Tech Tips for Techs: Bulk enabling Litigation Hold via Powershell



In this TechTip, we’ll discuss how to enable, tenant-wide, Litigation Hold via Powershell.

The reason for this post is two-fold: Microsoft doesn’t provide [as of the date that this was written] the ability to bulk-enable Litigation Hold via the MOP GUI. Secondly, there are some oddities that can occur in the 365 backend for people who have their on-prem Active Directory sync’ed with 365 - and this will show you how to get around the roadblocks that those oddities can sometimes present.

First, you’ll need to have Powershell setup and configured to connect to Office 365, as well as the credentials for a Global Administrator user. (Non-licensed is OK.) You will also need to know - in the number of days - how long you want Lit Hold to keep email. For this example I will use 7 years, or 2,555 days. Once you’re connected, run the following Powershell command:

Get-Mailbox | Where {$_.LitigationHoldEnabled -match "False"} | ForEach-Object {
$Identity = $_.SAMAccountName; Set-Mailbox -Identity $Identity -LitigationHoldEnabled $true -LitigationHoldDuration 2555

What this will do is parse through every mailbox object, filtering out the ones that already have Lit Hold enabled, and subsequently enabling it for the remainder.

* A key point here : Please note that I’m using the SAMAccountName parameter to identify the mailbox I want to work with. There are a couple of different params that the Set-Mailbox command will accept for Identity - the reason I chose SAMAccountName is because it’s guaranteed to be unique. In a DirSync’ed environment, if a user is “deleted” and then brought back with the same email address, that address can attach itself to multiple GUIDs behind the scenes. This can cause problems if you opt to use PrimarySMTPAddress for the Identity because it will match multiple GUIDs, resulting in the Set-Mailbox cmdlet not knowing which one to enable Lit Hold for. The resulting error in this situation will read: "The operation couldn't be performed because '[email protected]' matches multiple entries." Using SAMAccountName should prevent this problem from happening.

bank vault

Related posts: