Exchange - Clean up Recoverable Folder
Aus Wikizone
https://learn.microsoft.com/en-us/microsoft-365/compliance/ediscovery-delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide#step-4-remove-the-delay-hold-from-the-mailbox
Erforderliche Benutzerrollen
Zum Anzeigen von Informationen zu den Postfächern anderer Personen benötigt man die Discovery Management Rolle
EAC (Exchange Admin Center) > Adminstrator-Rollen > Discovery Management
Beispiel Cleanup
Schritt 1 - Infos zur Mailbox holen
single item recovery and the deleted item retention period.
PS /Users/stephanschlegel> Get-Mailbox ewo | FL SingleItemRecoveryEnabled,RetainDeletedItemsFor SingleItemRecoveryEnabled : True RetainDeletedItemsFor : 1.00:00:00
information about the holds and retention policies applied to the mailbox.
PS /Users/stephanschlegel> Get-Mailbox ewo | FL LitigationHoldEnabled,InPlaceHolds
LitigationHoldEnabled : False
InPlaceHolds : {}
information about any organization-wide retention policies.
Get-OrganizationConfig | FL InPlaceHolds
determine if a delay hold is applied to the mailbox.
PS /Users/stephanschlegel> Get-Mailbox ewo | FL DelayHoldApplied,DelayReleaseHoldApplied DelayHoldApplied : False DelayReleaseHoldApplied : False
PS /Users/stephanschlegel> Get-MailboxFolderStatistics ewo -FolderScope RecoverableItems | FL Name,FolderAndSubfolderSize,ItemsInFolderAndSubfolders Name : Recoverable Items FolderAndSubfolderSize : 3.3 GB (3,543,727,845 bytes) ItemsInFolderAndSubfolders : 4914 Name : Audits FolderAndSubfolderSize : 15.28 MB (16,020,902 bytes) ItemsInFolderAndSubfolders : 2783 Name : Calendar Logging FolderAndSubfolderSize : 615.8 KB (630,589 bytes) ItemsInFolderAndSubfolders : 7 Name : Deletions FolderAndSubfolderSize : 3.284 GB (3,526,235,367 bytes) ItemsInFolderAndSubfolders : 1980 Name : DiscoveryHolds FolderAndSubfolderSize : 0 B (0 bytes) ItemsInFolderAndSubfolders : 0 Name : Purges FolderAndSubfolderSize : 821.3 KB (840,987 bytes) ItemsInFolderAndSubfolders : 144 Name : SubstrateHolds FolderAndSubfolderSize : 0 B (0 bytes) ItemsInFolderAndSubfolders : 0 Name : Versions FolderAndSubfolderSize : 0 B (0 bytes) ItemsInFolderAndSubfolders : 0
Einstellungen des Postfachs
PS /Users/stephanschlegel> Get-CASMailbox ewo | FL EwsEnabled,ActiveSyncEnabled,MAPIEnabled,OWAEnabled,ImapEnabled,PopEnabled EwsEnabled : True ActiveSyncEnabled : True MAPIEnabled : True OWAEnabled : True ImapEnabled : True PopEnabled : True
Schritt 2 - Mailbox vorbereiten
Kundenzugriff deaktivieren, damit er während der Reinigung keine Veränderungen machen kann.
Deleted item retention period auf 30 Tage (maximum) setzen. Damit die Items nicht aus den Recoverable Items gepurged werden bevor man sie selbst gelöscht hat.
Single Item recovery ausschalten, damit die items nicht zurückgeholt (retained) werden nachdem sie gelöscht wurden.
Managed Folder Assistant ausschalten, damit er die Mailbox nicht bearbeitet, und die Items zurückholt.
PS /Users/stephanschlegel> Set-CASMailbox ewo -EwsEnabled $false -ActiveSyncEnabled $false -MAPIEnabled $false -OWAEnabled $false -ImapEnabled $false -PopEnabled $false PS /Users/stephanschlegel> Set-Mailbox ewo -RetainDeletedItemsFor 30 PS /Users/stephanschlegel> Set-Mailbox <username> -ElcProcessingDisabled $true PS /Users/stephanschlegel> Set-Mailbox ewo -ElcProcessingDisabled $true WARNING: "ELC-Verarbeitung deaktiviert" wird außer Kraft gesetzt, wenn für ein Fallspeicherobjekt eine Erhaltungssperre "IsRestrictive" festgelegt ist. PS /Users/stephanschlegel> Set-Mailbox ewo -ElcProcessingDisabled $true WARNING: "ELC-Verarbeitung deaktiviert" wird außer Kraft gesetzt, wenn für ein Fallspeicherobjekt eine Erhaltungssperre "IsRestrictive" festgelegt ist.
Schritt 3 - Remove Holds
Wenn welche aus Schritt 1 sichtbar sind. Hier im Beispiel nicht. Ansonsten im Link nachschauen. Mögliche Holds:
Set-Mailbox <username> -LitigationHoldEnabled $false Get-MailboxSearch -InPlaceHoldIdentity <hold GUID> | FL Name Get-RetentionCompliancePolicy <retention policy GUID without prefix> | FL Name Get-RetentionCompliancePolicy <retention policy GUID without prefix> | FL Name ...
Schritt 4 - Delay Hold von der Mailbox entfernen
Wenn der Managed Folder Assistant merkt dass Holds entfernt wurden setzt er einen Delay Hold. Das bedeutet die DelayHoldApplied oder DelayReleaseHoldApplied mailbox property wird auf true gesetzt.
Schritt 5 - Löschen
Vorbereiten
Wir nutzen ein Skript im weiteren. Da die Skripte die verfügbaren Powershell Sessions verbrauchen diskonnekten wir die aktuelle remote Powershell Session
PS /Users/stephanschlegel> Get-PSSession | Remove-PSSession; Disconnect-ExchangeOnline Running this cmdlet clears all active sessions created using Connect-ExchangeOnline or Connect-IPPSSession. Press(Y/y/A/a) if you want to continue.
Step 1: Run the script to get a list of folders for a mailbox or site
#########################################################################################################
# This PowerShell script will prompt you for: #
# * Admin credentials for a user who can run the Get-MailboxFolderStatistics cmdlet in Exchange #
# Online and who is an eDiscovery Manager in the compliance portal. #
# The script will then: #
# * If an email address is supplied: list the folders for the target mailbox. #
# * If a SharePoint or OneDrive for Business site is supplied: list the documentlinks (folder paths) #
# * for the site. #
# * In both cases, the script supplies the correct search properties (folderid: or documentlink:) #
# appended to the folder ID or documentlink to use in a Content Search. #
# Notes: #
# * For SharePoint and OneDrive for Business, the paths are searched recursively; this means the #
# the current folder and all sub-folders are searched. #
# * For Exchange, only the specified folder will be searched; this means sub-folders in the folder #
# will not be searched. To search sub-folders, you need to use the specify the folder ID for #
# each sub-folder that you want to search. #
# * For Exchange, only folders in the user's primary mailbox will be returned by the script. #
#########################################################################################################
# Collect the target email address or SharePoint Url
$addressOrSite = Read-Host "Enter an email address or a URL for a SharePoint or OneDrive for Business site"
# Authenticate with Exchange Online and the compliance portal (Exchange Online Protection - EOP)
if ($addressOrSite.IndexOf("@") -ige 0)
{
# List the folder Ids for the target mailbox
$emailAddress = $addressOrSite
# Connect to Exchange Online PowerShell
if (!$ExoSession)
{
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -ShowBanner:$false -CommandName Get-MailboxFolderStatistics
}
$folderQueries = @()
$folderStatistics = Get-MailboxFolderStatistics $emailAddress
foreach ($folderStatistic in $folderStatistics)
{
$folderId = $folderStatistic.FolderId;
$folderPath = $folderStatistic.FolderPath;
$encoding= [System.Text.Encoding]::GetEncoding("us-ascii")
$nibbler= $encoding.GetBytes("0123456789ABCDEF");
$folderIdBytes = [Convert]::FromBase64String($folderId);
$indexIdBytes = New-Object byte[] 48;
$indexIdIdx=0;
$folderIdBytes | select -skip 23 -First 24 | %{$indexIdBytes[$indexIdIdx++]=$nibbler[$_ -shr 4];$indexIdBytes[$indexIdIdx++]=$nibbler[$_ -band 0xF]}
$folderQuery = "folderid:$($encoding.GetString($indexIdBytes))";
$folderStat = New-Object PSObject
Add-Member -InputObject $folderStat -MemberType NoteProperty -Name FolderPath -Value $folderPath
Add-Member -InputObject $folderStat -MemberType NoteProperty -Name FolderQuery -Value $folderQuery
$folderQueries += $folderStat
}
Write-Host "-----Exchange Folders-----"
$folderQueries |ft
}
elseif ($addressOrSite.IndexOf("http") -ige 0)
{
$searchName = "SPFoldersSearch"
$searchActionName = "SPFoldersSearch_Preview"
# List the folders for the SharePoint or OneDrive for Business Site
$siteUrl = $addressOrSite
# Connect to Security & Compliance PowerShell
if (!$SccSession)
{
Import-Module ExchangeOnlineManagement
Connect-IPPSSession
}
# Clean-up, if the script was aborted, the search we created might not have been deleted. Try to do so now.
Remove-ComplianceSearch $searchName -Confirm:$false -ErrorAction 'SilentlyContinue'
# Create a Content Search against the SharePoint Site or OneDrive for Business site and only search for folders; wait for the search to complete
$complianceSearch = New-ComplianceSearch -Name $searchName -ContentMatchQuery "contenttype:folder" -SharePointLocation $siteUrl
Start-ComplianceSearch $searchName
do{
Write-host "Waiting for search to complete..."
Start-Sleep -s 5
$complianceSearch = Get-ComplianceSearch $searchName
}while ($complianceSearch.Status -ne 'Completed')
if ($complianceSearch.Items -gt 0)
{
# Create a Compliance Search Action and wait for it to complete. The folders will be listed in the .Results parameter
$complianceSearchAction = New-ComplianceSearchAction -SearchName $searchName -Preview
do
{
Write-host "Waiting for search action to complete..."
Start-Sleep -s 5
$complianceSearchAction = Get-ComplianceSearchAction $searchActionName
}while ($complianceSearchAction.Status -ne 'Completed')
# Get the results and print out the folders
$results = $complianceSearchAction.Results
$matches = Select-String "Data Link:.+[,}]" -Input $results -AllMatches
foreach ($match in $matches.Matches)
{
$rawUrl = $match.Value
$rawUrl = $rawUrl -replace "Data Link: " -replace "," -replace "}"
Write-Host "DocumentLink:""$rawUrl"""
}
}
else
{
Write-Host "No folders were found for $siteUrl"
}
Remove-ComplianceSearch $searchName -Confirm:$false -ErrorAction 'SilentlyContinue'
}
else
{
Write-Error "Couldn't recognize $addressOrSite as an email address or a site URL"
}
TODO
TODO Check SingleItemRecovery und Retention Period
Information about single item recovery and the deleted item retention period.
Get-Mailbox <username> | FL SingleItemRecoveryEnabled,RetainDeletedItemsFor
Wenn SingleItemRecovery an ist muss es deaktivert werden (siehe Schritt 2).
Zugriff auf Mailbox und User sperren
Get-CASMailbox <username> | FL EwsEnabled,ActiveSyncEnabled,MAPIEnabled,OWAEnabled,ImapEnabled,PopEnabled
