Forum Discussion

rodoj's avatar
rodoj
Copper Contributor
Jul 17, 2024

Issue with retention policy with adaptive scope

Dear community,

We created an adaptive scope and a retention policy about two weeks ago. If I check the scope details on the Purview portal, the adaptive scope shows 9602 users, but the policy shows only ~9150 users. I tried to investigate the issue, but I haven't found an error message or a list of users missing from the policy. I must find a way to list out the users who are not covered by the policy.

What I have done in a nutshell is: 

- Get-ComplianceRetentionPolicy does not see this policy. We have a few other policies with static scope, and they appear on the output, but the one we want to check is not.

- I collected all the mailboxes and checked the InPlaceHolds, but there is no such policy either. This is weird since we should have 9150 users covered by this policy.

- I checked a user who has this policy with the "Policy lookup" feature on the Purview portal, and it showed that the user is covered by the policy.

I googled, Copiloted, and ChatGPTd my question, but I still have no clue what to do.

 

The main question is: How can I query a list of users missing from a retention policy with adaptive scope? 

 

Thank you for your help in advance! 

 

  • Hi rodoj 

    I guess that you should be able to identify it checking for the mailboxes In-Place holds. 

    Get-Mailbox <username> | Select-Object -ExpandProperty InPlaceHolds

    To get all organization-wide Microsoft Purview retention policies you can run:

     

    Get-OrganizationConfig | FL InPlaceHolds

     

    And once you have the GUID, somthing like this should work to get all the mailboxes with that policy applied:

     

    Get-mailbox -Resultsize Unlimited | Where {$_.InPlaceHolds -like "*GUID*"}

     

    You can get more information here: How to identify the hold on an Exchange Online mailbox | Microsoft Learn

     

    Hope this helps.

    Have a good day.

     

    Best Regards,

     

    Francisco Manigrasso.

     

    • rodoj's avatar
      rodoj
      Copper Contributor
      Thanks for the suggestion, but that was the second point in the original article that I tried. I cannot see the GUID of this particular policy. I checked it in our test environment and there I saw the same result. I can't see the policy that is retaining Teams chats. Neither in the mailbox attributes nor by issuing the Get-ComplianceRetentionPolicy command.
      • FcoManigrasso's avatar
        FcoManigrasso
        Iron Contributor

        Hi rodoj 

        That´s strange. You may need to open a support case.

        Do you see al correct in the policy details?

        When you click on Policy details you should find the "Locations" section.

        On the other hand, if you know that the scope is working properly, you can identify the mailboxes running something like this, (adapt to your scope):

         

        $attribute = "Department"
        $value = "Sales"
        Get-Mailbox -Filter "{$attribute -eq '$value'}" | Select-Object DisplayName, PrimarySmtpAddress

         

  • KingsleyU's avatar
    KingsleyU
    Brass Contributor

    rodoj 

     

    you could validate the adaptive scope with the following PowerShell script publicly available. I know it works and should further provide the number of matching objects.

     

    https://aka.ms/ValidateAdaptiveScopeOPATH

     

    Please do not hesitate to ask for additional questions, if necessary.

     

    Thanks.

    • rodoj's avatar
      rodoj
      Copper Contributor
      Thanks, but actually the adaptive scope is okay. I could export the members and check them with PowerShell. The problem is that we have 9600 users in the scope and 9150 in the policy and we cannot export the users from the policy.
      • KingsleyU's avatar
        KingsleyU
        Brass Contributor

        rodoj 

         

        I would recommend you filter out the objects that are not covered by the policy as they might not be applicable such as service accounts. Moreover,

         

        1. How are you determining the number of user objects in your environment?
        2. Is it a hybrid environment?

         

Resources