cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange contacts being mass-deleted

JMiller317
Copper Contributor

‎Apr 25 2022 09:50 AM - edited ‎Apr 25 2022 10:12 AM

‎Apr 25 2022 09:50 AM - edited ‎Apr 25 2022 10:12 AM

Exchange contacts being mass-deleted

We have one user who has had a large portion of his contacts move to his recycle bin.  The first two times it happened in the middle of the night and a thousand or so contacts were deleted within a minute.  This weekend, he had over 2000 (of his 3,400) contacts deleted over the span of two hours.  All have been restored from his Deleted Items, so no data lost, but we do need to get to the bottom of the mystery. 

 

These large groups of contacts are not consecutive, so it's not like he shift-selected a bunch and manually deleted them.  The first two times this happened, over a thousand random contacts were deleted in under a minute, which doesn't seem possible to be human error.  This last time he was out of town and not using his laptop, but was using his iPhone.  When we search his deleted items, we see the deleted contacts, but no deleted messages or calendar items in the same timeframe.  Our environment is Exchange 2013 on-prem (DAG), Windows 10, Office 2016, iPhone and iPad.  We have checked Outlook add-ins, mailbox delegates, Outlook rules, and retention/archiving policies.

 

Has anyone ever seen anything like this?  Any ideas on how to investigate what process or machine is deleting the contacts?

 

775 Views
0 Likes
2 Replies
Reply
2 Replies
Jeremy Bradshaw

‎Apr 25 2022 10:16 AM

‎Apr 25 2022 10:16 AM

Re: Exchange contacts being mass-deleted

@JMiller317 

Hi, this issue reminds me of the ~2010 era when non-Microsoft ActiveSync clients would destroy Exchange server upon each new version of the app(s). And iOS' Mail along the way since then has been notorious for Calendar and Contacts devastation.

I think your best move is to turn on mailbox auditing for that mailbox where the contacts are getting deleted, and that should give you an idea which user, which client app, etc. are causing the deletion. Then from there make decisions on next steps. There is also ActiveSync debug logging which might help, but I think you could save that for next steps and with MS Support involved. If the mailbox auditing logs show you it's that user from that iPhone (or their i*** devices), I would remove and re-setup their accounts in those ActiveSync apps from scratch, but also would insist on updating iOS to the latest in the process.

1 Like
Reply
JMiller317

‎Apr 25 2022 10:44 AM

‎Apr 25 2022 10:44 AM

Re: Exchange contacts being mass-deleted

Mailbox auditing is a good place to start. Thanks for the suggestion.
0 Likes
Reply