Exchange Search and Remove Mail that was delivered as spam

Scenario:  Multiple users have received a email message and this message needs to be removed. For example, a spammer has sent multiple users a malicious email and we want to remove the mail message out of the mailbox for anyone that has it currently in their mailbox.

Script:  The following script-let collects the senders and recipients from the message trackinglogs and performs a Search-Mailbox with the -deletecontent switch. You may have to add additional parameters if you need to filter it down even more.

#The script below is to be used when we have a subject line we are trying to find and remove.

$subject = "test222"
$start = "4/11/2014"

#Determine the mailboxes that the message went to:
$Recipients = (Get-TransportServer | Get-MessageTrackingLog -MessageSubject $subject -Start $start).recipients
$Senders = (Get-TransportServer | Get-MessageTrackingLog -MessageSubject $subject -Start $start).sender
$All = $Recipients + $Senders
$all = $all | Select -uniq
#Search and DESTROY!!!!!
$all | Foreach {
write-host $_
search-mailbox $_ -searchquery "Subject:'*$subject*' Sent:$start" -deletecontent -force
}



#The script below is to be used when the subject is blank but we have a valid from address.

$sender = "user@domain.com"
$start = "4/11/2014"

#Determine the mailboxes that the message went to:
$Recipients = (Get-TransportServer | Get-MessageTrackingLog -Sender $sender -Start $start).recipients
$all = $recipients | Select -uniq
#Search and DESTROY!!!!!
$all | Foreach {
write-host $_
search-mailbox $_ -searchquery "From:$sender Sent:$start" -deletecontent -force

}