This script has been moved to Github due to the Gallery retirement: https://github.com/David-Barrett-MS/PowerShell-EWS-Scripts/blob/master/Legacy/RecoverDeletedItems.ps1
Current version: (see Github for latest version)
A PowerShell script that uses EWS (requires the EWS Managed API) to recover deleted items (from retention by default, but can be pointed to Deleted Items or any other folder). This script will restore an item to the folder from which it was deleted if that information is present, otherwise it makes a best guess as to where the item should go.
Essentially this script does what can already be achieved from OWA or Outlook UI (Recover Deleted Items), but as it is a script it can be automated and run against other mailboxes quite easily.
To recover to the original folder, the script first of all scans the folder hierarchy and caches all the mailbox folders. If an item contains information showing where it was deleted from (which was added in Exchange 2016 CU1), then that information is used to look up the actual folder from the cached list. If found in the list, the item will be restored to that folder. Note that if the folder has been deleted, then original folder restoration will not work.
To recover all items from retention from an Office 365 mailbox, you could use:
.\RecoverDeletedItems.ps1 -Mailbox "email@example.com" -Credentials (Get-Credential) -EwsUrl "https://outlook.office365.com/EWS/Exchange.asmx"
Full list of parameters is:
|-Mailbox||SMTP address of the mailbox to perform the recovery within. If missing, the script will attempt to determine the SMTP address of the currently logged in user.|
|-RestoreStart||If specified, only items that were originally deleted after this date will be restored.|
|-RestoreEnd||If specified, only items that were originally deleted before this date will be restored.
|-RestoreFromFolder||If specified, items will be recovered from this folder (instead of Retention). Use WellKnownFolderName.DeletedItems to restore from Deleted Items folder.|
|-RestoreToFolder||Folder to restore to (if not specified, items are recovered based on where they were deleted from, or their item type). If a path is specified and the folder doesn't exist, then it is created.|
|-RestoreToFolderDefaultItemType||If this is specified and the restore folder needs to be created, the default item type for the created folder will be as defined here. If missing, the default will be IPF.Note.|
|-RestoreAsCopy||If this is specified then the item is copied back to the mailbox instead of being moved.|
|-RestoreMessageClasses||A list of message classes that will be recovered (any not listed will be ignored, unless the parameter is missing in which case all classes are restored).|
|-MyEmailAddress||This is used to help identify if a message was sent or recieved. If the sender matches this value, then the email is assumed to have been sent. Note that this is only used if the original item location cannot be found, and if other methods of identifying the email direction fail.|
|-Archive||Access the archive mailbox instead of the main mailbox.|
|-Exchange2007||Exchange 2007 needs different restore logic, so if the server is 2007 then this parameter must be set.|
|-Credentials||Will accept PSCredentials for authentication to Exchange (e.g. Get-Credential). This cannot be used with other authentication parameters (e.g. -OAuth).|
|-OAuth||Use OAuth to log on to mailbox (required if using multi-factor auth, and in some other scenarios). You will be prompted to log-on when the script starts.|
|-OAuthClientId||This is the application Id that the script will identify itself as for OAuth. If missing, the default application Id will be used. For security, you are advised to create your own application within your tenant and use that.|
|-OAuthRedirectUri||The redirect Uri of the Azure registered application.|
|-Impersonate||Mailbox will be accessed using Impersonation (the authenticating account needs impersonation rights to the mailbox).|
|-EwsUrl||The EWS endpoint. If not specified, autodiscover will be used to determine the correct EWS URL. For Office 365, you can use "https://outlook.office365.com/EWS/Exchange.asmx" as the URL.|
|-Office365||If specified, requests are directed to Office 365 endpoint (overrides -EwsUrl).|
|-EwsManagedApiPath||The path to the EWS Managed API. The script will search standard locations for the dll, but if you have installed it elsewhere you may need to specify the location.|
|-IgnoreSSLCertificate||If present, any SSL certificate errors will be ignored. Useful for testing in a lab with self-signed certificates.|
|-AllowInsecureRedirection||If present, autodiscover will accept redirects to insecure addresses.|
|-LogFile||If specified, actions will be logged to this file (the same information is shown in the console).|
|-TraceFile||If specified, EWS requests/responses will be logged to this file. This is only useful for debugging.|
|-WhatIf||If specified, no changes will be made to the mailbox, but any actions that would be taken are logged.|