There are many reasons you might want to delete mailboxes from an Exchange Server. You might want to clear a database from some test users or remove those who have left the organization. Remember that you might need to delete mailboxes as soon as an employee leaves an organization. Mailboxes are a potential gold mine of Personal Information. They may contain sensitive information concerning both clients and other employees. That is why, in most situations, it is best to delete mailboxes quickly to ensure a high level of data protection. It is not worth risking any security breaches, especially if you want to comply with the GDPR. This article shows how to delete mailboxes along with AD users in the on-premises Exchange using PowerShell.
Before I get technical, a word of warning. Please, make sure you are removing the right mailboxes. Just in case, temporarily forget about using -Confirm:$false parameter.
Before you start deleting mailboxes, make sure you have sufficient permissions. To run the Remove-Mailbox cmdlet, you need to have the Mail Recipient Creation role assigned. By default, only members of Organization Management and Recipient Management role groups have sufficient privileges.
How to delete a single mailbox in Exchange Server
- Make sure you are removing the right mailboxes.
- Make sure you have sufficient permissions.
- Delete a single mailbox using cmdlet:
Remove-Mailbox <Mailbox-you-want-to-delete>
Mind that using the cmdlet from above soft-deletes the mailbox of your choosing. Soft-deletion means that the mailbox is marked for purging and will be permanently deleted as soon as the mailbox deletion retention period passes. The default retention period is 30 days. To check the retention period in your organization, run the following cmdlet:
Get-MailboxDatabase | FL -Property PSComputerName,MailboxRetention
In Exchange Server 2019/2016 you can add the –Permanent parameter to skip the soft-deletion phase.
Mind that for a single mailbox deletion you can also use the ADUC or ADSIEdit.
How to delete multiple mailboxes in Exchange Server
- Make sure you are removing the right mailboxes.
- Make sure you have sufficient permissions.
- Delete multiple mailboxes using cmdlet within a pipeline. For example, if you want to delete members of a certain distribution group, use:
Get-DistributionGroupMember <name of a distribution group> | remove-mailbox -whatif
Why use the -whatif switch? Just in case. Thanks to this attribute, you can see which mailboxes you will delete with the cmdlet. When you confirm you want to delete the chosen mailboxes, use the cmdlet without the -whatif switch.
You can also quickly delete inactive mailboxes using the following script:
Get-Mailbox -ResultSize Unlimited –RecipientTypeDetails UserMailbox,SharedMailbox | Where {(Get-MailboxStatistics $_.Identity).LastLogonTime -lt (Get-Date).AddDays(-90)} | Remove-Mailbox -whatif
The script above (after deleting the -whatif switch) removes all mailboxes which have been inactive for more than 90 days. Again, make sure you want to remove all of them – some users might not have logged in to their mailboxes because of a long-term leave.
How to permanently delete a disconnected mailbox in Exchange
If you delete an AD user, their mailbox becomes disconnected. This situation might happen when a user leaves the company, and their AD account is deleted. Disconnected mailboxes are purged automatically when the deleted mailbox retention period passes (30 days by default). When you deal with disconnected mailboxes, you can either reconnect them or delete them permanently. But first, you need a way to identify them.
The following cmdlet shows you the list of disconnected mailboxes in your on-prem Exchange Server:
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -ne $null } | ft DisplayName,MailboxGuid,DisconnectDate,DisconnectReason
If you want to permanently delete all disconnected mailboxes, pipeline the results from the previous cmdlet to the Remove-StoreMailbox cmdlet:
Get-MailboxDatabase | Get-MailboxStatistics | Where {$_.DisconnectReason -ne $null} | ForEach {Remove-StoreMailbox -Database $_.database -Identity $_.MailboxGuid -MailboxState Disabled}
How to solve problems with deleting mailboxes on Exchange Server
When your remove-mailbox cmdlet fails, you might get an error:
“You do not have sufficient privileges to delete…, or this object is protected from accidental deletion.”
Now, if you have ensured that you have sufficient privileges, this error might be caused by the user protection. You can turn off the accidental deletion protection using the following cmdlet.
Set-ADObject <problematic-user> -ProtectedFromAccidentalDeletion:$false
Another way to turn off this feature is via Active Directory Users & Computers. First, right-click the problematic user and choose Properties:
Next, go to the Object tab and unmark Protect object from accidental deletion.
If you still encounter some issues after unmarking the option, go to the Security tab and click Advanced:
In this window, click Restore defaults and apply the changes.
The next time you attempt to delete a user along with the mailbox, there should be no error.
CodeTwo sp. z o.o. sp. k. is a controller of your personal data.
See our Privacy Policy to learn more.