dougdog
asked on
what code or shell can i run to to see who is sending emails after hours and how many are sent
i'm running exchange 2013 / 365 hybrid
i need to be able to see what emails are being sent after working hours
so basically i need to choose a specific week and run a report to see who is sending emails after these hours and how many
is this possible?
i need to be able to see what emails are being sent after working hours
so basically i need to choose a specific week and run a report to see who is sending emails after these hours and how many
is this possible?
ASKER
ok i ran that many thanks
it is quite hard to read
is there away i could do the following
easily export to excel
something like a colums showing users and the number of emails they send and maybe the subject ot recepient
it is quite hard to read
is there away i could do the following
easily export to excel
something like a colums showing users and the number of emails they send and maybe the subject ot recepient
ASKER
im also only interested in sent emails
ASKER
hi can anyone help?
Updated the code for you. You'll need to edit the where sender clause putting your primary smtp domain.
Get-clientaccessserver | Get-Messagetrackinglog -Start "04/18/2017 1:00:00 AM" -End "04/18/2017 8:00:00 AM" | where{$_.sender –like “*@mydomain.com”} | Select ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, Sender, Recipients, MessageSubject, TotalBytes, ConnectorId | Export-CSV C:\MessageTrackingLog.CSV -NoType
ASKER
Hi Thank you nearly there
could we remove things like
submit
receive
agent info
agent
not include any health mailbox info just end users info
routing agents etc so that we only have sent email from users
and maybe remove
client ip hostname ebent id etc
i would like something like
time sender subject recipient
it needs to be a very simple friendly report and easy to read if possible
also could it be run for a week say
17/4/17 to 21/4/17 all sent mail after 6pm
if at all possible
could we remove things like
submit
receive
agent info
agent
not include any health mailbox info just end users info
routing agents etc so that we only have sent email from users
and maybe remove
client ip hostname ebent id etc
i would like something like
time sender subject recipient
it needs to be a very simple friendly report and easy to read if possible
also could it be run for a week say
17/4/17 to 21/4/17 all sent mail after 6pm
if at all possible
ASKER
also when i ran the code it finished quickly think it needs to be result size unlimited
You will need to modify the date range manually for each day required.
Get-clientaccessserver | Get-Messagetrackinglog -ResultSize unlimited -Start "04/18/2017 6:00:00 PM" -End "04/19/2017 8:00:00 AM" | where{$_.sender –like “*@mydomain.com”} | Select Timestamp, Sender, MessageSubject, Recipients| Export-CSV C:\MessageTrackingLog.CSV -NoType
ASKER
great nearly there
the recipient column is showing System.String[]
also is there any way to exclude all the MicrosoftExchange229e71ec8 8ae4615bbc 36ab6ce411 09e from appearing
the recipient column is showing System.String[]
also is there any way to exclude all the MicrosoftExchange229e71ec8
Give this a try.
Get-clientaccessserver | Get-Messagetrackinglog -ResultSize unlimited -Start "04/18/2017 6:00:00 PM" -End "04/19/2017 8:00:00 AM" | where{$_.sender –like “*@mydomain.com”} | Select Timestamp, Sender, MessageSubject, @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}} | Export-CSV C:\MessageTrackingLog.CSV -NoType
ASKER
Hi
still showing many items for
MicrosoftExchange329e71ec8 8ae4615bbc 36ab6ce411 09e@
still showing many items for
MicrosoftExchange329e71ec8
Is this address showing up as a sender? Do you have message journal enabled?
ASKER
Hi
Still getting these entries
MicrosoftExchange229e71ec8 8ae4615bbc 36ab6ce411 09e
Still getting these entries
MicrosoftExchange229e71ec8
ASKER
sorry duplicate entry yes we have journal enabled
This address is basically the exchange systems journaling. I've updated the code to include the address please modify the domain to match your domain.
Get-clientaccessserver | Get-Messagetrackinglog -ResultSize unlimited -Start "04/18/2017 6:00:00 PM" -End "04/19/2017 8:00:00 AM" | where{$_.sender –like “*@mydomain.com” -and $_.Sender -ne "MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@mydomain.com"} | Select Timestamp, Sender, MessageSubject, @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}} | Export-CSV C:\MessageTrackingLog.CSV -NoType
ASKER
sorry i want to exclude this
i only want end users displayed
i only want end users displayed
ASKER
can this be done do you think?
I provided you code in ID 42117117 that should of excluded that email address, did that not work?
$_.Sender -ne "MicrosoftExchange329e71ec 88ae4615bb c36ab6ce41 109e@mydom ain.com"
$_.Sender -ne "MicrosoftExchange329e71ec
ASKER
hi i still had a large number of similar emails
although i just sorted and then set to hide
although i just sorted and then set to hide
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
many thanks
You're welcome! Happy the solution worked out.
Get-clientaccessserver | Get-Messagetrackinglog -Start "04/18/2017 1:00:00 AM" -End "04/18/2017 8:00:00 AM" | Select ClientIp, ClientHostname, Timestamp, EventID, Source, ServerHostname, ServerIp, Sender, Recipients, MessageSubject, TotalBytes, ConnectorId
Here is information for retrieving office 365 message logs.
http://www.msexchange.org/kbase/ExchangeServerTips/MicrosoftOffice365/ExchangeOnline/retrieve-message-tracking-logs-exchange-online-and-eop.html