Cannot Delete a Mailbox with Retention Policies Enabled

I ran into a weird issue this week where I was trying to forcibly remove a deleted (inactive) mailbox, and was getting the following error:

“The user mailbox couldn’t be permanently deleted. The user mailbox has at least one type of hold or hold policy applied to it.”

The annoying thing about it was that this mailbox fell under a retention policy in the Security & Compliance Center – which are great, don’t get me wrong – but one of my biggest concerns with using these retention policies is that you can’t easily tell which mailboxes fall under this hold:

I found a few blog posts out there that mentioned different approaches of identifying these mailboxes with PowerShell, but none of them were working for me – all I was getting was that the policy applied to ‘All’. Not very useful at all!

I tried several approaches including trying to exclude the mailbox from the retention policy (didn’t work), applying litigation hold and removing it (no dice), and then I was going to attempt to restore the mailbox, remove it from the policy, and then delete it again – thankfully, I found a better way! There’s an -IgnoreLegalHold switch you can use, which will still allow you to delete the offending mailboxes:

Now, you’d think I was done, but not quite! Two of the four mailboxes hadn’t been properly deleted from the Deleted Users container in Azure AD, so Exchange would not allow me to delete the mailboxes:

Thankfully, this one is a bit easier – I’ve had to do this one quite often. Start out by searching for your deleted users – in this case I used a search string, because as you can sort of see from the screenshot below, I had two identical users in Azure AD – same Display name, same User Principal Name, and of course… Different Object Ids.

Now that I had my object Ids, I could safely go in and remove them – it’s always a good idea to use the Object Ids or Exchange GUIDs, because you know you’re targeting the object directly, and there’s no chance of an ambiguous name coming back and biting you in the butt. Measure twice and cut once!

After about 10 minutes or so, I was able to delete both of those mailboxes in Exchange Online:

Definitely a bit of a puzzler, but all sorted out now with another tool in my PowerShell toolbelt – hope this helps someone who is scratching their head trying to figure it out!