1. Create an AD Universal Group, "Import Export Admins" for example.
2. Add the account that will run the shell command to this group.
3. New-ManagementRoleAssignment -Name "Import Export Admins" -SecurityGroup Import Export Admins" -Role "Mailbox Import Export"
4. Get-mailbox -server "SERVERNAME" | Search-Mailbox -SearchQuery 'Subject: "INSERT SUBJECT HERE"',"Received:11/13/2014" -targetmailbox "RecoveryMailbox" -targetfolder "SearchResults" -logonly -loglevel full
TargetMailbox is any mailbox that you want the log results to go into.
TargetFolder is the folder that will be created in the mailbox with the results.
The above command will only output the log to the mailbox with an attached CSV file. Nothing is deleted yet. Review the file and proceed with the next step if all results are acceptable.
5. Get-mailbox -server "SERVERNAME" | Search-Mailbox -SearchQuery 'Subject: "INSERT SUBJECT HERE"',"Received:11/13/2014" -targetmailbox "RecoveryMailbox" -targetfolder "SearchResults" -loglevel full -DeleteContent
The above command will create a "User, Name - Date" subfolder under the TargetFolder for every mailbox it accessed to delete the file. It will also leave a copy of the deleted message in these folders for review. Make sure if doing this that the mailbox has sufficient size. If the size of the mailbox is exceeded, the command will fail with an error about exceeding a condition.
If having a copy is not necessary, the following command can be run instead:
Get-mailbox -server "SERVERNAME" | Search-Mailbox -SearchQuery 'Subject: "INSERT SUBJECT HERE"',"Received:11/13/2014" -DeleteContent
