Solved

"Who sent that email?" search in Exchange 2010

Posted on 2010-11-29
8
1,525 Views
Last Modified: 2012-05-10
I have been asked by my boss to confidentially find out who sent an email to a specific email address.  He has given me the destination email address and the date and approximate time that the message was sent, withing a ½-hour window.

How do I search for that?  We have Exchange 2010.

Thanks,
Jono
0
Comment
Question by:Jono Martin
  • 4
  • 3
8 Comments
 
LVL 14

Expert Comment

by:athomsfere
ID: 34231492
Was it sent from a group mailbox in your domain?

Do you have a copy of the message, or better yet the original email untouched / moved?
0
 
LVL 25

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 34231535
You can do it in the Exchange Management Console from within the tools, message tracking.

Or use the following Exchange Management Shell script:

Get-MessageTrackingLog -server abc -recipients abc@contoso.com -start "01/01/2010 00:01:00" -end "11/11/2010 23:59:00" | fl
0
 

Author Comment

by:Jono Martin
ID: 34233119
Tony1044 - I get the following message in PowerShell when using the suggested command:

"The term 'Get-MessageTrackingLog' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."

I do have SP1 installed (recently).  Is there something else I need to do to get these commands to work in PowerShell?

Thanks.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34233164
You need to run the exchange management shell, not plain old powershell.
0
 

Author Comment

by:Jono Martin
ID: 34234307
OK.  I have run the cmd and I have a couple of questions:
1. What does the "| fl" do?
2. Where can I find the results of this command?

Thanks again!
Jono
0
 

Author Closing Comment

by:Jono Martin
ID: 34234339
Nevermind that last comment.  I see that it shows in the shell itself unless there are no results, which was the case.

Thanks for your help.
Jono
0
 

Author Comment

by:Jono Martin
ID: 34234404
Actually, I'm still interested to know what the pipe command at the end means (" | fl ").

Thanks,
Jono
0
 
LVL 25

Expert Comment

by:Tony Johncock
ID: 34236989
Format List. It gives more detail and can be used to filter with extra commands.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question