This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 2%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Greetings
I have an end user that account is auto generating drafts that look like this:
Currently we are in Exchange 2016 on premise environment. No hybrid.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Mikayel Mikayelyan ,
From the description and the image you shared above, looks like the issue is related to the proxyshell vulnerability. As mentioned in the blog, "if you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities".
So for current situation, it's suggested to run the Microsoft Safety Scanner (MSERT) to help detect and remove the malware in place, then immediately install the latest Exchange 2016 CU 21 and July 21 security patches to protect your environment from these vulnerabilities.
Here's a thread which discusses a similar issue in Exchange 2019 for your referenceļ¼
Unexpected Spam email in Outlook Draft folder
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi there I need advice for my current situation, I have 2 compromised encrypted Exchange servers but they have metadata in AD so I have installed new server but in the console I still can see old data from those servers but I can't uninstall or do anything from EXShell. What is the best practices in this case ? Maybe I need to remove all data using ADSI Edit before installing new server? Or there is way only remove info for those 2 servers they have DAG as well.
Hi @Mikayel Mikayelyan ,
I have 2 compromised encrypted Exchange servers but they have metadata in AD so I have installed new server...
Normally in DAG environment, we can follow the steps in this document to recover a memeber server.
Then please understand that in this thread, we are mainly discussing about the auto generated drafts issue as indicated by the initial post and it's not that relevant to your new query, so for your new question, it would be best if you try to open up a new thread for further discussion. You can include some more details like what you mean by "in the console I still can see old data from those servers but I can't uninstall or do anything from EXShell" so that our community members can understand better about your situation. Thanks for your understanding.