cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

New-ComplianceSearch list of mailboxes

Robert Bollinger
Iron Contributor

‎Jun 05 2019 12:12 PM

‎Jun 05 2019 12:12 PM

New-ComplianceSearch list of mailboxes

Hey Guys, 

Hoping to get some assistance here. So this is the situation, one of our Managers sent an email to an list of 200 users. This was sent via single distro group.

 

I ran the following command: 

 

New-ComplianceSearch -Name <Name of Search> -ExchangeLocation distrogroup@domain.com -ContentMatchQuery "(From:user.domain@fqdn.com) AND (Subject:FW: Subject Name Here) AND (Recipients: distrogroupname@fqdn.com) AND (Received:06/05/2019)"

 

The above worked as expected, however only 98 members were identified as having received the email. I was able to delete the messages using new-compliancesearchaction however the total number of deletes should have been 185-200. 

 

So then to confirm my findings i ran this command: 

 

$groups| %{Get-MessageTrace -RecipientAddress $_.PrimarySMTPAddress -StartDate "06/05/2019" -EndDate "06/06/2019" -SenderAddress user.domain@fqdn.com}

 

Then i was able to export that to a excel spreadsheet and sure enough i see 197-200 messages that were sent to those members of the distro group. 

 

in the above command  $Groups = Get-DistributionGroupMember -Identity recip.group@domain.com

 

So as you can see, 198 members received the emails, but only 98 members had them deleted when using new-compliancesearchaction. 

 

My question is this: How can i use new compliance search, against a list of mailboxes? like the one in my groups variable? 

 

Thanks, 

 

Robert 

 

 

Labels:
15.6K Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Robert Bollinger (Iron Contributor)
Vasil Michev

‎Jun 05 2019 11:32 PM

‎Jun 05 2019 11:32 PM

Solution

Re: New-ComplianceSearch list of mailboxes

As you are already restricting the search by subject and sender, there's no point of adding the DG to the search query. But in theory, should be the same for your scenario, I'm not really sure why it's skipping some of the members. Are they all regular user mailboxes? Do you have nested groups and other object types added as members of the DG?

 

@Tony Redmond might be aware of some gotcha...

0 Likes
Reply
Tony Redmond

‎Jun 06 2019 01:59 AM

‎Jun 06 2019 01:59 AM

Re: New-ComplianceSearch list of mailboxes

@Vasil Michev The only gotcha I can think of is that a compliance search action can only remove 10 messages at a time, so you'd have to run the search and the action multiple times to find and remove all the messages.

 

I would use the Search-Mailbox cmdlet for something like this. It will process all the mailboxes and remove all the offending messages at one time.

0 Likes
Reply
Robert Bollinger

‎Jun 16 2019 07:58 AM

‎Jun 16 2019 07:58 AM

Re: New-ComplianceSearch list of mailboxes

@Vasil Michev It turns out that actually it was removing more messages, about 150 messages (total) from my list of mailboxes. I know this because our ProofPoint Trap system was able to go in and remove the remaining messages. 

 

I also only set the cmdlet to do a softdelete. @Tony Redmond I was under the impression that the 10 message limit was per mailbox per run. 

 

So for instance if i wanted to move 1 message from a 100 mailboxes new compliance search would do that on one pass, but if i wanted to remove 11 messages from 100 mailboxes that would take 2 passes? 

 

Is that incorrect? 

 

Thanks, 

 

Robert

0 Likes
Reply
Tony Redmond

‎Jun 16 2019 01:12 PM

‎Jun 16 2019 01:12 PM

Re: New-ComplianceSearch list of mailboxes

@Robert Bollinger  Right, as confirmed by https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-content-search/new..., it is 10 items per mailbox per run.

 

To quote: "A maximum of 10 items per mailbox can be removed at one time. Because the capability to search for and remove messages is intended to be an incident-response tool, this limit helps ensure that messages are quickly removed from mailboxes. This action isn't intended to clean up user mailboxes."

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Robert Bollinger (Iron Contributor)
Vasil Michev

‎Jun 05 2019 11:32 PM

‎Jun 05 2019 11:32 PM

Solution

Re: New-ComplianceSearch list of mailboxes

As you are already restricting the search by subject and sender, there's no point of adding the DG to the search query. But in theory, should be the same for your scenario, I'm not really sure why it's skipping some of the members. Are they all regular user mailboxes? Do you have nested groups and other object types added as members of the DG?

 

@Tony Redmond might be aware of some gotcha...

View solution in original post

0 Likes
Reply