• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 50
  • Last Modified:

Best way to search exchange 2013 to see if users sent email to an external domain

I am trying to search via the shell to see what users in our organization may have sent emails to a certain external domain.
Each time I run the following command: Get-MessageTrackingLog -ResultSize Unlimited -Start "1/1/2017" -End "12/5/2017" | where {$_.Sender -like "*@gmail.com"} | select-object Timestamp, SourceContext, Source, EventId, MessageSubject, Sender, {$_.Recipients} | export-csv C:\Externaldomain.com.txt

 it finds items starting on Nov 13 2017 and goes until today. But for some reason no matter what external domain name I put in, it wont find anything before Nov 13.
Is there somethin I am doing wrong?
0
vmich
Asked:
vmich
1 Solution
 
RoninCommented:
Your logs might be configured to 30 days only or so.
Check here.
0
 
Puneet BhattTech Expert/ConsultantCommented:
0
 
vmichAuthor Commented:
I don't see where it shows me if we have it set for 30 days or not but if it is set to 30 days, is there no way to get information older than that for users who sent emails to an external domain?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
vmichAuthor Commented:
So my question is now that if it is 30 days for the logs, is there still anyway we can track if users have sent emails to a particular external domain?
0
 
RoninCommented:
Run Get-TransportService to view the current configuration.
0
 
vmichAuthor Commented:
I run that and it says that the status is true..
So I guess the setting is 30 days so back to my question then,

So my question is now that if it is 30 days for the logs, is there still anyway we can track if users have sent emails to a particular external domain older than 30 days
0
 
RoninCommented:
If the logs are configured for 30 days and you don't have ANY other place that keeps SMTP traffic for more than 30 days - the answer is NO.
However, validate what's the setting for the logs.
Execute:
Get-TransportService ExchangeServer[ | fl

Open in new window

to view the existing setting.
Replace ExchangeServer with the name of your Exchange server.
0
 
mbkitmgrCommented:
for logs older than 30 days, go to your backups.

Restore the Message Tracking logs to a different location and load them into Excel.  Its a little cumbesome but will get you the answer you need
0
 
vmichAuthor Commented:
logs set for 30 days
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now