29 October 2017

Search message tracking logs in Exchange 2013+

Because having a GUI would be too easy, use the EMC to search message logs in recent versions of Exchange.

An example of searching for emails FROM bill@microsoft.com, from 25 Oct 2016 to 27 Oct 2016, outputting to a file:

Get-MessageTrackingLog -ResultSize Unlimited -Start "10/25/2016" -End "10/27/2016" -Sender "bill@microsoft.com" | Select-Object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,@{Name="Recipients";Expression={$_.Recipients}} | Export-CSV C:\temp\MessageLogResults.txt

(Note that it seems to force you to use the United States date notation.)

Searching for emails TO bill@microsoft.com, from 25 Oct 2016 to 27 Oct 2016, outputting to a file:

Get-MessageTrackingLog -ResultSize Unlimited -Start "10/25/2016" -End "10/27/2016" -Recipients "bill@microsoft.com" | Select-Object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,@{Name="Recipients";Expression={$_.Recipients}} | Export-CSV C:\temp\MessageLogResults.txt

It's also the only way to search using a wildcard in older versions of Exchange.

No comments:

Post a Comment