29 October 2017

Search message tracking logs in Exchange 2013+

Because having a GUI would be too easy, use the EMC to search message logs in recent versions of Exchange.

An example of searching for emails from bill@microsoft.com, from 25 Oct 2016 to 27 Oct 2016, outputting to a file:

Get-MessageTrackingLog -ResultSize Unlimited -Start "10/25/2016" -End "10/27/2016" -Sender "bill@microsoft.com" | Select-Object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_Recipients} | Export-CSV C:\temp\MessageLogResults.txt

(Note that sometimes Microsoft ignores your regional settings and forces you to use the United States date notation.)

It's also the only want to search using a wildcard in older versions of Exchange.

No comments:

Post a Comment