Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-16

Use the Disable-Mailbox cmdlet to disable the mailbox of an existing user or InetOrgPerson object and remove that object's Exchange attributes from Active Directory. The user account associated with the mailbox remains in Active Directory, but it’s no longer associated with a mailbox.


disable-Mailbox -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-IgnoreLegalHold <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
disable-Mailbox -Identity <MailboxIdParameter> [-Archive <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-IgnoreLegalHold <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
disable-Mailbox -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-IgnoreLegalHold <SwitchParameter>] [-RemoteArchive <SwitchParameter>] [-WhatIf [<SwitchParameter>]]
disable-Mailbox -Identity <MailboxIdParameter> [-Arbitration <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DisableLastArbitrationMailboxAllowed <SwitchParameter>] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-IgnoreLegalHold <SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Detailed Description

The Disable-Mailbox cmdlet removes the mailbox's Exchange attributes from Active Directory. The mailbox isn't deleted and can be reconnected to its user at a later date by using the Connect-Mailbox cmdlet.

The Disable-Mailbox cmdlet also performs the clean-up task on the individual mailbox, so the mailbox is disconnected immediately after this task completes. You don't have to wait for nightly maintenance or run the Clean-MailboxDatabase cmdlet for the mailbox to be disconnected.

Under normal circumstances, a mailbox is marked as disconnected immediately after the Disable-Mailbox or Remove-Mailbox command completes. However, if the mailbox was disabled or removed while the Microsoft Exchange Information Store service was stopped, or if it was disabled or removed by an external means other than Exchange management interfaces, the status of the mailbox object in the Exchange mailbox database won't be marked as disconnected. In this case, you can use the Clean-MailboxDatabase cmdlet to scan Active Directory for disconnected mailboxes that aren't yet marked as disconnected in the Microsoft Exchange mailbox database, and then update the status of those mailboxes in the Exchange mailbox store. For more information about the Clean-MailboxDatabase cmdlet, see Clean-MailboxDatabase.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Recipient Provisioning Permissions" section in the Mailbox Permissions topic.


Parameter Required Type Description




The Identity parameter specifies the mailbox you want to disable. You can use one of the following values:

  • GUID

  • Distinguished name (DN)

  • Display name

  • Domain\Account

  • User principal name (UPN)

  • LegacyExchangeDN

  • SmtpAddress

  • Alias




The Arbitration parameter specifies that the mailbox for which you are executing the command is an arbitration mailbox. Arbitration mailboxes are used for managing approval workflow. For example, an arbitration mailbox is used for handling moderated recipients and distribution group membership approval.




The Archive switch specifies whether to disconnect the archive mailbox from the associated mailbox user.




The Confirm switch can be used to suppress the confirmation prompt that appears by default when this cmdlet is run. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in the syntax.




The DisableLastArbitrationMailboxAllowed switch specifies whether to disable the specified mailbox if it's the last arbitration mailbox in the organization. You don't have to specify a value with this parameter. If you disable the last arbitration mailbox in the organization, you can't have user-created distribution groups or moderated recipient functionality.




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.




The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently in the default scope. Using the IgnoreDefaultScope parameter introduces the following restrictions:

  • You can't use the DomainController parameter. The command uses an appropriate global catalog server automatically.

  • You can only use the DN for the Identity parameter. Other forms of identification, such as alias or GUID, aren't accepted.




The IgnoreLegalHold switch ignores the legal hold status of the mailbox and allows you to disable a mailbox that’s on legal hold.

When you disable a mailbox, the mailbox is disconnected from the user account. After you disable a mailbox, you can’t include it in a discovery search. Disconnected mailboxes are permanently deleted from the mailbox database after the deleted mailbox retention period expires. To learn more, see Understanding Disconnected Mailboxes. Check with your organization’s legal or Human Resources department before disabling a mailbox that’s on legal hold.




The RemoteArchive parameter specifies whether to disconnect the remote archive for this mailbox. A remote archive exists in a cloud-based service. When you use this parameter, the RemoteRecipientType property for the mailbox is reset to specify that this mailbox doesn't have a remote archive.

You don't need to specify a value with this parameter.

When you use this parameter, you can't use the Archive parameter.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.



This example disables the mailbox of user John Woods, whose alias is john, and removes all the mailbox attributes from Active Directory.

Copy Code


This example disables the remote archive for the mailbox of user John Woods, whose alias is john.

Copy Code
Disable-Mailbox -Identity -RemoteArchive