How do I find messages sent to a distribution group in Exchange 2007?
Hi all,
We are using Exchange Server 2007 and by examining the message tracking logs we need to find which mail-enabled Active Directory groups have been receiving messages from the internet for a specific period of time. The results should not include internal messages.
How can I accomplish this?
We are using Exchange Server 2007 and by examining the message tracking logs we need to find which mail-enabled Active Directory groups have been receiving messages from the internet for a specific period of time. The results should not include internal messages.
How can I accomplish this?
ASKER
My question has nothing to do with the "Send As" function.
ASKER
Gaurav05,
I know how to restrict distribution groups from receiving messages but that is not what I want to accomplish. I need to find past messages, let's say in the last 3 months, from tracking logs that were sent from the internet to distribution/security groups. Based on this report, I can restrict some groups from receiving messages from the internet. In short, I want to find which groups have actually received messages from the internet.
I know how to restrict distribution groups from receiving messages but that is not what I want to accomplish. I need to find past messages, let's say in the last 3 months, from tracking logs that were sent from the internet to distribution/security groups. Based on this report, I can restrict some groups from receiving messages from the internet. In short, I want to find which groups have actually received messages from the internet.
this will give you what you want
$DG=get-distributiongroup -resultsize unlimited
$incount=0
$excount=0
$start = "2011-10-01"
$end = "2011-10-09"
foreach ($item in $DG)
{
$msg= Get-TransportServer | get-messagetrackinglog -start $start -end $end -eventid receive -recipients $item.primarySMTPaddress.tostring() -resultsize unlimited
$accepted_domains = Get-AcceptedDomain |% {$_.domainname.domain}
[regex]$dom_rgx = "`(?i)(?:" + (($accepted_domains |% {"@" + [regex]::escape($_)}) -join "|") + ")$"
foreach ($m in $msg){
if ($m.sender -match $dom_rgx){
$incount++;
}
else {$excount++;}
#write-host $m.sender
}
"Distribution Group: "+$item.name
"Internal: " +$incount
"External: " +$excount
$incount=0
$excount=0
}
if you want to restrict it to one group change the first line
$DG=get-distributiongroup -resultsize unlimited
to $DG=get-distributiongroup GroupName
$DG=get-distributiongroup -resultsize unlimited
to $DG=get-distributiongroup GroupName
with a bugfix
$DG = get-distributiongroup -ResultSize unlimited
$incount=0
$excount=0
$start = "2011-10-01"
$end = "2011-10-09"
foreach ($item in $DG)
{
$msg= Get-TransportServer | get-messagetrackinglog -start $start -end $end -eventid receive -recipients $item.primarySMTPaddress.tostring() -resultsize unlimited
$accepted_domains = Get-AcceptedDomain |% {$_.domainname.domain}
[regex]$dom_rgx = "`(?i)(?:" + (($accepted_domains |% {"@" + [regex]::escape($_)}) -join "|") + ")$"
foreach ($m in $msg){
if ($m.sender -match $dom_rgx){
$incount++
}
elseif($m){$excount++}
}
"Distribution Group: "+$item.name
"Internal: " + $incount
"External: " + $excount
$incount=0
$excount=0
}ASKER
Hi Akhater,
Thanks for your reply, the code you sent will most probably work as we wished, but we have around one thousand of distribution groups and tens of gigabytes sized messages tracking logs for each day. So, this code will be somehow inefficient for us. Instead of traversing logs for each group name, we need another version of this powershell script in which message tracking logs will be traversed once and for each recipient address it will be checking if this address is a distribution group or not. If it is a group it should be printing sender address, recipient address and the time of the event. Thanks
Thanks for your reply, the code you sent will most probably work as we wished, but we have around one thousand of distribution groups and tens of gigabytes sized messages tracking logs for each day. So, this code will be somehow inefficient for us. Instead of traversing logs for each group name, we need another version of this powershell script in which message tracking logs will be traversed once and for each recipient address it will be checking if this address is a distribution group or not. If it is a group it should be printing sender address, recipient address and the time of the event. Thanks
that should be easy to do, give me 15 min
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much Akhater, we will run it and return to you.
http://www.msexchange.org/tutorials/Sending-As.html