Targeted Email Removal with Exchange Online Powershell

In the course of administering an Exchange Online instance I’m occasionally asked to locate and remove an email (or set of emails) from the entire tenant. The quickest way to do this is via PowerShell:

Connect to the Exchange Online instance, enter your credentials when prompted:

Connect-ExchangeOnline

Next, Connect to the Security and Compliance Center PowerShell, entering your credentials again when prompted:

Connect-IPPSSession

Now that you’re connected, you can create a new compliance search to locate the email(s) you wish to remove:

New-ComplianceSearch [SearchName] -ExchangeLocation 'All' -ContentMatchQuery 'from: "*@something.com"'

In the example above, I’m searching for all content across all mailboxes from a specific domain (e.g. @something.com), but you can modify the scope of the search by adjusting the location and content match query (i.e. searching by subject or just looking at specific mailboxes/folders etc.).

Once the search is created, you will need to start it:

Start-ComplianceSearch [SearchName]

While the search is ongoing, you can check on its status:

Get-ComplianceSearch [SearchName]

NOTE: You can use the |fl parameter to obtain additional information on the compliance search status.

Once completed, you can use the purge the emails located by the search:

New-ComplianceSearchAction -SearchName [SearchName] -Purge -PurgeType SoftDelete

 

Email Hide and Go Seek: How to locate a specific email (down to the folder) in Office 365 using PowerShell

In many organizations, end users receive too much email to manage effectively. Many utilize rules to filter emails into specific buckets to make them easier to find. Over time, these rules compound, and could eventually lead to unintended consequences (i.e. receiving an email but being unable to find it).

When this happens, I’d typically run a quick message trace to establish whether the email was actually delivered or not. Many admins will stop there, advising the end-user to check their rule settings, but using PowerShell, we can find the email(s) for them!

First, let’s get logged into the Office 365 tenant:

$Credential = Get-Credential
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $ExchangeSession

Next, we can determine how many emails match the criteria in case there are more than one (Optional):

search-mailbox -EstimateResultOnly -identity [target user] -searchquery 'from:"[sender emai]" AND subject:"subject"'

Now for the coup de grâce, to reconstruct precisely which folder and sub-folder(s) of where the email(s) that match that criteria are in the user’s inbox:

search-mailbox -identity [recipient] -searchquery 'from:"[sender]" AND subject:"[subject] "' -targetmailbox "[your email] " -targetfolder "SearchResults"

In your inbox, you’ll see a folder called ‘SearchResults’. Using this, you can guide the end-user through the folder structure on their own Inbox that they’ll need to traverse to get to the desired email(s).

Review: Mouse Without Borders (Free Software KVM)

Keyboard, Video and Mouse (KVM) switches (as a hardware device) have been around for over 20 years, and were used to control multiple computers from a single keyboard, mouse and display. These are still widely use in datacenters to control multiple servers but aren’t that ubiquitous for home use.

I am far more effective on a full-sized keyboard and mouse than I am typing on a cramped laptop keyboard. This is especially trying with the two systems I’m working with presently as they both have function (Fn) buttons, but are in different places.

I could hook up two sets of keyboards and mice, but that would take up a lot more of my desk space, and may not be ideal for many scenarios, particularly when I’m working out of a cubicle from a client site.

I’d been looking for a way to manage multiple systems, but many of the ones I looked at that were advertised as ‘free’ turned out to be nagware, or key features were locked behind a pay wall. After reading an article on raymond.cc, I settled on “Microsoft’s Mouse Without Borders”.

  1. It’s free.
  2. It’s relatively simple to install and configure.
  3. Where it works, it works great!

It doesn’t play nice with VPNs as others have observed. There are ways around this which may or may not work depending on your VPN settings and whether or you’re able to make changes to them.

If you’re managing 4 or fewer computers and don’t require a hardware KVM, I suggest giving it a try! I’ve placed a link on my tools page.



Slipsteaming Drivers into Windows Setup CDs/DVDs

NOTE: This post was written almost 10 years ago, and republished here for posterity. As such, no attempt has been made to update the links or information below.

I recently had to repair an installation of Windows Server 2003. Unfortunately, Windows Setup was unable to automatically detect my RAID controller, and while you can press F6 during setup to provider a 3rd party driver, this won’t work for computers without floppy drives.

One solution is to “slipstream” the drivers you need into your Windows Setup media. Slipstreaming is a technique used to insert additional drivers, updates and service packs into your installation disks. This can be done manually by manipulating installation files, or by using a 3rd party tool such as nLite (vLite is the Vista version), AutoStream and PE Builder. I personally prefer nLite because it’s free, relatively easy to use, and works with a wide range of Microsoft OS’s. Best of all, you can also use it to remove unwanted or unneeded components, tweak system options, or set preferences in advance to create an unattended setup disk. Here’s procedure I used:

  1. Download and install nLite (https://nliteos.com/download.html)
  2. Copy the contents of your Windows setup CD to a folder on your hard drive (e.g. N:\Windows Setup Files)
  3. Start the nLite application, the click Next to advance to the source file screen
  4. Browse to the files you copied above, click Next again. nLite will detect the OS type, then click Next again to proceed
  5. The next screen gives you the ability choose a previous configuration if you have one, or you can click Next again to skip it and start fresh
  6. The next screen allows you pick and choose what features you want to manipulate, I chose “Integrate > Drivers” and “Create > Bootable ISO”, then Next to take you to the Driver selection screen
  7. Click Insert. If your driver directory comes with multiple .INF or .SYS files, you should select Multiple Driver Folder, otherwise, you can use Single Driver
  8. There will be a pop-up window prompting you to select a driver and a mode. The options are Textmode or PnP. Anything that you need to pre-load prior to installation should be installed as Textmode. NOTE: Be sure to use “Textmode” for any drivers windows will need to begin setup! I chose this option for my RAID controller drivers.
  9. Push Ok > Next to proceed, and when prompted, choose Yes to start the process
  10. When done, it should display the create window. At this point, you can create an ISO or burn the image directly to the CD There you have it!