Having run into a scenario where sensitive information was sent to the wrong people, I had to come up with a fast solution to retract the messages so that as few people as possible had access to the message . Yes the sender could have tried to recall the message through Outlook but that doesn’t ensure that you can get every message back; only ones that have a status of unread. Also this contributes to more messages that need to be cleaned up in the event the message wasn’t successfully removed. Below are two commands to quickly remove messages to a temp mailbox in case you need to verify before deleting permanently.
Pull Messages with this criteria into ExchSVC but do not delete.
get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery ‘Subject:”You have received a secure message”‘ -TargetMailbox exchsvc -TargetFolder DeleteMsgs -LogLevel Full
After verification, add the -DeleteContent and the messages will be sent to ExchSVC again but deleted from users’ mailbox
get-mailbox -resultsize unlimited | Search-Mailbox -SearchQuery ‘Subject:”You have received a secure message”‘ -TargetMailbox exchsvc -TargetFolder DeleteMsgs -LogLevel Full -DeleteContent
With my # of mailboxes, I ran through my message tracking logs for the message subject first, then only searched the recipients of that message.
get-hubtransport | %{get-messagetrackinglog -server $_.name -start “minute before message sent” -messagesubject “blah blah” } | %{$_.recipients | %{get-mailbox $_ …
Pingback: Delete Specific Email on Exchange 2010 | Write Based on My Experience