# Wipe Content from an Exchange Online Mailbox

•
•
•
•
•
•

This tool has been updated with new options.  See https://www.undocumented-features.com/2017/10/19/update-to-wipe-exchange-online-mailbox-script/.

Periodically over the years, I’ve run into content problems trying to migrate data to Exchange Online using third-party migration tools–they somehow get stuck, don’t like something existing in the destination mailbox (or didn’t write it properly in the first place) and you need a clean mailbox to restart the process.  You may have other reasons that you want to wipe it, including recycling the ID for another task, terminated employee and want to purge data manually before deleting the mailbox, or you just might be a BOFH.

In any case, it’s generally a tedious process, requiring you to either connect to OWA and manually delete folders and messages, remove the Exchange Online license and wait 30 days for the soft deleted mailbox to purge, or connecting an Outlook client, syncing the mailbox, and then deleting everything.

Until now.  Because if there’s one thing I’ve learned to do effectively in my life, it’s delete things.

To use this script, you’ll need:

– Office 365 Tenant (obviously)
– Exchange Web Services API.  If you don’t have it, the tool will attempt to download and install it automagically.  It prefers if it’s installed in the default location, but will do a bit of searching if it’s not.
– Run Enable-OrganizationCustomization (you’ll get a handy error message telling you it hasn’t been done)
– ID with the Mailbox Import Export and ApplicationImpersonation roles granted.  The script will check to see if your ID has it and grant it, but you’ll need to close your Office 365 session and log back in.

If you’re asking “Why do I need all of this?”  It’s simple–Search-Mailbox requires Mailbox Import Export, and EWS requires impersonation.  I use both methods because EWS is much faster for getting rid of the folder objects, and then search mailbox is much faster for clearing out the remaining data.  If you have a large mailbox and attempt to erase it with only Search-Mailbox, you will be there forever.

After you connect to your Office 365 tenant, the syntax is pretty easy:

If you haven’t run “Enable-OrganizationCustomization” in your tenant, nothing will work.  The management roles aren’t available until you do, so you should go ahead and run it.  I didn’t configure it to run automatically, since your organization may require a change control to make edits to your tenant.

If you’re clear to run commands in your tenant, you can run Enable-OrganizationCustomization.  If you’ve never run it, here’s what it looks like:

Assuming you’ve passed the first hurdle of having Organization Customization enabled, then the script will check to see if you have the proper role assignments.  If you don’t, it will try to grant them and prompt you to log back in to your session.  You may not have to do it, but I find it a general best practice for success that if you’re changing management role group memberships, it’s best to log off and log back in so your token can be updated–otherwise, it might not perform as expected.

Now that you’ve got the right roles assigned, we can continue.

Head on over to the TN gallery to pick up this latest gem.

https://gallery.technet.microsoft.com/Wipe-Exchange-Online-331ab4f4

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

1. Andy says:

Hi Aaron Thank you for that great script! i recognized a deviation between the Office365 displayed mailbox size and the “ResultItemSize”. Do you know the reason? Again, thanks a lot!

1. I’m guessing just a reporting lag due to replication (Office 365 UI connecting to one CAS server, PowerShell, another).

2. Don Young says:

Fantastic Script! One correction though, to run ‘ArchiveOnly’ you have to use ‘-Options ArchiveOnly’. Otherwise it throws an error saying ‘ArchiveOnly’ is not a valid parameter.

Additionally, if the mailbox has over 10,000 items it has to be run several times.

1. Aaron Guilmette says:

Thanks for the feedback. The description for the script has been updated (sometimes forget to do those).

Interesting on the 10,000 item limit. I’ll see if I can work around that.

3. Bose Jose says:

Great Script.
Would it possible to reset mailbox content of a softdeleted/inactivemailbox in o365

1. Aaron Guilmette says:

No. Soft-deleted and inactive mailboxes can’t be mounted, so you can’t iterate through them and delete objects, either. You would need to restore or recover the mailbox first.

4. Bose Jose says:

Gr8 Script.
Would I be able to use this to reset the contents of a softdeleted/Inactive mailbox?

5. Junaid Jeewa says:

Great script. I have a rather unique situation where I need to wipe multiple (many) mailboxes. Any ideas how this script could help?

any help will be greatly appreciated. Thanks

1. Aaron Guilmette says:

You could try running it through a loop:

$Users = @(‘user1@domain.com’,’user2@domain.com’,’user3@domain.com’) Foreach ($user in $Users) { .\Wipe-EXOMailbox.ps1 -Identity$user }

I didn’t structure it that way, so it will probably do a lot of “extra” work loading assemblies each time, but it should at least work.

This site uses Akismet to reduce spam. Learn how your comment data is processed.