Blog

PowerShell – script to show all mailbox rules and disable selected ones

Ever needed to quickly find and disable mail rules in user mailboxes? Look no further as the script below does all of it.

It’s a convenience by itself to not go into Exchange Admin Portal, but there might be cases where your user gets hacked, some bad person creates a rule or two. Then you need to disable those quickly.

So this script does the following to a specified email:

  • lists all mailbox rules and shows their most important info – its actions, description, and status;
  • then you can select and disable any rule by typing its number until (if desired) all rules are disabled.

Don’t forget to replace @contoso.com with your own domain.

#---------------------------------------[Functions]---------------------------------------------------
Function List-Rules {

    param (
        [Parameter(Mandatory=$True)]$email
    )

    Begin{}

    Process{
        $collection = @()
    
        $i = 0

        $rules = Get-InboxRule -Mailbox $email

        ForEach ($rule in $rules) {

            $outObject = "" | Select Number,Status,"Rule Name","Applies to emails From","Delete Action","Move To Folder Action","Mark As Read Action",Description,"Rule Id"
    
            $i = $i + 1

            $outObject."Number" = $i
            $outObject."Status" = $rule.Enabled
            $outObject."Rule Name" = $rule.Name
            $outObject."Applies to emails From" = $rule.From
            $outObject."Delete Action" = $rule.DeleteMessage
            $outObject."Move To Folder Action" = $rule.MoveToFolder
            $outObject."Mark As Read Action" = $rule.MarkAsRead
            $outObject."Description" = $rule.Description
            $outObject."Rule Id" = $rule.RuleIdentity
        
            $collection += $outObject


            If ($outObject."Status" -eq $true) {
                $statusText = "ENABLED"
                $statusColor = "Green"
            }

            Else {
                $statusText = "DISABLED"
                $statusColor = "Red"
            }

            Write-host "#"$outObject.Number"-" $statusText -ForegroundColor Black -BackgroundColor $statusColor -NoNewline
            Write-host "                                                                                   " -ForegroundColor Black -BackgroundColor $statusColor
        
            Write-host "Rule Name -" $outObject."Rule Name"
            If ($outObject."Applies to emails From" -ne $null) {Write-host "Applies to email From -" $outObject."Applies to emails From"} Else {Write-Host "Applies to all emails"}
            If ($outObject."Delete Action" -eq $true) {Write-host "Delete Action -" $outObject."Delete Action"}
            If ($outObject."Move To Folder Action" -ne $null) {Write-host "Move To Folder Action -" $outObject."Move To Folder Action"}
            If ($outObject."Mark As Read Action" -eq $true) {Write-host "Mark As Read Action -" $outObject."Mark As Read Action"}
            Write-Host `r
            Write-Host $outObject.Description -ForegroundColor Cyan

        }

        $collection

    }

    End{}

}
#-----------------------------------------------------------------------------------------------------

Do {
        $email = Read-host "Provide an email to check the mailbox rules"
        $mailbox = get-mailbox -Identity $email -ErrorAction SilentlyContinue
}

Until (($email -match '\w+@contoso.com') -and ($mailbox -ne $null))

Do {
    [array]$rules = List-Rules -email $email
    
    If (@($rules | Where-Object {$_.Status -eq $true}).Count -ne 0) {

        Do {
            Try {
                $num = $true
                [int]$selectedinput = Read-host "Select a rule (that's not already disabled) you would like to disable by typing its number"
                $selectedrule = $rules[[int]$selectedinput - 1]
            }
            Catch {$num = $false}
        }
        
        Until (($selectedinput -gt 0 -and $selectedinput -le $rules.count -and $selectedrule.Status -ne $false) -and $num -eq $true)
              
        Disable-InboxRule -Identity $selectedrule.'Rule Id' -Mailbox $email

        Write-host `n`n`n

    }
}

Until (
    (@($rules | Where-Object {$_.Status -eq $true}).Count -eq 0)
)

Write-host "There are no enabled rules, exiting the script"

Remove-Variable * -ErrorAction SilentlyContinue
Tags: , , , , , ,

This Post Has 4 Comments

  1. Mike O. October 14, 2020 Reply

    This is an awesome script, thank you! To expand it’s usefulness even more, is it possible to alter the script to go through all mailboxes to show any mailbox that has rules enabled? In our case since we have a couple of hundred mailboxes it would be very inefficient to have to run this manually on each – and this would be a great tool to use to identify possible hacked accounts, as generally the hacker will create rules to hide specific messages from appearing in the Inbox and possibly tipping off the user. I don’t know enough about scripting to be able to do this myself. Any pointers you can provide?

    1. Pavel Bludov October 14, 2020 Reply

      Hey Mike,
      I don’t think combining my script with running it through every mailbox is a great idea. It takes some time to pull those rules for each mailbox. So doing that for each, then pulling them over and over again might be slow.
      I wonder if I should create a separate script that just shows all rules for each mailbox once. Then an admin can go through them. If anything found, then the admin can return to this script above.
      Thoughts?

      1. Tasneem December 21, 2023 Reply

        Did you write the script to include all mailboxes?
        if yes, please point me where it is I can get.

        Thank you

        1. Paul Bludov December 22, 2023 Reply

          Hello, I never have unfortunately, just didn’t have a reason to do so.

Leave a Reply