Pages

Monday, April 3, 2023

Script to continuously run New-ComplianceSearchAction to purge emails discovered by eDiscovery

I recently had to assist with troubleshooting an issue where running the cmdlet New-ComplianceSearchAction against a Content Search result in Microsoft Purview (https://compliance.microsoft.com/) would not delete any email and discovered a few key behavioral items that I wanted to highlight and provide a script I used to delete the emails.

First off, attempting to use the cmdlet New-ComplianceSearchAction against a Content Search will not delete anything. The results from running:

Get-ComplianceSearchAction | FL SearchName,Results,Action,Name,Status

… will always display:

Results: Purge Type: SoftDelete; Item count: 0; Total size 0; Details: {}

What I discovered was that in order to receive results from the deletion is to create the search in eDiscovery, and use the cmdlet New-ComplianceSearchAction against that search:

image

Figuring this out then lead to another problem where the cmdlet would only delete 10 emails at a time so the final solution was to use a script that would continuously create a new job when the previous one has succeeded. This script can be found at my following GitHub repository: https://github.com/terenceluk/Azure/blob/main/PowerShell/New-ComplianceSearchAction-Continuously-Purge.ps1

Hope this helps anyone who may encounter the same issue as I had. The experience can be very frustrating given the changes to the cmdlets over the past few years.

1 comment:

Anonymous said...

thank you very much, it works great

Don't forget to be either "global admin" or "Data Investigator"