Exchange Server 2013 Message Tracking Log PowerShell help ?
Hi People,
Can anyone here please assist me in modifying the PowerShell script below for Exchange Server 2013 Message tracking log ?
The script above does not search through all of the Exchange Server deployed in my entire AD domain.
I need to see if anyone in the company has FW:, RE: or even change the email subject which contains Payroll.
Usually I run the three lines below in my PowerGUI console to connect to one of my Exchange Server 2013 SP1:
Thanks,
Can anyone here please assist me in modifying the PowerShell script below for Exchange Server 2013 Message tracking log ?
Get-TransportService | foreach { Get-Messagetrackinglog -Server $_.Server -Resultsize Unlimited -Start "18/04/2017 1:00:00 AM" -End "18/04/2017 11:00:00 PM" | Where {$_.MessageSubject -contains "*Payroll*" -and $_.Sender -contains "Sender@EmailDomain.com"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, MessageSubject, TotalBytes, ConnectorId } | Export-Csv C:\TEMP\EmailTrackingLogs2013.csv -NoTypeInformation
The script above does not search through all of the Exchange Server deployed in my entire AD domain.
I need to see if anyone in the company has FW:, RE: or even change the email subject which contains Payroll.
Usually I run the three lines below in my PowerGUI console to connect to one of my Exchange Server 2013 SP1:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://PRODMBXCAS02-VM/PowerShell/ -Authentication Kerberos
Import-PSSession $Session -AllowClobber
Import-Module ActiveDirectory -ErrorAction STOP
Thanks,
Last Comment
Try something like this instead:
Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Sender xxx -Recipient xxx -Start xxx -End xxx | Sort-Object -Property Timestamp | Format-List | Out-File track.txt
ASKER
I got this error repeated the for all of my Exchange server name:
This is the script as per Dan suggestion:
Cannot process argument transformation on parameter 'Server'. Cannot convert value "PRODMBXCAS04-VM" to type "Microsoft.Exchange.Configuration.Tasks.ServerIdParameter". Error: "Cannot convert hashtable to
an object of the following type: Microsoft.Exchange.Configuration.Tasks.ServerIdParameter. Hashtable-to-Object conversion is not supported in restricted language mode or a Data section."
+ CategoryInfo : InvalidData: (:) [Get-MessageTrackingLog], ParameterBindin...mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MessageTrackingLog
+ PSComputerName : PRODMBX02-VM
This is the script as per Dan suggestion:
Get-TransportService | foreach { Get-Messagetrackinglog -Server $_ -Resultsize Unlimited -Start "19/04/2017 1:00:00 AM" -End "19/04/2017 11:00:00 PM" | Where {$_.MessageSubject -contains "*Payroll*" -and $_.Sender -contains "ITHelpdesk@domain.com"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, MessageSubject, TotalBytes, ConnectorId } | Export-Csv C:\TEMP\EmailTrackingLogs2013.csv -NoTypeInformation
ASKER
While Jason's suggested code is also not working:
This is the code:
The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take
pipeline input.
+ CategoryInfo : InvalidArgument: (PRODMBXCAS04-VM:PSObject) [Get-MessageTrackingLog], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Get-MessageTrackingLog
+ PSComputerName : PRODMBX02-VM
This is the code:
Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -Resultsize Unlimited -Start "04/18/2017 1:00:00 AM" -End "04/18/2017 11:00:00 PM" | Where {$_.MessageSubject -contains "*Payroll*" -and $_.Sender -contains "ITHelpdesk@domain.com"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, MessageSubject, TotalBytes, ConnectorId } | Export-Csv C:\TEMP\EmailTrackingLogs2013.csv -NoTypeInformation
I would try this:
A little more digging... Get-TransportService returns an object with a lot of data. If you pipe this command into Get-Member, you can see the components of the results. PSComputerName is a simple string which the Get-MessageTrackingLog command should take as the -Server attribute.
In the where clause, using -match is a better fit than -contains. Also, your dates were in the wrong format. They must be in the following format: mm/dd/yyyy hh:mm:ss AM/PM
Reference link: https://technet.microsoft.com/en-us/library/aa997573(v=exchg.150).aspx
Dan
Get-TransportService | foreach { Get-Messagetrackinglog -Server $_.PSComputerName -Resultsize Unlimited -Start "04/19/2017 1:00:00 AM" -End "04/19/2017 11:00:00 PM" | Where {$_.MessageSubject -match "Payroll" -and $_.Sender -match "ITHelpdesk@domain.com"} | Select @{Name='Recipients';Expression={[string]::join(";", ($_.Recipients))}}, Sender, ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, MessageSubject, TotalBytes, ConnectorId } | Export-Csv C:\TEMP\EmailTrackingLogs2013.csv -NoTypeInformation
A little more digging... Get-TransportService returns an object with a lot of data. If you pipe this command into Get-Member, you can see the components of the results. PSComputerName is a simple string which the Get-MessageTrackingLog command should take as the -Server attribute.
In the where clause, using -match is a better fit than -contains. Also, your dates were in the wrong format. They must be in the following format: mm/dd/yyyy hh:mm:ss AM/PM
Reference link: https://technet.microsoft.com/en-us/library/aa997573(v=exchg.150).aspx
Dan
ASKER
Dan,
The reason I'd like to use -contain is so that I can get larger result where the subject is containing that keyword since the mail subject keeps on changing like
FW: Payroll
RE: Payroll
Draft: Payroll
....
The reason I'd like to use -contain is so that I can get larger result where the subject is containing that keyword since the mail subject keeps on changing like
FW: Payroll
RE: Payroll
Draft: Payroll
....
I've been using that one liner since Exchange 2007. I know it works. Log directly on to the Exchange server and run it with EMS instead if remoting
ASKER
Jason, does it works for Exchange 2013 ?
ASKER
Dan,
when running the script, I got:
when running the script, I got:
Where : parsing "*Payroll*" - Quantifier {x,y} following nothing.
At line:2 char:168
+ Get-TransportService | foreach { Get-Messagetrackinglog -Server $_.PSComputerNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Where-Object], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.WhereObjectCommand
ASKER
I got this error:
The pipeline was not run because a pipeline is already running. Pipelines cannot be run concurrently.
+ CategoryInfo : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException
+ FullyQualifiedErrorId : RemotePipelineExecutionFailed
Get-MailboxFolderStatistics : The session Session for implicit remoting module at C:\Users\Admin\AppData\Local\Temp\tmp_4dj2xuk4.x5a\tmp_4dj2xuk4.x5a.psm1,
6e8bae6f-8f9c-424c-aa35-cc88c316b1db, alexsvr-ex01 is not available to run commands. The session availability is Busy.
At C:\Users\Admin\AppData\Local\Temp\99d25a74-942d-4cf9-b40e-6776ecd9f7c5.ps1:7 char:10
+ $si = $_ | Get-MailboxFolderStatistics -IncludeOldestAndNewe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ([PSSession]Sess...j2xuk4.x5a.psm1:PSSession) [Invoke-Command], InvalidRunspaceStateException
+ FullyQualifiedErrorId : InvokeCommandCommandInvalidSessionAvailability,Microsoft.PowerShell.Commands.InvokeCommandCommand
No valid sessions were specified. Ensure you provide valid sessions that are in the Opened state and are available to run commands.
At C:\Users\Admin\AppData\Local\Temp\99d25a74-942d-4cf9-b40e-6776ecd9f7c5.ps1:line:7 char:10
+ $ <<<< si = $_ | Get-MailboxFolderStatistics -IncludeOldestAndNewestItems -FolderScope SentItems
Pipeline not run because a pipeline is already running. Pipelines cannot be run concurrently.
+ CategoryInfo : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException
+ FullyQualifiedErrorId : RemotePipelineExecutionFailed
Are you running the command from an Exchange server or from a remote session?
Dan
Dan
ASKER
From my laptop with PowerGUI IDE.
Yes it absolutely works for 2013. Alternately you can just run Get-TransportServer piped to Get-MessageTrackingLog
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks Dan it works.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
The Get-TransportService command returns 2 fields. Name & MessageTrackingLogEnabled.
I would just change the - Server attirbute to $_
Dan