All user mailbox search not working correctly RRS feed

  • Question

  • I have just started a job at a new company as their exchange admin. One of the tasks they want me to do is delete a few spam emails that went out to many users. I planned on using the search-mailbox cmd to find them and then delete the email messages. However I cannot seem to get this to work right for me. 

    The commands I've tried are 

    Get-Mailbox -server server01 | Search-Mailbox -SearchQuery 'Subject:"Alert:Somebody has run a back*"' -TargetMailbox "mymailbox" -TargetFolder "test" -LogOnly -LogLevel Full
    Get-Mailbox -database database1 | Search-Mailbox -SearchQuery 'Subject:"Alert:Somebody has run a back*"' -TargetMailbox "mymailbox" -TargetFolder "test" -LogOnly -LogLevel Full
    Get-Mailbox -resultsize unlimited | Search-Mailbox -SearchQuery 'Subject:"Alert:Somebody has run a back*"' -TargetMailbox "mymailbox" -TargetFolder "test" -LogOnly -LogLevel Full

    These all run normally, however the results message in outlook that I get is "The search has Failed." Says errors: None. Searched 173 mailboxes. 

    If I change the command to this: 

    Get-Mailbox -identity user1 | Search-Mailbox -SearchQuery 'Subject:"Alert:Somebody has run a back*"' -TargetMailbox "mymailbox" -TargetFolder "test" -LogOnly -LogLevel Full

    The search comes back and I get the email i'm looking for. So it works as expected with only one user selected. 

    Does anyone have any ideas on what could cause the multi-mailbox search to not function as expected?
    Monday, October 13, 2014 10:28 PM

All replies

  • You need to make sure your account is assigned the Discovery Management RBAC role.

    This process varies based on Exchange version. Which version do you have?

    Check out my latest blog posts on www.supertekboy.com A tech blog for I.T. Superheroes.

    Monday, October 13, 2014 11:21 PM
  • Do you have Content Indexes in healthy conditions? Get-MailboxDatabaseCopyStatus will give you if content indexes are healthy or not...


    Monday, October 13, 2014 11:33 PM
  • Hi,

    Please check if there is any event log in event viewer and then post them.

    In addition, to know more about Multi-Mailbox Search, please refer to this article.


    Best Regards.

    Tuesday, October 14, 2014 8:53 AM
  • We are running exchange 2010, SP3 UR4. 

    All content indexes are healthy. 

    Nothing appears in the event logs when I do the searches. There is the shell logs that just shows the command was successful. 

    My username is in the discovery management role grouping. 

    I did turn up my buffer size in the shell to watch what it does, and when i run the command the email message shwos up in outlook quickly saying it failed, but then the shell starts going through every mailbox showing what it found, and some of them do show that it found a few items. What would cause the message to show in exchange that it failed before it actually even searched the mailboxes? 

    Tuesday, October 14, 2014 12:53 PM
  • Is the account you are using a member of the domain admins group?

    I think there is a Full Access = Deny permission that might come into play.

    By default, domain admins cannot access mailboxes (even though, of course, they could change permissions to make that possible).

    EDIT - I do see it worked on  one mailbox - I'm not sure how the permissions may have been configured.

    This is the cmdlet I used to see permissions. Domain Admins *do* have full ADPermissions

    Get-Mailbox user1 | Get-MailboxPermission

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Tuesday, October 14, 2014 1:45 PM
  • I am not a domain admin. I am an exchange organization admin though. The one mailbox I ran the command on by itself was a random mailbox that I know I don't have any explicit permissions for and was one that I knew had received the email. 
    Tuesday, October 14, 2014 2:54 PM
  • Get-Mailbox -Identity useraccount | Add-MailboxPermission -User accountyourrunningthiscommandas -AccessRights Fullaccess -InheritanceType all

    Get-Mailbox -Identity useraccount | Export-Mailbox -SubjectKeywords “Subjectofemail” -DeleteContent

    Use the above commands to apply permissions and delete mail ona  single mailbox.  Remove the identity parameter to do on all mailboxes.

    Tuesday, October 14, 2014 3:03 PM
  • I don't really want to give my account full access rights to every mailbox. None of the documentation for doing this has said anything about requiring that. 
    Tuesday, October 14, 2014 3:11 PM
  • Anyone else have any ideas on this?
    Wednesday, October 15, 2014 9:35 PM
  • You need to be in the Discovery Management group to search MBs you don't have direct access to.
    Thursday, November 27, 2014 2:55 AM