (12209 Views)
Someone in my school is having a very, very bad day now, having inadvertently emailed a letter of complaint from one staff member about others round to the entire staff body by mistake. Entirely human error, but I can sympathise with the rock-in-the-gut feeling they must be going through right now.

Anyway, because Message Recall is bloody useless and in no way a reliable way of trying to stuff the cat back into the bag, I'm sharing the following code below what I have squeezed out of the internet to help you respond quicker should a similar situation arise for you.

In Exchange 2007, at least, the following code run in the EM Shell will (as an example) search all mailboxes on the Staff Database for messages sent today with the subject "OI IDIOT" (not the real message, obv.):
get-mailbox -Database Staff | Export-Mailbox -SubjectKeywords "OI IDIOT" -StartDate "05/03/2012" -DeleteContent
That will then prompt you for a mailbox to move the messages to, so give it your own or a random IT mailbox you have lying around. It'll then ask for a folder name to dump all moved messages into, so give it something useful. Finally it will prompt for permission to go ahead on the first mailbox and you can tell it A for yes to all.

This will then search through all mailboxes on the specified database for messages matching your supplied conditions, create one folder per user in the folder you specified when it asked, and delete the original message from the inbox. When it's run you then have a long list of all the usernames with the messages in their original condition, so you can see who had read the message before it was removed and who had it marked as unread. When you're done, delete that folder to be rid of the message forever.

You can filter the mailboxes with any of the flags relevant to get-mailbox, and you can specifiy search conditions using and of the flags relevant to export-mailbox, and TechNet can tell you plenty more about both of those. This, though, is a pretty basic form that worked pretty well for me, although be warned that it takes some time to run, and there'll still be a time period where people can read the message, particularly if their name is alphabetically down the list.

If you want to make Message Recall itself more useful (as it will shove the cat back into the bag that much quicker, if not as reliably) then change the following setting in a GPO (Outlook 2010):
under User Config > Admin Templates > Microsoft Outlook 2010 > Outlook Options > Preferences > E-mail options > Tracking Options
set Options
to Enabled
and tick Process requests and responses on arrival

That way, anyone sending out a message recall request should have it actually achieve something. Best bet is to set this setting now, and if an incident happens, recall the message then go to the script.

At least for once it wasn't my bad day...!



Total Trackbacks 0
Trackback URL: