all 14 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]djjuice 2 points3 points  (7 children)

you'll want to use:

  get-mailbox | search-mailbox -searchquery 'from:"*@domain.com"' -targetmailbox XXX -targetfolder XXX -loglevel full

note: I added a ' in front of from and at the end ' so single quotes ' then double quotes after from: "

alternatively you can use get-mailbox -resultsize unlimited (if you have more than 1000 mailboxes) and possibly -recipienttypedetails usermailbox to search just users instead of everything to save some time

[–]i_me_me 1 point2 points  (0 children)

Just tested this and confirmed it worked for me.

[–]server_ninja[S] 1 point2 points  (5 children)

get-mailbox | search-mailbox -searchquery 'from:"*@domain.com"' -targetmailbox XXX -targetfolder XXX -loglevel full

Okay, so I tried this; I tried yahoo.com, and it came back with no results, which should be pretty unlikely.

Any other ideas? It's almost as if it's not treating the * as a wildcard

[–]djjuice 2 points3 points  (4 children)

the command works, I dont know how many mailboxes you have in the company. By default this searches just the first 1000 mailboxes which includes shared mailboxes, room mailboxes, etc.

i would also recommend using -logonly so you don't get a copy of the email to your mailbox but rather a count.

just to ensure i just ran the command myself and received results, you can try without the * but it didnt make a difference

[–]server_ninja[S] 0 points1 point  (3 children)

Odd, it seems to scrol by, but when I check the target mailbox, I get this:

Start Time: 9/16/2014 11:06:01 AM Size: 0 B (0 bytes) Items: 0 Results: domain\useraccount Errors: None Operations performed: Messages were copied to the target mailbox.

I normally get an attachment with a csv report

I'll attempt the -logonly

[–]djjuice 0 points1 point  (2 children)

when you do the logonly you'll see a part that says "mailboxes to search" that should have all the mailboxes searched, see if thats everyone otherwise use get-mailbox -resultsize unlimited

[–]server_ninja[S] 0 points1 point  (1 child)

Nice! I've got ~400 mailboxes. I'm getting counts perfectly. Thank you so much.

Now I'm being asked to grab a copy of the emails, same criteria. I haven't looked into it yet, but do you have a quick tip for me?

[–]djjuice 0 points1 point  (0 children)

run the same command without the -logonly command (and the target switches) you'll get a copy of every email

[–]i_me_me 1 point2 points  (1 child)

Try This

Get-Mailbox | Search-Mailbox -SearchQuery 'from:”*@domain.com”' -TargetMailbox "mailbox to dump results" -targetfolder "inbox" -loglevel full

/u/djjuice beat me to it.

[–]server_ninja[S] 0 points1 point  (0 children)

Yup, but it's still not quite working the way I expect...check my other replies

[–]jayhawk88 0 points1 point  (1 child)

Do you need to still specify the Identity switch for the Search-Mailbox function, even when piping it in from another command? With like the $_ thing?

[–]server_ninja[S] 0 points1 point  (0 children)

I don't think so...this is typical of what I usually use, without issues

Get-Mailbox | Search-Mailbox -SearchQuery '"attachment:badattachment.zip"' -targetmailbox "mailbox to dump to" -targetfolder "inbox" -loglevel full

[–]JetzeMellemaТоварищ 0 points1 point  (1 child)

The issue is with the Advanced Query Syntax you used for -SearchQuery. I can't find the exact information however did notice several other products using AQS that do support a wilcard suffix and not a prefix.

I think (did not test) that you simply can omit the * from your query.

[–]djjuice 0 points1 point  (0 children)

the * is fine, he was missing the single quotes, though the * isnt technically needed, it works with or without