Set Mailbox Item Private Flag

Last updated: 2018-01-15

Exchange Server 2013Exchange Server 2016Problem

When you migrate messages from an alternative email solution, e.g., Lotus Notes, you might migrate sensitive content that must stay private in the new Exchange Server target location. 

So how can you mark such messages as private?


The privacy level (Sensitivity) of a mailbox item is controlled by MAPI extended property 0x36.

  • 0x36 = 0, sensitivity = normal
  • 0x36 = 2, sensitivity = private

The command line tool searches for messages containing a given text as a subject substring.

The c# code sets the extended property 0x36 to 2.

A mailbox is accessed using Exchange Web Services. The EWS endpoint is discovered using AutoDiscover for the selected mailbox.

The following code segment handles the item modification:

foreach (var extendedProperty in Message.ExtendedProperties){
	if (extendedProperty.PropertyDefinition == extendedPropertyDefinition)	{
		if (log.IsInfoEnabled)
			log.Info(string.Format("Try to alter the message: {0}", Message.Subject));
			Console.WriteLine("Try to alter the message: {0}", Message.Subject);
		// Set the value of the extended property (0 is Sensitivity normal, 2 would be private)
		Message.ExtendedProperties[extendedPropertyindex].Value = 2;

		// Update the item on the server with the new client-side value of the target extended property
		Message.Update(ConflictResolutionMode.AlwaysOverwrite);	}


SetPrivateFlags.exe -mailbox -subject "[private]" 

Search the mailbox for all messages having a subject string containing [private] and ask for changing each item if -logonly is not set to true. If -logonly is set to true, only a log will be created.

SetPrivateFlags.exe -mailbox -subject "[private]" -noconfirmation

Search the mailbox for all messages having a subject string containing [private] and change all found messages without confirmation.


It should be noted that this solution is intended for use in migration scenarios.

When providing access to mailbox delegates, you can also enable access to your private elements. But access to shared mailboxes is not configured using the delegation workflow.

The code has been tested using Exchange Server 2013 CU15.

The program utilizes log4net to log detailed information to the file system. The application’s config file controls the configuration.


  • 2018-01-13: Release


Any issues or feature requests? Use Github.

Like the code? Leave a note.

%d Bloggern gefällt das: