How to add, modify and remove Inbox Rules in Exchange Server using PowerShell
One of the common recipient management tasks is dealing with server-side inbox rules. You can see right now I’m logged into ECP and under the organized email option here, I’m over on the inbox rule slab and I’ve got all of my inbox rules listed.
Actually I only have one. In this case, this is a rule that basically says if the message was received from Allan Miller, delete the message.
So this is kind of useful. I could also go to More Options and do some Add Exception action and of course in any rule I’ve got a list of different conditions and actions that I can take.
Now since this is all done through the GUI we also have access to this in PowerShell because when you create these, this is all happening through the shell.
If I come over to the Exchange Management Shell and do a Get-InboxRule
Since I’m logged in as the administrator in the shell I can see the same inbox rule listed that I see in the ECP. If I wanted to look at the settings I could just simply pipe that out to | fl list.
Now there’s a whole set of inbox rule cmdlets so if we do a Get-Command *inboxrule* you’ll see that we have the ability to do several things.
We can disable a rule or enable it ‑‑ obviously we’ve seen that at Get to retrieve them ‑‑ and then to add, remove or change we have these others listed. So if I run these without identifying the user that will actually create or remove or set or retrieve the messages in my personal inbox.
Now I’m not going to lie to you, creating the rules with the new inbox cmdlet can be a little tricky because there are all sorts of parameters to define the actions and conditions. So really the best way to make these work to figure out how to do things is to use the help system. So you could type help new inbox rule.
I usually use the dash examples to kind of figure out the syntax.
Help new-inboxrule –Examples
As you can see in example 1.
We are just creating an inbox rule in the current mailbox calling it check action required. Specifying my name in the toolbox so that’s my condition, dollar sign true and then marking the importance as high and flagging for action any item. So that’s kind of one thing and you can go through these examples.
You can go through the full help by using the -Full option with get help and see every single parameter that’s out there. As you can see there’s quite a bit.
Now one of the most common use cases for this is when you have to add a rule to multiple mailboxes. I mean that’s the only kind of realistic concept that you would need in order to do this from the command line. Maybe you have to add an inbox rule to every single mailbox so that’s more of a realistic approach.
Let’s say that we have ‑‑ and this is more of a common thing ‑‑ sometimes you’ll have an appliance out on your DMZ and then it sends you an email message that it suspects is a SPAM message and the administrator of those appliances will put something like this in the subject line.
They’ll append this to whatever the subject was like, you might have something like “Buy Stuff from Us” and in the body there’s a URL but your compliance in the DMC puts this basically, prepends this to the message. Then you can have an inbox rule that says if any subject of the message has these characters [SPAM] in the beginning, let’s go ahead and move that to the junk items or junk email folder.
You might want to set up an inbox rule for everybody like in a certain OU that would do that. That way they don’t have to do it themselves.
Let’s take a look at how you would approach that. First of all if you were going to do this, you’d need full access permissions to the people where you want to add these settings.
As an administrator, if I want to do this in every mailbox in the –OrganizationalUnit Sales for example:
I want to pull all these mailboxes and add an inbox rule to these, I’d have to have full mailbox permissions to each one of those. To do that basically what you would do is the add mailbox permission.
We’ll just use the last one on the list Winston Ortiz.
Add-MailboxPermission wortiz – AccessRights FullAccess –User administrator
The user will be the administrator.
As you can see I’ve already done this. The appropriate access control entry is already present on the object so I don’t have to go through to all of these again but you could do these for a one line for everyone if you wanted to.
Next I’ll bring up the previous command and instead of identifying the user, you could simply do a Get-mailbox, organizational units, sales and then just pipe it out.
Now let’s take a look at creating the inbox rule for all these users. I’m going to go back and get my last command to retrieve all mailboxes.
I’m going to save that in a variable called $mailboxes.
Now I’m going to pipe that over to the new inbox rule cmdlet but I’m going to have to loop through each of these mailboxes. So I’m going to start a loop, and what you’ll see sometimes is that people instead of using the ForEach-Object cmdlet, they’ll use this % sign, which is the alias for the ForEach-Object which is common.
Inside the % sign, we’re going to have our script block and here’s where will run our code. So I’m going to do a new inbox rule and specify a name. We’ll just call it junk and the mailbox that we want to assign this to is going to be $_.alias.
We can just use the alias to uniquely identify those mailboxes that come across the pipeline here. For my condition I’m going to say subject contains words and it contains SPAM.
This will prepended the value into the subject line so it contains that. Next, ff that’s the case, I want to move it to a folder. This can get tricky.
What I want to do is reference the actual mailbox name with a colon, backslash and then the name of the folder. So what that would look like if I was just doing one user would look something like this. If I was the administrator only I would say “administrator:\Junk E-Mail”.
But the thing is, is that, that actually isn’t going to work because what I want to do is I want to be able to do this for every mailbox in this collection so I have to put a variable in here which in this case we could do $_.alias. But since this is in double quotes, we have to use what’s called a sub‑expression.
We need to tell PowerShell that since this thing has a period in it, we’ll go ahead and wrap this in a sub‑expression which essentially is what you see here. The $, then open parenthesis, $_.alias object then closing off that parentheses.
That’s how basically you would expand a variable in a double quoted string like this. We’ve got to use double quotes here to expand this value and also because we have spaces in the string.
That ought to get us to the point where we can loop through every mailbox and create an inbox rule for each of those users.
So let’s go ahead and hit enter. As you can see it’s creating any old inbox rules, junk rules in every single mailbox.
We got a successful run for each of these. And now every user in that OU has that rule defined. So from here I can go on and test this out by sending a message to one of these users that has a [SPAM] string in the subject and kind of verify that by opening their mailbox since I have full access.
But there are a million combinations of things you can do. Like I said, use the help system to look at the parameters. But that’s kind of a high level on how you would implement inbox rules from the Exchange Management Shell.