В некоторых случаях возникает необходимость найти или удалить сообщение из почтовых ящиков пользователей. Например:
Для этого иcпользуются командлеты Search-Mailbox и New-ComplianceSearch
<# $MyRequest = 'Subject:"Letter to" AND (from:"andrey@mydomain.ru" OR from:"sergeyw@mydomain.ru")' $MyRequest = 'from:"spamer@gmail.com" AND Subject:"Валерия" AND Received >10/02/2024"' $MyRequest = 'from:"Valery@mydomain.ru" AND to:"user28@gmail.com" AND Sent >= 09/11/2023' $MyRequest = 'from:"Yurio@mydomain.ru" AND Subject:"Костюмы на конкурс Розовая свинка 2024" AND Received:"12/11/2024 13:30..12/11/2024 17:00"' #> # ШАГ 1 $MyMailbox="my@mydomain.ru" $MySender="noreply@opros.mydomain.ru" $MyRecipient="Link@Internetmydomain.ru" # ШАГ 2 $MyRequest = 'from:"'+$MySender+'" AND to:"'+ $MyRecipient +'"' # ШАГ 3 Search-Mailbox -Identity $MyMailbox -SearchQuery $MyRequest -EstimateResultOnly # ШАГ 4 Search-Mailbox -Identity $MyMailbox -SearchQuery $MyRequest -DeleteContent -Force
$mymailboxes=(@' myemail@mydomain.ru '@).split("`n")| foreach {$_.trim()} | Sort-Object -Unique $MyRequest = 'Subject:"Letter to" AND (from:"andrey@mydomain.ru" OR from:"sergeyw@mydomain.ru")' $MyRequest = 'from:"spamer@gmail.com" AND Subject:"Валерия" AND Received >10/02/2024"' $MyRequest = 'from:"Valery@mydomain.ru" AND to:"user28@gmail.com" AND Sent >= 09/11/2023' foreach ($MyItem in $mymailboxes){ $a="" $a=get-mailbox $MyItem -ErrorAction SilentlyContinue if ($a) { $MyItem Search-Mailbox -Identity $MyItem -SearchQuery $MyRequest -EstimateResultOnly # -DeleteContent -Force # -EstimateResultOnly } }
SearchQuery {Subject:"RE:Ненужное письмо" OR body:"лишний текст"} -SearchQuery 'hasattachment:true AND Size >20971520' -SearchQuery 'from:"evil@example.com" AND to:"v.pupkin@example.com"' -SearchQuery 'isread:false' -SearchQuery 'size>200000' -SearchQuery 'attachment:"virus.pdf"' -SearchQuery 'attachment -like:"*.zip"' -SearchQuery sent:22/02/2022 -SearchQuery {Received:20/06/2020..22/02/2022} -SearchQuery {Received:> $('07/07/2021')} Search-Mailbox -Identity "Joe Healy" -SearchQuery "Subject:Project Hamilton" -TargetMailbox "DiscoveryMailbox" -TargetFolder "JoeHealy-ProjectHamilton" -LogLevel Full Search-Mailbox -Identity "April Stewart" -SearchQuery 'Subject:"Your bank statement"' -TargetMailbox "administrator" -TargetFolder "SearchAndDeleteLog" -LogOnly -LogLevel Full Search-Mailbox -Identity "April Stewart" -SearchQuery 'Subject:"Your bank statement"' -DeleteContent Get-Mailbox | Search-Mailbox -SearchQuery 'election OR candidate OR vote' -TargetMailbox "Discovery Search Mailbox" -TargetFolder "AllMailboxes-Election" -LogLevel Full
New-ComplianceSearch -Name "Hold Project X" -ExchangeLocation "Finance Department" в группе Finance Department New-ComplianceSearch -Name "Hold-Tailspin Toys" -ExchangeLocation "Research Department" -ContentMatchQuery "'Patent' AND 'Project Tailspin Toys'" New-ComplianceSearch -Name "AnnBeebe-InactiveMailbox" -ExchangeLocation .annb@contoso.onmicrosoft.com -AllowNotFoundExchangeLocationsEnabled $true $Search = New-ComplianceSearch -Name "DeleteMessageSearch" -ExchangeLocation All -ContentMatchQuery 'message-id:"<MessageID>"'