Email Hide and Go Seek: How to locate a specific email (down to the folder) in Office 365 using PowerShell

In many organizations, end users receive too much email to manage effectively. Many utilize rules to filter emails into specific buckets to make them easier to find. Over time, these rules compound, and could eventually lead to unintended consequences (i.e. receiving an email but being unable to find it).

When this happens, I’d typically run a quick message trace to establish whether the email was actually delivered or not. Many admins will stop there, advising the end-user to check their rule settings, but using PowerShell, we can find the email(s) for them!

First, let’s get logged into the Office 365 tenant:

$Credential = Get-Credential
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $ExchangeSession

Next, we can determine how many emails match the criteria in case there are more than one (Optional):

search-mailbox -EstimateResultOnly -identity [target user] -searchquery 'from:"[sender emai]" AND subject:"subject"'

Now for the coup de grâce, to reconstruct precisely which folder and sub-folder(s) of where the email(s) that match that criteria are in the user’s inbox:

search-mailbox -identity [recipient] -searchquery 'from:"[sender]" AND subject:"[subject] "' -targetmailbox "[your email] " -targetfolder "SearchResults"

In your inbox, you’ll see a folder called ‘SearchResults’. Using this, you can guide the end-user through the folder structure on their own Inbox that they’ll need to traverse to get to the desired email(s).

A new toolbox…

Almost a decade ago, I started a professional blog on called “IT Champloo“. At the time, IT Toolbox was a thriving community of professionals sharing advice, experiences and wisdom.

Over the years, the platform’s performance and usability slowly declined (as did my interest in creating content for a site where banner ads were given more real estate than my articles).

When the domain, became available, I decided to snatch it up and migrate my content to it. This blog will serve as a repository for tips, tricks, commentary and observations in the hopes that they might be use to someone later down the road.

How To: Resolving a System Hang During Patching, Remotely!

Routine patching of systems and software is a crucial piece of any business’ information security strategy. Even so, many systems go unnoticed and unpatched for months, even years until an external threat forces the organization into action (e.g. the recent WannaCry ransomware outbreak).

When that happens, server administrators need to be prepared for irregularities they’re likely to encounter, such as a hang prior to reboot.

In this scenario, we’re going to assume that you’ve just finished patching and clicked the “Restart Now” button. You begin a continuous ping (ping -t [hostname/IP address]) and wait for the server to restart.

Let’s assume a normal reboot takes 5-10 minutes for this machine, and that 25+ minutes have passed.

You check the console, and are greeted by the “‘Preparing to Configure Windows. Do not turn off your computer” message. Time continues to pass while your maintenance window dwindles like falling grains in an hourglass… pressure is mounting, the business won’t wait. Time for action!

Logged in as an Administrator from your workstation check the Windows Module Installer service on the remote system…

  1. Run services.msc
  2. Right-click “Services (Local)” and select “Connect to another computer …”
  3. Make sure the “Another computer” radio button is selected and enter the hostname of the stuck server and click “OK”
  4. Search for “Windows Module Installer” service and verify its status. If it’s “stopping,” then you will need to force it to stop. This can’t be done here, so we’ll need to query its PID and use our old friend TaskKill to manually kill the service

Query the Process ID (PID) of the Windows Module Installer (TrustedInstaller) service…

  1. Open Command Prompt as an Administrator
  2. Run the following command:
sc \\[hostname of the server] queryex trustedinstaller

This will return (among other information) the PID of the stuck service, write it down as you’ll need it for the next step

Kill the hung service remotely using TaskKill…

  1. From the Command Prompt already opened, run the following
command:taskkill /s [hostname of the server] /pid [PIDFromAbove] /t

Congratulations, your system should now be unhung! Check your console or continuous ping to verify that the system is restarting and proceed to the next round of updates.

Windows 10 Woes

Like many others, when Microsoft told me I was entitled to a free upgrade from Windows 8.1 to 10, I decided to take them up on the offer.

I downloaded the installation media, and the upgrade went relatively smoothly. I had a few driver issues at first, but was eventually able to iron everything out.

After a week or two of using the new OS, I started to encounter strange UI bugs…

At first, my start menu tiles stopped accepting mouse clicks. I could still launch applications that were pinned to the taskbar, but could not click on any Windows UI menu elements.

This got progressively worse until no windows or applications would accept mouse input. I could still see the cursor and move it around, I could right click and drag on the desktop, but couldn’t interact with anything else using the mouse.

I could still use Keyboard shortcuts as a work around, but it made things awfully inconvenient. I searched for a fix, but the only thing I came up with was a powershell script that purportedly fixed “Start menu” issues:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

This worked for me (after a reboot), but sure enough, the problem came back within a few days. In addition to everything else, it started crashing with a BSOD “Memory_Management” error.

I wasn’t thrilled about disabling all of my devices and enabling them back one-by-one until I found the faulting driver so a clean install started to look more appealing.

I did this, but discovered that I my newly installed Windows 10 wasn’t activated, nor could I activate it as Microsoft’s brilliant new system doesn’t give you an activation key on the free upgrade!

In theory, your PC is supposed to Automagically ™ active itself as soon as it’s connected to the internet. That is, unless there’s a problem with the activation server (as many have encountered) or some other issue…

Microsoft recommends doing a fresh re-installation of whatever previous OS you were on, then running the upgrade again, but that’s nonsense!

All you have to do to fix the activation issue (assuming, like me, you started with the upgrade) is reboot from Windows 10 installation media and select “Reset your PC” with the “Keep my files” option selected.

After several reboots, my Windows 10 installation was repaired – no more UI issues, and successfully activated WITHOUT having to reinstall Windows 8…

Don’t be an IT Order Taker!

Last year, the old Maytag Man (as portrayed by Gordon Jump) who sat bored in his dispatch office, waiting for a repair call that never came was replaced with a younger, more versatile model. Sad really, as I’m going to miss Ol’ Lonely, but I’d never emulate him, and you shouldn’t either!

Early on in my career, I worked in sales. I’ve carried that experience with me all through my career as it taught me the value of proactivity. There were those who sat under a tree of pre-qualified prospects, waiting for low hanging fruit to drop off the branch. These people rarely made quota, and eventually moved on or were let go.

Amazingly, many IT Managers (particularly in the Middle East) are the same way;  they perceive their job as merely order takers, putting out fires as they appeared, happy to go on maintaining the status quo.

Perhaps these IT Managers aren’t taking time to understand the business and it’s needs. It could also suggest that they lack confidence and/or initiative.

Whatever the case, salespeople and IT Managers alike who take  initiative will always have an advantage over those who don’t, and are less likely to be caught off-guard by issues that will [inevitably] arise.

So what can you do to be more proactive? Here are some suggestions that may help:

  1. “Don’t wait until it’s raining to mend your roof – do now, while the sun is shining.”Nothing is ever an IT emergency until it becomes one.The more time you spend preventing fires, the less time you’ll spend putting them out! (Backups, DRPs, documentation, etc.)
  2. “Make your rounds!”Often times, many easily-correctable issues go unreported because the employee(s) suffering from them can’t be bothered to submit a ticket, or don’t know how to articulate it. You can save a lot of time by visiting with people face-to-face to understand what their pains.Do this at every level of the organization! Be friendly, be approachable!
  3. “The map is NOT the territory, get out there once in a while and see it for yourself!”Don’t rely solely on documentation! It could be outdated, there may be human error, or other factors introduced in the course of maintaining your Asset Register/CMDB.
  4. “Focus on what’s important.”This cliché has been beaten to death, so I’ll try to make it simple and relevant – anything the business depends on to make money should be your highest priority, followed by the systems which support them and so on and so forth. 
  5. “Those who ignore history have no past – and no future!”Acknowledge those who have come before you. Study their mistakes, learn from them! It’s much less painful to side-step an avoidable pitfall than to climb out of it after-the-fact.