Tag: Search-Mailbox

Scenario:  You are asked the question if you can provide a count of email items based on certain words per mailbox.

You sure can! I will give you a CLUE…

We are going to look in each mailbox (the $mbx variable) for any email items that contain each word (in the $word variable).

Specifically, since I think it was Colonel Mustard, I will add his name as a AND statement in the KQL Search.  Because this game can be complex, I  will also include a NEAR statement to add a little of that complexity to the search-mailbox searchquery-KQL language.

Scriptlet:

#Variables
$mbx = “ProfessorPlum”, “MrsPeacock”, “MissScarlet”
$Word = “Candlestick”,  “Rope”,  “Wrench”
$word += “Ballroom NEAR(2) inside”, “Study NEAR(2) inside”, “Dining NEAR(2) Room”
$Result = @()

#Loop it
$mbx | %{
    $n = $_
    #Loop the Word
    $Word | %{
          $w = “$_”
          “Searching $n for word: $W”
          #Perform Serach
          $1 = (Search-Mailbox $n -SearchDumpster -SearchQuery “(Mustard) AND ($W)”  -EstimateResultOnly).ResultItemscount
         
          #Add to Table
          $returnobj = new-object psobject
          $returnobj |Add-Member -MemberType NoteProperty -Name “Name” -Value $n
          $returnobj |Add-Member -MemberType NoteProperty -Name “Word” -Value “(Mandava) AND ($W)” 
          $returnobj |Add-Member -MemberType NoteProperty -Name “EmailItemCount” -Value “$1” 
          $Result += $returnObj
         
          $w = $Null
          $1 = $null
          }
    $n = $null
    }

To view or Export:

$result

$result | Export-csv C:tempresult.csv -notypeinformation

Scenario: You want to non-invasively search a mailbox in order to find content between a date range.

Solution:  Run the following command(s):

search-mailbox userid -searchquery “kind:Email AND Received:1/1/1900..08/01/2014” -EstimateResultOnly

Note: You can remove estimateresultonly and replace with TargetMailbox and TargetFolder to export the queried contents of the mailbox to view the messages.  You can also use the following KIND variables to target certain message types in your search:

Email
Meetings
Tasks
Notes
Docs
Journals
Contacts
IM

Scenario:  A user is missing a message in their mailbox claiming it ‘disappeared’.  The possibilities are:

1.  The message was accidentally deleted.
2. The message was accidentally moved into another folder.
3.  The message exists in the mailbox folder, except the items in that folder are not sorted correctly. Note:Sorting by the Received date will make all emails in that folder in chronological order

Solutions:

You could request permission from the user who owns the mailbox to allow you to have full access permission and search their mailbox via OWA — but this can be a little time consuming.  Instead  perform a ‘search-mailbox’ against the mailbox to locate the missing message:

Get a count of all messages that match the subject line:

Search-Mailbox jdoe1 -SearchQuery Subject:”Attention: Please Read this Email” -EstimateResultOnly

Create a copy of the messages that match the subject line:

Search-Mailbox jdoe1 -SearchQuery Subject:”Attention: Please Read this Email” -targetmailbox ExAdmin1  -searchdumpster

OR for a search with additional properties to be queried:

Search-Mailbox jdoe1 -SearchQuery {Subject:”Attention: Please Read this Email” AND from:”President@Domain.com”  AND Sent:”7/10/2015″} -Targetmailbox ExAdmin1 -searchDumpster

Note: it may request you to name a target folder so it can create that folder in the ExAdmin1 mailbox.  The search results will be then copied to that target folder in the folder hierarchy for where the messages are stored. For example, if there are messages in the inbox and deleted items of the mailbox being searched against, you will have the search results copied to the inbox and deleted items folder under the targetfolder that was created.