Here are some updated field notes from a recent message tracking case. This post is also an update of a previous post about MessageTracking I made about a year ago.
Unfortunately the Tracking Log tool in Exchange Management Console (EMC) – does not allow the use of wildcard characters, when trying to search of all mails sent or received from a certain domain. EMC can only handle a specific user or list of users.
However using the Exchange Management Shell and the cmdlet Get-MessageTracking, you are able to use wildcards in your search.
Below I have listed two examples to search for all mails sent from the “msdigest.net” domain and received from the “msdigest.net”.
I have extended to the scripts, compared to my previous post – so that the search result will be exported to a CSV file.
When using the scripts – make sure to update the date range and domain to search for. The search range in the above is set to from August 1st to November 14th 2012.
Search for mails sent TO any user at “msdigest.net” domain:
Get-MessageTrackingLog -ResultSize Unlimited -Start “08-01-2012” -End “11-14-2012” | where{$_.recipients –like “*@msdigest.net”} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:tempMessageTrackingLogResults.csv
Search for mails sent FROM users at “msdigest.net” domain:
Get-MessageTrackingLog -ResultSize Unlimited -Start “08-01-2012” -End “11-14-2012” | where{$_.sender –like “*@msdigest.net”} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:tempMessageTrackingLogResults.csv
The scripts above works on Exchange 2007, 2010 and 2013.
Reference to Get-MessageTrackingLog cmdlet.
It’s a good thing to use Export-Csv cmdlet with ‘-NoTypeInformation’ switch.