Wipe Content from an Exchange Online Mailbox

Wipe Content from an Exchange Online Mailbox

Be the first to vote!

This tool has been updated with new options.  See https://www.undocumented-features.com/2017/10/19/update-to-wipe-exchange-online-mailbox-script/.  This tool also has a new home: https://www.powershellgallery.com/packages/Wipe-ExchangeOnlineMailbox/

Periodically over the years, I’ve run into content problems trying to migrate data to Exchange Online using third-party migration tools–they somehow get stuck, don’t like something existing in the destination mailbox (or didn’t write it properly in the first place) and you need a clean mailbox to restart the process.  You may have other reasons that you want to wipe it, including recycling the ID for another task, terminated employee and want to purge data manually before deleting the mailbox, or you just might be a BOFH.

In any case, it’s generally a tedious process, requiring you to either connect to OWA and manually delete folders and messages, remove the Exchange Online license and wait 30 days for the soft deleted mailbox to purge, or connecting an Outlook client, syncing the mailbox, and then deleting everything.

Until now.  Because if there’s one thing I’ve learned to do effectively in my life, it’s delete things.

To use this script, you’ll need:

– Office 365 Tenant (obviously)
– Exchange Web Services API.  If you don’t have it, the tool will attempt to download and install it automagically.  It prefers if it’s installed in the default location, but will do a bit of searching if it’s not.
– Run Enable-OrganizationCustomization (you’ll get a handy error message telling you it hasn’t been done)
– ID with the Mailbox Import Export and ApplicationImpersonation roles granted.  The script will check to see if your ID has it and grant it, but you’ll need to close your Office 365 session and log back in.

If you’re asking “Why do I need all of this?”  It’s simple–Search-Mailbox requires Mailbox Import Export, and EWS requires impersonation.  I use both methods because EWS is much faster for getting rid of the folder objects, and then search mailbox is much faster for clearing out the remaining data.  If you have a large mailbox and attempt to erase it with only Search-Mailbox, you will be there forever.

After you connect to your Office 365 tenant, the syntax is pretty easy:

.\Wipe-EXOMailbox.ps1 -Identity <emailaddress>

If you haven’t run “Enable-OrganizationCustomization” in your tenant, nothing will work.  The management roles aren’t available until you do, so you should go ahead and run it.  I didn’t configure it to run automatically, since your organization may require a change control to make edits to your tenant.

If you’re clear to run commands in your tenant, you can run Enable-OrganizationCustomization.  If you’ve never run it, here’s what it looks like:

Assuming you’ve passed the first hurdle of having Organization Customization enabled, then the script will check to see if you have the proper role assignments.  If you don’t, it will try to grant them and prompt you to log back in to your session.  You may not have to do it, but I find it a general best practice for success that if you’re changing management role group memberships, it’s best to log off and log back in so your token can be updated–otherwise, it might not perform as expected.

Now that you’ve got the right roles assigned, we can continue.

Head on over to the PowerShell Galleryto pick up this latest gem.


Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese. View all posts by Aaron Guilmette

Reader Comments

  1. Hi Aaron.
    What you did is exactly what I need to do. However, link to your PS script is no longer valid. Could you please send the updated one?
    Thank you so much for your contribution!

  2. Hi Aaron Thank you for that great script! i recognized a deviation between the Office365 displayed mailbox size and the “ResultItemSize”. Do you know the reason? Again, thanks a lot!

  3. Fantastic Script! One correction though, to run ‘ArchiveOnly’ you have to use ‘-Options ArchiveOnly’. Otherwise it throws an error saying ‘ArchiveOnly’ is not a valid parameter.

    Additionally, if the mailbox has over 10,000 items it has to be run several times.

    1. Thanks for the feedback. The description for the script has been updated (sometimes forget to do those).

      Interesting on the 10,000 item limit. I’ll see if I can work around that.

    1. No. Soft-deleted and inactive mailboxes can’t be mounted, so you can’t iterate through them and delete objects, either. You would need to restore or recover the mailbox first.

  4. Great script. I have a rather unique situation where I need to wipe multiple (many) mailboxes. Any ideas how this script could help?

    any help will be greatly appreciated. Thanks

    1. You could try running it through a loop:

      $Users = @(‘user1@domain.com’,’user2@domain.com’,’user3@domain.com’)
      Foreach ($user in $Users) { .\Wipe-EXOMailbox.ps1 -Identity $user }

      I didn’t structure it that way, so it will probably do a lot of “extra” work loading assemblies each time, but it should at least work.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version