The PowerShell command to recover deleted email for a user has been around for some time. However, these PowerShell commands now have a graphical interface in the new Exchange Admin Center.
In this article, we explore how to recover deleted email for a user. But first, there are some permission prerequisites.
Assigning your admin account recovery permissions
Before we can restore mail for a user we need permission to do so. The permission in question is the Mailbox Import / Export permission. By default, no one is assigned this permission in Exchange.
Log onto the Exchange Admin Center and navigate to Permissions > Admin Roles.
At this point, we have two options. We can either assign the Mailbox Import / Export role to an existing role group (such as Organization Management) or, we can create a new role group. Let’s do the latter.
Click the New button (). This launches the new role group dialog.
Type a Name and Description for your role. In our example, we went with Email Recovery Role.
If needed select a custom write scope, or, leave at default. The default scope allows the role holder to apply these permissions to the entire organization. You can define a custom write scope to limit the scope of this permission. For example, the scope could be limited to a specific business unit or group of users. This is particularly useful if you need to delegate this role.
Under Roles click the Add button ().
Double-click Mailbox Import Export and click Ok.
Under Members click the Add button ().
Double-click each administrator you want to assign this role and click Ok.
Note: Once the role group is created it can take up to one hour for the permissions to take effect.
Recovering email for a user
Note: Mail can only be recovered up to the single item recovery limit. For Office 365 this is 14 days by default. This limit can be increased to a maximum of 30 days. For more information check this article.
With our permissions in place, we can now recover mail for a user. To do this we need to use the new Exchange Admin Center. Select Try it now from the classic admin center or navigate to https://admin.exchange.microsoft.com/.
From the new Exchange Admin Center expand Recipients and select Mailboxes.
From the Mailboxes view select the user you wish to restore mail to and select the Recover Deleted Items button.
This will return all items under the users Recoverable Items folder.
We can further refine this view by selecting various filters at the top of the page. For example, we can pick a custom date range, search for a specific subject, select the item or folder type, or, search for a specific object ID.
In our example, Amy has four items we can recover. We can either select an individual item or select all items for recovery. Once we have selected what we need to recover, select the Recover Deleted Items button.
In our example, we are recovering a single message with the subject line Follow Up – Marquee Equity.
The item will then be restored to our user’s mailbox, specifically to the folder it was hard deleted from.
If you prefer to execute this process via PowerShell, then I recommend checking out Tony’s Redmond’s writeup on Petri.
Is this a process you have tried yet? How was your experience? Drop a comment below or join the conversation on Twitter @SuperTekBoy
How about if I donot want to restore the messages to original source. Is there any way I can recover the deleted messages in a different mailbox or download as .pst and save it somewhere else rather than it gets saved in user mailbox.
Ben O says
I got this error using this guide.
Role group creation failed
Error executing request. The command you tried to run isn’t currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization.
Please try again.
Gareth Gudger says
Looks like you need to hydrate your tenant for customization. This is a one-time thing. Simply run Enable-OrganizationCustomization from Exchange Online PowerShell. Its an innocuous change so you can run it any time. https://docs.microsoft.com/en-us/powershell/module/exchange/enable-organizationcustomization?view=exchange-ps
Leandro Santana says
Graças ao Eduardo Cunha vulgo ‘Morcilia’ de Blumenau/SC eu fui atrás e consegui achar essa “documentation”
Thank you very much Super Tekboy!
I’m a global administrator of my tenant and also manually assigned myself a role that has the import/export permission, but when I got into my users’ mailboxes from the admin center, the recover deleted items option is greyed out. Mousing over the option states “you do not have permission to edit this information”. Any ideas?
Gareth Gudger says
It can take some time for the permissions to apply. How long has it been since you applied the rights?
I am facing the same issue. I applied the permission 3 ago.
i am also facing same issue, can u please help me to resolve, still i didn’t fine recover deleted items option
Gareth Gudger says
Apologies, on the delay. Did this ever work for you? Typically if you are missing the button you either need to be granted the Mailbox Import/Export role (see article above). or, you assigned the rights and it has not yet propagated your RBAC role (could take up to 60 minutes), or you need to fully log out, close all browsers, and log back in.
Robbie M says
Thanks for the post– now what happens if there is a specific email sent to— how can we filter so we only recover an email that was sent to a specific email address?
Gareth Gudger says
If the new EAC GUI is not sufficient you may want to look into the Search-Mailbox cmdlet to see if that meets your needs. You can pipe Get-Mailbox into Search-Mailbox to have your query execute against all mailboxes (or a selection of mailboxes if you use a filter).