User’s unable to delete mail from their mailbox

Do you have an issue, where your users are unable to delete mail from their mailboxes? Does the mail being deleted, disappear from their mailbox and reappear? Does your Organization make user of “Retention Policies” from Microsoft Purview?

If your answer is yes to all 3 of the above questions, then your users “TotalDeletedItemSize” has most likely reach the size quota (the quota for this sub-folder is 100GB).

You can check this, either directly for an individual user or by exacting a list of all users.

If you want to do this directly on an individual user, you can make use of the below script

Connect-ExchangeOnline

get-mailbox [email protected] | Get-MailboxStatistics  | select DisplayName,ItemCount,TotalItemSize,DeletedItemCount,TotalDeletedItemSize 

If you want to pull a list of all user, into a csv file, you can make use of the below script. Please make sure to update the location of where toy want the csv file to be exported to.

Connect-ExchangeOnline

get-mailbox -ResultSize unlimited | Get-MailboxStatistics  | select DisplayName,ItemCount,TotalItemSize,DeletedItemCount,TotalDeletedItemSize | export-csv C:\scripts\UsersRetentionSizes.csv -NoTypeInformation -Append

Once you have this information and have found the users that have reached the 100GB size quota, on their “TotalDeletedItemSize” folder, you will need to follow the below steps to remove the Retention Policy being applied to their mailbox. Once the Retention Policy has been removed from the user, the “TotalDeletedItemSize” folder will start to be cleared.

Please note that this is not immediate and can take up to 30 days for the Retention Policy to stop applying to the user, but there are ways to speed this up.

I followed the below article from Microsoft to remove the Retention Policy from the user, but they failed to mention 1 key command that forces the process to beginning. Without forcing the process to start, you will be waiting 30 days or more for the “TotalDeletedItemSize” folder to be cleaned up.

https://learn.microsoft.com/en-us/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide

Using the above mentioned article, I have managed to stream line the process. (well at least I think so, as it works for me)

The very first thing you will need to do, is to go to the Microsoft Compliance Portal (also known as Microsoft Purview), then open the “Data lifecycle management” and then the “Retention Policies Tab”.

You will need then need to find and edit the Retention Policy, defined for Exchange Online, and add the required user/users to the “Excluded” option. Once added, I would recommend waiting about an hour or so just for backend M365 replication to take place, but its not necessarily required.

Once the user have been “Excluded” from the Exchange Online Retention Policy, the below Exchange Online PowerShell commands will need to be run. Please be sure to update the command with the required users UPN.

Connect-ExchangeOnline

Set-Mailbox [email protected] -SingleItemRecoveryEnabled $false
Set-Mailbox [email protected] -RetainDeletedItemsFor 1
Set-Mailbox [email protected] -LitigationHoldEnabled $false
Set-Mailbox [email protected] -RemoveDelayHoldApplied
Set-Mailbox [email protected] -RemoveDelayReleaseHoldApplied

Once the above commands have been run, the final step is to force the processing to start using the ManagedFolderAssistant

Start-ManagedFolderAssistant [email protected]

You may need to run the above command multiple times, over the course of a few days.

You can now monitor the size of the “TotalDeletedItemSize” folder, but using the previously mentioned PowerShell command for the individual mailbox.

get-mailbox [email protected] | Get-MailboxStatistics | select DisplayName,ItemCount,TotalItemSize,DeletedItemCount,TotalDeletedItemSize

Once the users “TotalDeletedItemSize” folder has reduced down to 0GB or any other acceptable size, it is strongly recommended that you do back to the Exchange Retention policy and remove the used from being Excluded.

We also recommend that you run the below commands to reset the users mailbox setting, back to their original state. This can be done by using the below commands.

Set-Mailbox [email protected] -SingleItemRecoveryEnabled $true
Set-Mailbox [email protected] -RetainDeletedItemsFor 14
Set-Mailbox [email protected] -LitigationHoldEnabled $true

Please note that we take no responsibility for any issues caused by these commands and it is up to YOU to review and ensure that these commands can be run in your environment.

The OWA saga continues…

After solving the msExchVersion mystery, it has become apparent that even more of our Exchange 2007 users were unable to access OWA.
After logging onto the site, a very similar error is displayed: Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException Exception message: There was a problem accessing Active Directory. My first step was obviously to verify the msExchVersion.
After ensuring that this was correct, and that the users were still unable to use OWA, I had to do more digging. Deeper delving into this issue, yielded the following KB from Microsoft: http://support.microsoft.com/kb/949527
To use OWA the Exchange Servers group must have write permissions to the msExchUserCulture attribute. Easy to resolve, just allow inheritable permissions from the parent to filter to the faulty object / objects, as per the KB article.
Easy enough on one account, but if you had to change this setting manually on multiple accounts, you could use Set-QADObjectSecurity –UnlockInheritance to accomplish the task. For more information see Dimitri’s blog

Legacy mailboxes on Exchange 2007

One of our users had a problem logging onto OWA today, and I noticed that the icon for his mailbox in the GUI displayed as a legacy mailbox, although he was located on an Exchange 2007 mailbox server.

After countless searches, I came across this article: http://support.microsoft.com/kb/941146. It explains that the msExchVersion property on the AD object is not set correctly, and that using set-mailbox –ApplyMandatoryProperties would resolve the problem. Looking at the help information on set-mailbox this could also be caused by users being created on Exchange 2007 server using the Exchange 2003 tools, although these users were migrated from Exchange 2003.

So, how to correct this? First get a list of all mailboxes on the Exchange 2007 server with the incorrect version. Using get-mailbox, the incorrect Exchange version displays as 0.0 (6.5.6500.0) The following command returns a list of these mailboxes by server (where SERVER1 is your Exchange 2007 server):
get-mailbox -server SERVER1 -resultsize unlimited | where {$_.ExchangeVersion -like "*0.0*"} | select Name, ExchangeVersion
Once you verify the list, pipe them to set-mailbox.

get-mailbox -server SERVER1 -resultsize unlimited | where {$_.ExchangeVersion -like "*0.0*"} | Set-Mailbox –ApplyMandatoryProperties  
This resolved the problem for me, easily, on multiple Exchange mailboxes. Running the get-mailbox command again, returned no results after applying set-mailbox to the problematic mailboxes.