Introduction

This script has been moved to Github due to the Gallery retirement: https://github.com/David-Barrett-MS/PowerShell-EWS-Scripts/blob/master/Legacy/RecoverDeletedItems.ps1

Current version: (see Github for latest version)

A PowerShell script that uses EWS (requires the EWS Managed API) to recover deleted items (from retention by default, but can be pointed to Deleted Items or any other folder).  This script will restore an item to the folder from which it was deleted if that information is present, otherwise it makes a best guess as to where the item should go.

 

Description

Essentially this script does what can already be achieved from OWA or Outlook UI (Recover Deleted Items), but as it is a script it can be automated and run against other mailboxes quite easily.

To recover to the original folder, the script first of all scans the folder hierarchy and caches all the mailbox folders.  If an item contains information showing where it was deleted from (which was added in Exchange 2016 CU1), then that information is used to look up the actual folder from the cached list.  If found in the list, the item will be restored to that folder.  Note that if the folder has been deleted, then original folder restoration will not work.

 

To recover all items from retention from an Office 365 mailbox, you could use:

.\RecoverDeletedItems.ps1 -Mailbox "mailbox@office365.com" -Credentials (Get-Credential) -EwsUrl "https://outlook.office365.com/EWS/Exchange.asmx"

 

Full list of parameters is:

 

-Mailbox SMTP address of the mailbox to perform the recovery within.  If missing, the script will attempt to determine the SMTP address of the currently logged in user.
-RestoreStart If specified, only items that were originally deleted after this date will be restored.
-RestoreEnd If specified, only items that were originally deleted before this date will be restored.  
-RestoreFromFolder If specified, items will be recovered from this folder (instead of Retention).  Use WellKnownFolderName.DeletedItems to restore from Deleted Items folder.
-RestoreToFolder Folder to restore to (if not specified, items are recovered based on where they were deleted from, or their item type).  If a path is specified and the folder doesn't exist, then it is created.
-RestoreToFolderDefaultItemType If this is specified and the restore folder needs to be created, the default item type for the created folder will be as defined here.  If missing, the default will be IPF.Note.
-RestoreAsCopy If this is specified then the item is copied back to the mailbox instead of being moved.
-RestoreMessageClasses A list of message classes that will be recovered (any not listed will be ignored, unless the parameter is missing in which case all classes are restored).
-MyEmailAddress This is used to help identify if a message was sent or recieved.  If the sender matches this value, then the email is assumed to have been sent.  Note that this is only used if the original item location cannot be found, and if other methods of identifying the email direction fail.
-Archive Access the archive mailbox instead of the main mailbox.
-Exchange2007 Exchange 2007 needs different restore logic, so if the server is 2007 then this parameter must be set.
-Credentials Will accept PSCredentials for authentication to Exchange (e.g. Get-Credential).  This cannot be used with other authentication parameters (e.g. -OAuth).
-OAuth Use OAuth to log on to mailbox (required if using multi-factor auth, and in some other scenarios).  You will be prompted to log-on when the script starts.
-OAuthClientId This is the application Id that the script will identify itself as for OAuth.  If missing, the default application Id will be used.  For security, you are advised to create your own application within your tenant and use that.
-OAuthRedirectUri The redirect Uri of the Azure registered application.
-Impersonate Mailbox will be accessed using Impersonation (the authenticating account needs impersonation rights to the mailbox).
-EwsUrl The EWS endpoint.  If not specified, autodiscover will be used to determine the correct EWS URL.  For Office 365, you can use "https://outlook.office365.com/EWS/Exchange.asmx" as the URL.
-Office365 If specified, requests are directed to Office 365 endpoint (overrides -EwsUrl).
-EwsManagedApiPath The path to the EWS Managed API.  The script will search standard locations for the dll, but if you have installed it elsewhere you may need to specify the location.
-IgnoreSSLCertificate If present, any SSL certificate errors will be ignored.  Useful for testing in a lab with self-signed certificates.
-AllowInsecureRedirection If present, autodiscover will accept redirects to insecure addresses.
-LogFile If specified, actions will be logged to this file (the same information is shown in the console).
-TraceFile If specified, EWS requests/responses will be logged to this file.  This is only useful for debugging.
-WhatIf If specified, no changes will be made to the mailbox, but any actions that would be taken are logged.