Instructions for Bulk Delete Mail For Exchange

Table of Contents

1. Applicable Version

2. Applicable Scenarios

3. Prerequisites

4. How to Use

5. Special Notes

5.1 How to export all email addresses from Exchange

5.2 How to parse distribution group mailboxes in recipients

5.3 If the original subject ends with a space, such emails cannot be found

      5.4 About logs and processing progress  

      5.5 License Application

I. Applicable Versions

This software is applicable to Exchange server 2010/2013/2016/2019. The computer running this program needs to have .net framework 4.8 or above installed (Generally, Exchange server supports this, and Windows 10 clients also meet this requirement, no additional installation is needed).

II. Applicable Scenarios

- When a user has mistakenly sent an email that cannot be recalled and needs to quickly delete the relevant email from the Exchange server backend.

- When a large number of sudden phishing emails or virus emails are received, and there is a need to quickly delete the relevant emails from the Exchange server backend.

III. Prerequisites

Impersonation permissions must be configured for the account running this tool (needed for the first time) to allow it to access and operate user mailboxes.

Configuration method: Log in as an Exchange administrator and run the following in the EMS management interface (Replace 'svc-mail' below with your authorized account):

For compliance and auditing, it is recommended to create a separate account, such as the svc-mail account mentioned above, enable this account when using this tool, and disable it when not in use.

Note: This program does not log email searches, but when deleting emails, there is a log in the same directory as the program, formatted as: DelMailLog_yyyy-mm-dd_HHMMSS.txt.

For compliance, this program will not display the full content of the email in search results.

IV. How to Use

Note that the first time you use this program, you need to apply for a license. For the license application method, please refer to "License Application".

- Copy the program package to an Exchange server (or a client that can access Exchange).

- Run BDM.exe, then fill in the server connection information and option information as shown below.

Figure 1: Program Interface Function Description

After filling in the information, there are three choices:

The first and second choices are to search without deleting, and the third is to search and delete. The first and second choices are for verification before deletion to avoid accidental deletion (deletion is hard deletion, and cannot be recovered after deletion).

The first choice is suitable for accessing a large number of mailboxes. It uses a special method that can increase the processing speed by dozens of times (for example, a precise search for 15,000 mailboxes may take 3 hours, while this quick search takes less than 3 minutes). But the result may not be completely accurate (for example, a few emails may be missed, usually the first search is accurate). It is suitable for quick screening of a large number of mailboxes, and then accurately searching and deleting from the screened results by copying the found recipients to the second or third choice. This achieves a balance between speed and accuracy.

Figure 2: Use the quick search to filter out specific recipients from a large number of mailboxes.

Figure 3: Use the recipients obtained from the quick search for precise searching or deletion.

V. Special Notes

5.1 How to export all email addresses from Exchange

The following command exports all email addresses to mailboxes.csv.

The following command can also be used, but you need to manually replace the quotes in the document.

Get-Mailbox -ResultSize Unlimited | Select-Object PrimarySmtpAddress | Export-Csv -Path "c:\temp\mailboxes.csv" –NoTypeInformation

Please note that both commands above will not exclude disabled AD accounts, but it doesn't matter much, the quick search has little impact on speed.

The export speed depends on the number of mailboxes and may take a few minutes.

5.2 How to parse the group mailbox in the recipient

Copying the recipient from Outlook is the best and fastest method, but if there is a communication group in the recipient (it could be a communication group mailbox, a security group mailbox, or a dynamic communication group mailbox), you need to resolve the communication group into individual recipients. The program cannot handle this, it needs to be processed under Exchange powershell:

Right-click "Resolve mail group to member address.ps1", select Edit to run in ISE mode (you must use this method, so the command line display interface can accommodate enough email addresses)

Use the above mailboxes.txt as the input file for secondary parsing,

Copy the generated results to a TXT text (select the first line, then press the shift key, then select the last line, so all records are selected, right-click to select copy), pay attention to remove blank lines, there should be no spaces after each line of email address (generally, there will not be).

5.3 If the original subject has spaces at the end, such emails cannot be found

Such emails generally do not exist, but you may occasionally encounter them (for example, some automatically generated alert emails).

To verify whether there is a space at the end of the subject, you can open this email (such as in OWA), then select all replies, if there is a space at the end of the automatically generated subject, then there is a space at the end of the original subject.

5.4 About logs and processing progress

For quick searches, there are only error logs and no processing progress.

For precise searches and deletions, there are error logs and processing progress logs. Both are located in the same directory as the program, and the filenames are errorlog.txt and progress.txt respectively.

When deleting emails, there is also a separate log, formatted as: DelMailLog_yyyy-mm-dd_HHMMSS.txt.

5.5 License Application

Run GetUniqueID.exe, copy the generated machine code and submit it to the software party.