Share via

emails deleted

Glenn Maxwell 11,496 Reputation points
2024-08-29T05:11:44.6866667+00:00

Hi All,

I am using exchange 2016 hybrid environment, we create users in onprem and migrate to online. I am facing two issues. I have a shared mailbox, and emails are getting deleted. When I check the audit logs, I see that there is a delegation, i.e., LogonType: Delegate. Four users have access to this shared mailbox. I asked the users to check if there is a delegate, and they confirmed that there isn't any delegation. How can I check from the backend to see if emails are being deleted? how do i check the delegation. shared mailbox doesn't have any outlook rule. Please guide me.

emailsdeleted

One of my other user is facing issue, the emails are getting deleted and they are going directly to recoverable items folder. I dont see any outlook rule on the users mailbox. Please guide me.

emaildeleted2

Microsoft Exchange Online
Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,337 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,281 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,669 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,136 questions
0 comments
Accepted answer
  1. Jake Zhang-MSFT 6,615 Reputation points Microsoft Vendor
    2024-08-29T08:27:42.7533333+00:00

    Hi @Glenn Maxwell,

    Welcome to the Microsoft Q&A platform!

    According to your description, it sounds like you're dealing with a couple of complex issues in your Exchange 2016 hybrid environment. Let’s tackle each issue one by one:

    Issue 1: Shared Mailbox Emails Getting Deleted

    1.Check Mailbox Audit Logs:

    You can use the Search-MailboxAuditLog cmdlet to check who is deleting the emails. For example:

    Search-MailboxAuditLog -Identity "SharedMailbox" -LogonTypes Delegate -ShowDetails -StartDate "2024-08-01" -EndDate "2024-08-29" | Where-Object {$_.Operation -eq "SoftDelete"}

    This command will show you the details of the delegate actions, including deletions.

    2.Verify Delegation:

    To check if there are any delegates, you can use the Get-MailboxPermission cmdlet:

    Get-MailboxPermission -Identity "SharedMailbox" | Where-Object {($.AccessRights -eq "FullAccess") -and ($.IsInherited -eq $false)}

    This will list all users who have full access to the shared mailbox1.

    Issue 2: Emails Going Directly to Recoverable Items Folder

    1.Check for Hidden Rules:

    Sometimes, rules might not be visible in the Outlook client but can still exist. You can use the Get-InboxRule cmdlet to check for any hidden rules:

    Get-InboxRule -Mailbox "UserMailbox"

    2.Mailbox Audit Logs:

    Similar to the shared mailbox, you can use the Search-MailboxAuditLog cmdlet to check for deletions:

    Search-MailboxAuditLog -Identity "UserMailbox" -LogonTypes Owner -ShowDetails -StartDate "2024-08-01" -EndDate "2024-08-29" | Where-Object {$.Operation -eq "MoveToDeletedItems" -or $.Operation -eq "SoftDelete"}

    3.Check for Mobile Device Rules:

    Sometimes, rules set up on mobile devices can cause emails to be deleted or moved. Ensure the user checks their mobile email app settings.

    By following these steps, you should be able to identify the cause of the email deletions and address the issues.

    Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

    Best,

    Jake Zhang

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.