TechTips.co.za

Useful Tech Tips, Tutorials and guides

Message Tracking with Powershell

With the Exchange Management Shell you should be able to run the below command to perform message tracking with Powershell and obtain a list in .csv format which will show you any email that match your search criteria.

The message tracking logs on the hub transport servers retain the information for 30 days, therefore you can only track emails that were sent or received within that timeframe

Use the below as a template copying all of the bold text below only changing the specific items highlighted below depending on the scope of your request

get-exchangeserver | where-object -filter {$.isHubTransportServer} | Get-Messagetrackinglog -Recipients:mailbox@domain.com -EventID “RECEIVE” -Start “3/7/2015 09:00:00” -End “3/7/2015 17:00:00” | Select-Object Timestamp, Source, Sender, {$.Recipients}, MessageSubject | export-csv c:\temp\output.csv

The items highlighted above will be the elements you need to define yourself

Message Tracking with Powershell command breakdown

1.       -Recipients:  smtp address

This will be if you want to track by mails by receiver (note: this parameter is always plural in notation therefore -Recipients even when using one individual recipient address

  •          NB alternatively you could track by SENDER in which case use the parameter -Sender

2.       -EventID “RECEIVE” or  “SEND”

This defines an event category you wish to filter the returns from the message tracking log by. The EventID parameter has other available categories also – for more on this see the link at the end of this page

3.       -Start”mm/dd/yyyy 00:00:00″ -End”mm/dd/yyyy 00:00:00″

This specifies the scope of your search. Be careful to ensure you enter the date in the correct date and time format as above

4.       -g:\temp\output.csv

This defines the filepath for the output, if you are working on a remote server be sure not to use C:\ as this will place the file locally onto the hosting server and not your local computer. Therefore ideally map and use an accessible network drive.

Using the above cmdlets will consistently provide you with significantly quicker resolutions to message tracking queries than the Exchange Management Console GUI. Become familiar with them and make them work to your advantage

Further information regarding the Get-MessageTrackingLog cmdlet can be obtained from the following link

http://technet.microsoft.com/en-us/library/aa997573.aspx

also tons of info just out there on the www

For those still interested the first section of the full syntax used…

get-exchangeserver | where-object -filter {$_.isHubTransportServer}

…This obtains a list of all the Hub Transport Servers, this list is then further piped into the Get-MessageTrackingLog cmdlet and each message tracking log on each hub transport server returns data according to the parameters you have then set