In any organization, there comes a time where you have to delete email from an individual mailbox or multiple mailboxes because emails were sent out in error or an end user clicked a malware or phishing link and they started mass mailing accounts or the CEO received this weird email that he wants you to remove from the backend.
In the example below, our Administrator account had these two test emails, let’s think of them as malicious and we need to remove it. Here is the Mailbox:
Before we can jump right in and remove the content, we need to have permission to do so. In my lab I did not create a separate Role Group just for this but added “Mailbox Search” to the “Organization Management” Role Group as you can see below:
Just like the “Mailbox Import Export” role, we need to wait for Active Directory Replication and you need to close and open the Exchange Management Shell (EMS) to be able to run the commands or you will receive an error that the command cannot be found.
Below is the command that you run to remove items from the mailbox, be aware that it will take a few minutes to reflect in the mailbox, here is the command:
Search-Mailbox -Identity administrator -SearchQuery Subject:"Test" -DeleteContent
You will need to update the Identity and SearchQuery to match your requirements. After a few minutes, our mailbox was empty as seen below:
The “DeleteContent” option is powerful, do not just run something but if you need to rather set a target mailbox in your command so you have a backup.
Hope you find it helpful.