Forum Discussion

StephanGee's avatar
StephanGee
Steel Contributor
Jul 25, 2024

Mails duplicated - now we having 230k mails in a shared mailbox - New-ComplianceSearchAction sucks

Hi everyone,

 

we have an error like this:

Junk email messages multiplying without user actions in Shared Mailboxes - Microsoft Support

We removed everyone from the shared mailbox and it also stopped the duplication. Now we want to delete the mails that got duplicated as the shared mailbox is not working anymore due to storage issues.

 

How can we achieve this? New-ComplianceSearchAction does not help - even if we put it into a loop with a script i found.

 

I had to restart it (it hard deleted approx 150k mails) - and now it is not working anymore. It says completed but the count of mails does not go down. I conducted a new search and it comes up with an even bigger count of mails.

 

How do we get rid of these mails so that our department can start working?

 

BR

Stephan

exchange online
outlook

4 Replies

Sort By
  • StephanGee's avatar
    StephanGee
    Steel Contributor
    Jul 25, 2024

    On top of this - i want to look at the Audit Log of this Shared Mailbox to see if i can identify the user that causes all this but i get no hits back....

     

    This is the audit setting for this mailbox:

    AuditEnabled : True
    AuditLogAgeLimit : 180.00:00:00
    AuditAdmin : {Update, Move, MoveToDeletedItems, SoftDelete...}
    AuditDelegate : {Update, Move, MoveToDeletedItems, SoftDelete...}
    AuditOwner : {Update, Move, MoveToDeletedItems, SoftDelete...}

     

    I am global admin and using - what am i doing wrong? Or is it because a shared mailbox has no license?

    Search-MailboxAuditLog SMB-sharedmailbox -startdate 07/24/2024 -enddate 07/24/2024 -LogonTypes Owner -ShowDetails
or
search-unifiedauditlog -startdate 07/24/2024 -enddate 07/24/2024 -recordtype 'exchangeitem' -userids 'email address removed for privacy reasons'

     

Resources