[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 518
  • Last Modified:

How do I find messages sent to a distribution group in Exchange 2007?

Hi all,

We are using Exchange Server 2007 and by examining the message tracking logs we need to find which mail-enabled Active Directory groups have been receiving messages from the internet for a specific period of time. The results should not include internal messages.

How can I accomplish this?
0
Ibtech2011
Asked:
Ibtech2011
1 Solution
 
MarioAlcaideCommented:
Have you looked at this document?

http://www.msexchange.org/tutorials/Sending-As.html
0
 
Ibtech2011Author Commented:
My question has nothing to do with the  "Send As" function.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Ibtech2011Author Commented:
Gaurav05,

I know how to restrict distribution groups from receiving messages but that is not what I want to accomplish. I need to find past messages, let's say in the last 3 months, from tracking logs that were sent from the internet to distribution/security groups. Based on this report, I can restrict some groups from receiving messages from the internet. In short, I want to find which groups have actually received messages from the internet.
0
 
AkhaterCommented:
this will give you what you want
$DG=get-distributiongroup -resultsize unlimited

$incount=0
$excount=0

$start = "2011-10-01"
$end   = "2011-10-09"


foreach ($item in $DG)

{

   $msg= Get-TransportServer | get-messagetrackinglog -start $start -end $end -eventid receive -recipients $item.primarySMTPaddress.tostring() -resultsize unlimited

   $accepted_domains = Get-AcceptedDomain |% {$_.domainname.domain} 
   [regex]$dom_rgx = "`(?i)(?:" + (($accepted_domains |% {"@" + [regex]::escape($_)}) -join "|") + ")$" 



   foreach ($m in $msg){
      if ($m.sender -match $dom_rgx){
         $incount++;
      }
      else {$excount++;}
      #write-host $m.sender
   } 


   "Distribution Group: "+$item.name

   "Internal: " +$incount

   "External: " +$excount

   $incount=0
   $excount=0
}

Open in new window

0
 
AkhaterCommented:
if you want to restrict it to one group change the first line
$DG=get-distributiongroup -resultsize unlimited

to $DG=get-distributiongroup GroupName
0
 
AkhaterCommented:
with a bugfix
$DG = get-distributiongroup -ResultSize unlimited

$incount=0
$excount=0

$start = "2011-10-01"
$end   = "2011-10-09"

foreach ($item in $DG)

{

   $msg= Get-TransportServer | get-messagetrackinglog -start $start -end $end -eventid receive -recipients $item.primarySMTPaddress.tostring() -resultsize unlimited

   $accepted_domains = Get-AcceptedDomain |% {$_.domainname.domain} 
   [regex]$dom_rgx = "`(?i)(?:" + (($accepted_domains |% {"@" + [regex]::escape($_)}) -join "|") + ")$" 



   foreach ($m in $msg){
      if ($m.sender -match $dom_rgx){
          $incount++
      }
      elseif($m){$excount++}
   } 


   "Distribution Group: "+$item.name

   "Internal: " + $incount

   "External: " + $excount

   $incount=0
   $excount=0
}

Open in new window

0
 
Ibtech2011Author Commented:
Hi Akhater,

Thanks for your reply, the code you sent will most probably work as we wished, but we have around one thousand of distribution groups and tens of gigabytes sized messages tracking logs for each day. So, this code will be somehow inefficient for us. Instead of traversing logs for each group name, we need another version of this powershell script in which message tracking logs will be traversed once and for each recipient address it will be checking if this address is a distribution group or not.  If it is a group it should be printing sender address, recipient address and the time of the event. Thanks

0
 
AkhaterCommented:
that should be easy to do, give me 15 min
0
 
AkhaterCommented:
try this
$DG = get-distributiongroup -ResultSize unlimited

$count=0


$start = "2011-10-01"
$end   = "2011-10-09"


$accepted_domains = Get-AcceptedDomain |% {$_.domainname.domain} 
[regex]$dom_rgx = "`(?i)(?:" + (($accepted_domains |% {"@" + [regex]::escape($_)}) -join "|") + ")$" 

$msgs = Get-TransportServer | get-messagetrackinglog -start $start -end $end -eventid receive -resultsize unlimited

foreach ($m in $msgs) { $incount++; #echo $incount
   foreach ($item in $DG){
      if ($m.recipients -contains $item.primarySMTPaddress.tostring()) {
         if(-not($m.sender -match $dom_rgx)){$count++;write-host "Sender : " $m.sender "Recipient : " $m.recipients "Timestamp : " $m.timestamp}
      }
   }
}

Open in new window

0
 
Ibtech2011Author Commented:
Thank you very much Akhater, we will run it and return to you.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now