Like any normal Friday at 4:30pm I received a critical request from Human Resources (HR).  Someone had sent out salary data to a large group of users which shouldn't have received that data. They were requesting that we pull the message out of everyone's mailboxes. After obtaining the proper CYA documentation showing that HR was requesting me to remove email from 500+ mailboxes I set to figuring out how to do this. Exchange 2010 makes this pretty simple, I put all the Exchange 2010 users that received the message in a text file called users.txt. After a few minutes of testing I came up with the following:

Get-Content users.txt| %{Search-Mailbox -Identity $_ -SearchQuery "from:Sender@domain.com Subject:'Sending out salary data to the wrong people'" -DeleteContent -Force}

As per the documentation on Search-Mailbox http://technet.microsoft.com/en-us/library/dd298173.aspx  you could have removed the messages from the mailboxes and created a copy at another location by specifying  -TargetMailbox "Mailbox Name" -TargetFolder "Messages" This would will copy the messages found to the mailbox, in this example "Mailbox Name", into a new folder called Messages.  This is useful incase you remove the wrong messages, this way you can get the data back to the user if needed or needed to collect the results for a Legal Discovery or other reasons. 

The search ran quick since Exchange already has content indexes on the mailboxes and you could run it against the entire org by using get-mailbox and piping that to the command but you may want to break it up by server and dispatch the command as a job.  I am planning on covering PowerShell jobs in detail in a later post.