Create Bulk Office 365 Compliance Searches with PowerShell

Create Bulk Office 365 Compliance Searches with PowerShell

Recently I wanted to find a way to get PowerShell to create compliance searches that followed keyword queries and search conditions. This means I could have multiple values in one search query. For example, “TO brad wyatt AND FROM administrator@microsoft.com”. This query would search for e-mails sent to Brad which only from administrator@microsoft.com. To get PowerShell to do this I decided to create a Hash Table that would have the queries listed in the table.

After it would create each compliance search it would then wait for the search to gather all of the results and then export the amount of items it found to a csv file. Each Compliance Search would append its results to the same file so in the end I would have a CSV file containing all of the Compliance Searches and the objects it found for each one.

To keep from having the Compliance Search having names with invalid characters I made it so the name of the Compliance Search would start with “Case 1” and increment by 1 for each new search.

 

The results CSV will show you the case name, the query and the total amount of items that were found that matched the query.

With each Compliance Search I set the following parameters to True: AllowNotFoundExchangeLocationsEnabled and I set the following parameters to AllExchangeLocation

The AllowNotFoundExchangeLocationsEnabled parameter specifies whether to allow inactive mailboxes in the compliance search. An inactive mailbox is a mailbox that’s placed on Litigation Hold or In-Place Hold before it’s soft-deleted. Valid values are:

  • $true   The search doesn’t try to validate the existence of the mailbox before proceeding. This value is required if you want to include inactive mailboxes in the search, because inactive mailboxes don’t resolve as regular mailboxes.
  • $false   The search tries to validate the existence of the mailbox before proceeding. If you specify an inactive mailbox or a mailbox that otherwise can’t be found, the search will fail. This is the default value.

The ExchangeLocation parameter specifies the mailboxes to include. Valid values are:

  • A mailbox
  • A distribution group or mail-enabled security group (all mailboxes that are currently members of the group).
  • The value All for all mailboxes. You can only use this value by itself.

 

Script

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *