I get a lot of questions sent to me, and see many more on forums, from Exchange admins who are looking for a way to produce a report of “inactive mailboxes”. The reason for seeking such a report, often at the request of a manager, is usually one of the following:

  • The Exchange databases are growing too big, storage volumes are running out of space, and they’re looking for inactive mailboxes to delete. I’ve had this conversation with customers and managers many times, where the news of running low on capacity is met with surprise (“Surely we don’t need to keep all that email!”) and instead of allocating funds to increasing the storage size, I’m sent to find “inactive mailboxes” instead.
  • A migration is being planned, perhaps to Office 365, and the desire is to leave “inactive mailboxes” behind.
  • Some kind of licensing audit has been conducted, and reduction in the number of mailboxes is being sought to reduce costs.

The challenge is identifying what an “inactive mailbox” is in your organization.

Is an inactive mailbox one that was previously owned by a person who no longer works for the organization? Possibly. You could compare a list of mailboxes to the list of people currently listed as active employees in your payroll system (presumably you’re not paying anyone who no longer works there). But if you delete the mailbox, the email address will no longer be valid. If the mailbox was still being used to receive and forward emails to a different person who took over that job role, then you’ve broken that mail flow by removing the mailbox. Worse, the person who was being forwarded the emails may not realize that it’s stopped working.

[PS] C:\>Get-Mailbox mike.morrissy | fl forwarding*

ForwardingAddress     : exchangeserverpro.net/Company/Head Office/Users/Adam Wally
ForwardingSmtpAddress :

Is an inactive mailbox one that has not been logged on to in a period of time? Possibly. But people take long periods of leave sometimes (e.g. long service leave, maternity leave, long term illness). Besides which, although Exchange does track the last logon time, it doesn’t keep track of last logon user any more. So even a recent last logon time could just be a service account accessing the mailbox (backups and archiving systems often “log on” to the mailbox), or another person access the mailbox (i.e. they’ve been granted access to a former employees mailbox, or a shared mailbox), and not necessarily an indication that the mailbox is still actively used.

[PS] C:\>Get-MailboxStatistics mike.morrissy | fl last*

LastLoggedOnUserAccount :
LastLogoffTime          :
LastLogonTime           : 7/7/2016 3:19:07 PM

Is an inactive mailbox one that has not sent any emails for a period of time? Possibly. But there are often mailboxes in an organization that operate in a “receive only” capacity, such as shared mailboxes. As one example, if you set up a mailbox to be used as the Apple ID for the APNs certificate for Office 365 MDM, it might go for 12 months without receiving any other email, until it comes time to renew the certificate.

Is an inactive mailbox one that has not received any emails for a period of time? Possibly. But again, there are often mailboxes in an organization that operate in a “send only” capacity, such as system mailboxes used to send notifications.

All up, the situation is not as plain and simple as some would like it to be. Scripts like Get-MailboxReport.ps1 can help to collect some of the relevant information, but ultimately you’ll need to do some investigation of your own, piece together multiple data points, and proceed with caution before you actually delete any mailboxes. All of which is a good argument for putting in place a proper exit procedure for users in your organization, so that a departure triggers a mailbox archive and/or removal process that doesn’t leave you with a big problem to sort out later on when your boss won’t buy any more storage until you “get rid of old mailboxes”.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Roland

    Hi,

    Is any way to find out if the mailbox is actually in use ?

  2. Michael Ziemba

    Just finished 1000+ mailbox migration to O365 and due to cleanup I’ve asked the same question. I found out several accounts with mailbox which has been used only by a service on some servers. No mail traffic to those mailboxes were detected but the last logon time was current. When I converted them to shared mailboxes so they wont take up any licenses and disabled the AD account it turned out that they are in use.

  3. Marc

    One additional piece of information that I like to use for these analysis comes out of this line

    Get-MailboxFolderStatistics aylmer@fudd.com -IncludeOldestAndNewestItems | sort newestItemReceivedDate | where {$_.newestItemReceivedDate -ne $null} | select Identity,newestItemReceivedDate -last 1

    It returns the send date of the most current email in the mailbox and the folder where it is located. It takes a few seconds to run per mailbox, so if you have a very large number of mailboxes, you may want to narrow down your list using other criterions such as last logon time first.

  4. Joe

    Hey Paul,
    Great topic! I have pieced together the following script, which I run as a scheduled task on the first Monday of the month. It emails me an attachment with disabled accounts. I clean it up a bit and review it with management to purge old mailboxes. Hope this helps someone!

    [code]
    $file = “disabledMailboxes.csv”
    $From = “DisabledMailboxes@company.com”
    $To = “ExchangeMonitoring@company.com”
    $subject = “Disabled Mailboxes Report”
    $body = “See attached report for list of disabled mailboxes.”
    $smtpserver = “relay.company.com”

    # Load the Exchange PowerShell Snapin first
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction STOP

    $users = get-user -resultsize unlimited -RecipientTypeDetails UserMailbox
    $disabledUsers = $users |where {$_.UserAccountControl -like “*accountDisabled*”}
    $disabledUsersProperties = $disabledUsers |
    Select-Object name,
    displayName,
    Firstname,
    Lastname,
    userprincipalname,
    useraccountcontrol,
    whenchanged,
    @{n=”customattribute5″;e={(get-mailbox $_.name).customattribute5}},
    @{n=”customattribute7″;e={(get-mailbox $_.name).customattribute7}},
    @{n=”database”;e={(get-mailbox $_.name).database}},
    @{n=”organizationalUnit”;e={(get-mailbox $_.name).organizationalUnit}}

    $disabledUsersProperties |Export-CSV -Path $file -Encoding UTF8 -UseCulture -NoTypeInformation

    send-mailmessage -from $from -to $to -subject $subject -body $body -smtpserver $smtpserver -attachments $file
    [/code]

  5. Marc Chénard

    One additional piece of information that I like to use for these analysis comes out of this line

    Get-MailboxFolderStatistics aylmer@fudd.com -IncludeOldestAndNewestItems | sort newestItemReceivedDate | where {$_.newestItemReceivedDate -ne $null} | select Identity,newestItemReceivedDate -last 1

    it return the send date of the newest email in the mailbox and the folder where it is located. It takes a few seconds to run per mailbox, so if you have a very large number of mailboxes, you may want to narrow down your list using other criterions such as last logon time first.

    1. Jean-Paul Fernandes

      Does that apply to all mail including sent mail or just received mail?

Leave a Reply