Link to home
Start Free TrialLog in
Avatar of WizardWill
WizardWill

asked on

MS Exchange 2007 Message Tracking Powershell

Experts,

Im not sure if this can be done.

Is there a way to find out all users which send email to a specific domain using message tracking in exchange 2007 using like a wild card * and displaying the email address which sent it and received it ?

Scenario:

user@mycompany.com sends email to user@abc.com I don't know which user sent it or to who it got sent to. The only info i have is it was sent to someone @abc.com domain.

PowerShell Example -

get-messagetrackinglog -Recipients:*@abc.com -Server "MyServer" -Start "1/05/2009 12:13:00 PM" -End "19/05/2009 12:33:00 PM"

Regards,

WizardWill
ASKER CERTIFIED SOLUTION
Avatar of Akhater
Akhater
Flag of Lebanon image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of WizardWill
WizardWill

ASKER

is there away to filter the recipients address by domain using wild card ? eg. *@abc.com and get back a list of addresses which have sent emails to this domain
Did you try the command I gave you ?

If I understood correctly it is exactly what it does
Thanks very much that worked great. I just had to put in the  (-ResultSize Unlimited) and it ran perfectly.
Sorry to re-open this question, however the solution above doesnt seem to work as resultsize needs to be set to unlimited. Even then no results are displayed.  Is there any way to accomplish this through the GUI?  I find this question all across google searches and wildcards should be usable but arent.  I just want to get all messages in a data range from a specific domain.
It doesn't appear that the GUI can do queries that complex. You'll need to do it from PowerShell and it’s a little inefficient because you have to retrieve all records and filter them so I use a date filter on the first query to cut the number of records before piping it to the domain filter. The first part of the query just goes out and gets a list of all the servers that have the HUB role installed so I don’t have to specify them separately, we have some HUB/CAS duel role servers so the “like” command makes sure to catch them all. I tossed in the select-object line so I could export the contents of the recipients field.
Get-ExchangeServer | where {$_.ServerRole -like "*HubTransport"} | get-messagetrackinglog -Start "2/27/2010 11:20:00 AM" -End "1/19/2011 11:30:00 AM" -resultsize unlimited | where {$_.Sender -like "*@gmail.com"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv c:\gmail.csv

Open in new window

Yikes.
It is reasons like this that people are migrating away from exchange. I have found a different way to do it in that I keep all message logs now and I also archive everything to a vendor.  Using a primitive set of tools at my vendor I can accomplish what exchange cannot.
To each his own, command-line access like we get with PowerShell is something that Exchange admins have been wanting for years and finally have. Unless I missed something in your request the PowerShell command clearly shows that Exchange can deliver the information you wanted. PowerShell was a little unnerving at first, even though I’ve administered Exchange for many years I’ve never considered myself a script writer or programmer and I do not consider myself a PowerShell expert in any way. The command I put together above was just combining bits and pieces I found on other sites including the command Akhater posted.
I love the Powershell, I was one of the admins pining away for it :)

Yes your response does appear to give me the results I would want, however as you mentioned it is rather inefficient.  The alternative route of using my smarthost's archiving service is much more efficient even though I have to use a gui.  However, now that I am journaling and keeping the message tracking logs beyond 30 days I can use some nice 3rd party tools that parse the data in seconds.
The reason I requested GUI is I have a user who performs audits and isnt Command line saavy,  the line you gave me could go bad quickly if used improperly :)
Thank you for getting back to me.