Scenario: You want to recover email items that were deleted from the mailbox and were moved into the backend Purges and Deletions Recoverable folders. You want to recover only items that were deleted between a timeframe. You also want to place these deleted items into a single folder available in the mailbox.
Scriptlets:
Declare your Variables:
#Variables
$cred = Get-credential #credentials will fullaccess to access the mailbox
$mailboxname = "Jane@Domain.Com" #The Mailbox you wish to perform the query and restore on
$EWS_DLL = "C:Program FilesMicrosoftExchange ServerV15BinMicrosoft.Exchange.WebServices.dll"
$EWS_URL = "https://mail.domain.com/ews/exchange.asmx"
[datetime]$StartDate = "6/5/2017" #Used for the LastModifiedTime
[datetime]$EndDate = "6/19/2017" #Used for the LastModifiedTime
$RestoreFolder = "Recovered Items" #The folder thats is already created in the mailbox to restore to
Configure the EWS connection properties
#Configure connection to EWS
Import-Module -Name $EWS_DLL
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.Exchangeversion]::exchange2013)
$service.Url = new-object System.Uri($EWS_URL)
$service.UseDefaultCredentials = $false
$service.Credentials = $cred.GetNetworkCredential()
Attach to the following folders: Purges, Deletions, and Recoverable Items (created in mailbox to restore content to)
#Attach to Purges
$folderidpurges = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::RecoverableItemspurges,$MailboxName)
$purgesFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderidpurges)
#Attach to Deletions
$folderidDeletions = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::RecoverableItemsDeletions,$MailboxName)
$DeletionsFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderidDeletions)
#Attach to Recovered Items Folder
$PathToSearch = $restorefolder
$folderid = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::MsgFolderRoot,$mailboxname)
$tfTargetFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)
$fldArray = $PathToSearch.Split("")
for ($lint = 1; $lint -lt $fldArray.Length; $lint++) {
$fldArray[$lint]
#Perform search based on the displayname of each folder level
$fvFolderView = new-object Microsoft.Exchange.WebServices.Data.FolderView(1)
$SfSearchFilter = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsEqualTo([Microsoft.Exchange.WebServices.Data.FolderSchema]::DisplayName,$fldArray[$lint])
$findFolderResults = $service.FindFolders($tfTargetFolder.Id,$SfSearchFilter,$fvFolderView)
if ($findFolderResults.TotalCount -gt 0){
foreach($folder in $findFolderResults.Folders){
$tfTargetFolder = $folder
}
}
else{
"Error Folder Not Found"
$tfTargetFolder = $null
break
}
}
Create your Search Filter and perform the search
#Create and Apply an Search Filter
$sfCollection = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+SearchFilterCollection([Microsoft.Exchange.WebServices.Data.LogicalOperator]::And);
$Sfgt = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsGreaterThan([Microsoft.Exchange.WebServices.Data.ItemSchema]::LastModifiedTime, $StartDate)
$Sflt = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsLessThan([Microsoft.Exchange.WebServices.Data.ItemSchema]::LastModifiedTime, $EndDate)
$sfCollection.add($Sfgt)
$sfCollection.add($Sflt)
$view = new-object Microsoft.Exchange.WebServices.Data.ItemView(2000000)
$miMailItems = $DeletionsFolder.FindItems($sfCollection,$view)
Lastly, Move your email Items into the Recovery folder
###Moves your Email Items
$MiMailItems | %{
"Moving: "+ $_.LastModifiedTime +": " + $_.Subject.ToString()
[VOID]$_.Move($tftargetfolder.id)
}
Ex-Shell 