Forum Discussion
Issue with retention policy with adaptive scope
Dear community,
We created an adaptive scope and a retention policy about two weeks ago. If I check the scope details on the Purview portal, the adaptive scope shows 9602 users, but the policy shows only ~9150 users. I tried to investigate the issue, but I haven't found an error message or a list of users missing from the policy. I must find a way to list out the users who are not covered by the policy.
What I have done in a nutshell is:
- Get-ComplianceRetentionPolicy does not see this policy. We have a few other policies with static scope, and they appear on the output, but the one we want to check is not.
- I collected all the mailboxes and checked the InPlaceHolds, but there is no such policy either. This is weird since we should have 9150 users covered by this policy.
- I checked a user who has this policy with the "Policy lookup" feature on the Purview portal, and it showed that the user is covered by the policy.
I googled, Copiloted, and ChatGPTd my question, but I still have no clue what to do.
The main question is: How can I query a list of users missing from a retention policy with adaptive scope?
Thank you for your help in advance!
- FcoManigrassoIron Contributor
Hi rodoj
I guess that you should be able to identify it checking for the mailboxes In-Place holds.
Get-Mailbox <username> | Select-Object -ExpandProperty InPlaceHolds
To get all organization-wide Microsoft Purview retention policies you can run:
Get-OrganizationConfig | FL InPlaceHolds
And once you have the GUID, somthing like this should work to get all the mailboxes with that policy applied:
Get-mailbox -Resultsize Unlimited | Where {$_.InPlaceHolds -like "*GUID*"}
You can get more information here: How to identify the hold on an Exchange Online mailbox | Microsoft Learn
Hope this helps.
Have a good day.
Best Regards,
Francisco Manigrasso.
- rodojCopper ContributorThanks for the suggestion, but that was the second point in the original article that I tried. I cannot see the GUID of this particular policy. I checked it in our test environment and there I saw the same result. I can't see the policy that is retaining Teams chats. Neither in the mailbox attributes nor by issuing the Get-ComplianceRetentionPolicy command.
- FcoManigrassoIron Contributor
Hi rodoj
That´s strange. You may need to open a support case.
Do you see al correct in the policy details?
When you click on Policy details you should find the "Locations" section.
On the other hand, if you know that the scope is working properly, you can identify the mailboxes running something like this, (adapt to your scope):
$attribute = "Department" $value = "Sales" Get-Mailbox -Filter "{$attribute -eq '$value'}" | Select-Object DisplayName, PrimarySmtpAddress
- KingsleyUBrass Contributor
you could validate the adaptive scope with the following PowerShell script publicly available. I know it works and should further provide the number of matching objects.
https://aka.ms/ValidateAdaptiveScopeOPATH
Please do not hesitate to ask for additional questions, if necessary.
Thanks.
- rodojCopper ContributorThanks, but actually the adaptive scope is okay. I could export the members and check them with PowerShell. The problem is that we have 9600 users in the scope and 9150 in the policy and we cannot export the users from the policy.