Hello We have a shared mailbox named IT Helpdesk in our Exchange 2007 environment. Unfortunately, someone has sent a very rude message to one of the internal staff. We need to trace who it was, but message tracking doesn't show which Outlook client submitted the message. The only thing we thought of was getting a list of everyone who has Send As rights to that mailbox and then searching their Sent Items (yes, I know they may have deleted it!). I know we can use Export-Mailbox, but was hoping someone could help out on the finer points of the entire command. Also, a results log at the end of the script so we can see how many hits we had? So far, we have i. List of users is C:\List.txt ii. Subject is "Joke666" iii. Sent Date was May 11th 2011 iv. Recipient was john.doe@domain.com Hopefully, we can search through everyone's Sent Items, and if they have mail that meets that criteria then that message would be exported to a PST that has the user's name. Any ideas?

Get on it! Don't waste time asking for finer points, start exporting!Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Thanks, but the reason I asked the question is I don't know how to use the command, i.e. not sure what to type to get the below: i. List of users is C:\List.txt ii. Subject is "Joke666" iii. Sent Date was May 11th 2011 iv. Recipient was john.doe@domain.com Hopefully, we can search through everyone's Sent Items, and if they have mail that meets that criteria then that message would be exported to a PST that has the user's name. Do you know how to construct this command?

If you're going to work off a list, you'll need to write a script, so in the interest of time I recommend that you forget looking at individual users and pull the message from all mailboxes. The rest of it is explained very well in the documentation. Start here: http://technet.microsoft.com/en-us/library/bb266964(EXCHG.80).aspx.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

We have all weekend as no one in the group has out of hours access to their mailbox. In the interests of time, I actually just gave myself access to all their mailboxes and checked the Sent Items, no joy. Just for future reference, I'd like to know how to do this via Powershell. I figure the command would be: Export-Mailbox -IncludeFolders "\Sent Items" -SubjectKeywords "Joke666" -StartDate "05/11/2011" -RecipientKeywords john.doe@domain.com But here I'm a little stuck. I can see two ways of doing this: 1. Use these commands one after the other Get-mailbox -identity "User1" | Export-Mailbox -IncludeFolders "\Sent Items" -SubjectKeywords "Joke666" -StartDate "05/11/2011" -RecipientKeywords john.doe@domain.com -pathtoPST c:\user1.pst Get-mailbox -identity "User2" | Export-Mailbox -IncludeFolders "\Sent Items" -SubjectKeywords "Joke666" -StartDate "05/11/2011" -RecipientKeywords john.doe@domain.com -pathtoPST c:\user2.pst And so on.... 2. Find a way to way that will do the following: Get-content c:\userlist | Get-mailbox | Export-Mailbox -IncludeFolders "\Sent Items" -SubjectKeywords "Joke666" -StartDate "05/11/2011" -RecipientKeywords john.doe@domain.com -pathtoPST c:\<usernames>.pst Any ideas?

I think you're overcomplicating this. If you know the subject line, why not just export everything with that subject line and not worry about who received it? I would just run it once on each mailbox database: Get-Mailbox -ResultSize Unlimited | Export-Mailbox -SubjectKeywords "Joke666" -StartDate "05/11/2011" -pathtoPST c:\badstuff.pst -DeleteContent:$True You want that last parameter since you want to remove the messages from the mailboxes, right? If you end up removing a little too much, it'll still be in the PST file and you can give it back to them. But what of value could contain "Joke666" in the subject line, really? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Edd Sorry, maybe I am not making the situation clear. So someone from the Helpdesk has sent a very rude email, with Subject line "Joke666", to a key user(john.doe@domain.com) frmo the Helpdesk mailbox. Management are asking who sent it. Message tracking etc doesn't help tie down to actually sent it, so the only thing I thought of was searching the mailboxes (Set Items) of all of the Helpdesk (i.e. people who have access to the Helpdesk mailbox). There are about 20 Helpdesk guys, and I heard that we could use the Export-Mailbox command to search multiple mailboxes for a specific mail, and export it to a PST (so we have it as proof). In the end, I just gave myself access to their mailboxes and searched myself, but I'm sure this situation will happen again. I was just wondering the best way to search for a given message within a list of users' mailboxes and export it to a PST. Hence my previous post? :)

The way you did it is probably the best way. If you have this kind of thing going on all the time a better approach might be a real archiving system. If you want to go mailbox-by-mailbox you could create a CSV file with the following format: Name Joe Jokester Jane Deviant ... where the first line is exactly "Name", each of the names is the display name or alias. Then run a PowerShell script something like this: $Mailboxes = Import-CSV -Path "C:\Temp\Suspects.csv" ForEach ($Mailbox In $Mailboxes) { $Name = $Mailbox.Name $PSTPath = $Mailbox.Name + ".pst" Export-Mailbox -Identity $Name -IncludeFolders "\Sent Items" -SubjectKeywords "Joke666" -StartDate "05/11/2011" -PathToPST $PSTPath } Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi GNoble1979, Ed’s solution is good. I have followed his solution to test in my lab Test in may lab (Exchange 2007 SP3 and Outlook 2010) <1> Create a CSV file just as Ed: Name Joe Jokester Jane Deviant ... <2> I save the file at this path: C:\test.csv <3> Make sure the user have permission on the mailboxes you want to export. <3> Run this command to export the file: Import-CSV -Path "C:\test.csv"|ForEach-Object { $Name = $_.Name $PSTPath = "C:\"+$Name + ".pst" Export-Mailbox -Identity $Name -IncludeFolders "\Sent Items" -SubjectKeywords "Joke666" -StartDate "05/11/2011" -PSTFolderPath $PSTPath } Here is a related document for you: Export-Mailbox http://technet.microsoft.com/en-us/library/aa998579(EXCHG.80).aspx Thanks, Evan Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.