The estimated reading time 4 minutes
Cleanup Exchange mailbox via scheduled task (Exchange 2013/2016)
Lot’s of customers ask whether it’s possible to clean up a certain mailbox in exchange periodically. I did some scripting and made a tutorial for running the script as scheduled task.
Link to the script on Github:
my personal recommendation is to execute this script directly on the exchange server. For this action the user who executes does not have the need of domain admin rights. By the way the script does not work with the default domain admin because you need special permissions the execute search-mailbox with the delete parameter.
For this reason first do the preparation carefully!
In my case I created a special “deleteuser” which receives the right permission in my testing Exchange 2016 environment.
Open the Exchange Powershell as Administrator and type the following command:
New-ManagementRoleAssignment -Name ImportExportRole -User "domain\user" -Role 'Mailbox Import Export'
Replace the user with your own user who should get the permission to delete content from mailboxes (this is also the user who executes the script)
NOTE: Please use the SamAccountName
If you do not know the SamAccountName you can have a look in exchange powershell ( Get-Mailbox | fl name,alias,displayname,samaccountname).
The “deleteuser” also has to be member of the discovery management / organization management.
You can add the user to discovery management via exchange console (or Active Directory).
Please also locate my powershell script on the server
In my test environment I use the path on the exchange C:\Scripts\mailbox-cleanup\mailbox-cleanup-0-1.ps1
Before use you have to edit the script.
Please fill in the user who has the required permissions (in my case “deleteuser”) and the user who should be cleaned up.
Installation of the Active Directory Powershell Module (you can type in this command directly into ISE).
The next preparation is to add the “deleteuser” to the local Administrator Group of the server where the script is executed. This is done so you get no access denied errors /logon errors etc.
Another permission for this user is the organization management. This permission is also needed during the procedure of the script. (If you can’t find this group you have to make advanced view in active directory visible Viev->Advanced View).
this is the last preparation in powershell:
Set-ExecutionPolicy Unrestricted -Force
Actually the task can be created like shown here ( in my testing environment I use the default pathes, they can be different in some installations):
You need to call the powershell.exe, as argument there should be the path to the exchange remotesession and the script.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\Scripts\mailbox-cleanup\mailbox-cleanup-0-1.ps1
If the user has no permission to logon as batch (normally no user expect domainadmin has) you get this message:
To give the user required permissions start the local security policy as shown.
Now it should be possible to start the task.
Outlook before the cleanup (NOTE: calender and other objects will also be deleted).
Have a look inside the script folder, here should be a log file like this.
Have fun and write comments or emails.