asked on Way to find out who in the organization has sent emails to a particlular external email address
We are running exchange 2016 and we need a way to search our entire email system, which has over 3500 users, to see who in the company has sent emails to external email address.
Which is the best way to accomplish this within exchange 2016?
Not sure if I can do it via the ECP or does it have to be run via powershell?
Thanks
Which is the best way to accomplish this within exchange 2016?
Not sure if I can do it via the ECP or does it have to be run via powershell?
Thanks
PowershellExchange
Last Comment
vmich
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 11/07/2017 -EndDate 11/14/2017
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 11/07/2017 -EndDate 11/14/2017 | Format-list -Property Received,SenderAddress,Sta
You will get a list of all send emails and then you can find out.
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 11/07/2017 -EndDate 11/14/2017 | Format-list -Property Received,SenderAddress,Sta
You will get a list of all send emails and then you can find out.
You'll have to use message tracking.
that may work, you may need to stipulate a time frame.
Get-MessageTrackingLog | Where-Object {$_.recipients -like "Emailaddressinhere"}
that may work, you may need to stipulate a time frame.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 11/07/2017 -EndDate 11/14/2017
Get-MessageTrace -RecipientAddress <user’s address> -StartDate 11/07/2017 -EndDate 11/14/2017 | Format-list -Property Received,SenderAddress,Status,Messag eTraceId
Won't work, cloud based only, he's on 2016 and thus going to be on prem.
Regards
Alex
ASKER
So I see a couple different ways here. Which one is the best way?
Saif will yours work for exch 2016 onprem and if so, will it check all of our users emails, which we have over 3500
Saif will yours work for exch 2016 onprem and if so, will it check all of our users emails, which we have over 3500
ASKER
Alex,
How would I add a date range to your suggestion with the Get-MessageTrackingLog
How would I add a date range to your suggestion with the Get-MessageTrackingLog
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00"| Where-Object {$_.recipients -like "Emailaddressinhere"}
ASKER
Alex how do I add the unlimited results size to this because as I mentioned we have over 3500 email accounts to search
ASKER
I think I got it.
I added the -Resultsize unlimited
I added the -Resultsize unlimited
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Correct,
Sorry was grabbing a drink, that'll give you all the results rather than limiting it to 2000 I think it is.
Regards
Alex
Sorry was grabbing a drink, that'll give you all the results rather than limiting it to 2000 I think it is.
Regards
Alex
ASKER
Also I can dump this to a CSV file correct by adding the >d:\export.csv
I wouldn't bother
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00"| Where-Object {$_.recipients -like "Emailaddressinhere"} | Export-csv c:\temp\results.csv
that should do it, if it gives you crap out, I'll need to drop it into a report instead.
Regards
Alex
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00"| Where-Object {$_.recipients -like "Emailaddressinhere"} | Export-csv c:\temp\results.csv
that should do it, if it gives you crap out, I'll need to drop it into a report instead.
Regards
Alex
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Ok dumber question.
The command completed but where does it put the info to look at to see who if anyone ahs sent an email to the external email address
The command completed but where does it put the info to look at to see who if anyone ahs sent an email to the external email address
Even dumber question, you did change
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00"| Where-Object {$_.recipients -like "Emailaddressinhere"} | Export-csv c:\temp\results.csv
the in bold bit to your external mail as well as changing your time frames right?
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00"| Where-Object {$_.recipients -like "Emailaddressinhere"} | Export-csv c:\temp\results.csv
the in bold bit to your external mail as well as changing your time frames right?
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00"| Where-Object {$_.recipients -eq "Emailaddressinhere"} | Export-csv c:\temp\results.csv
Change the -like to a -eq as well.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Get-MessageTrackingLog -start "03/13/2018 09:00:00" -End "11/20/2019 17:00:00" -recipients "emailinhere" | Export-csv c:\temp\results.csv
Another slightly different method, this way you don't need to do there where-object since it's not a wildcard parameter.
ASKER
Yes I did make all of those changes.
Thanks I will run the command now with the CSV and let you know
Thanks I will run the command now with the CSV and let you know
ASKER
Ok so I ran the command and it seemed to run just fine. But the CSV file had no data in it. So if I did the command correct, that means that none of our users have sent an email tot he external address that I put into the command and ran correct?
This is what I put into the command:
Get-MessageTrackingLog -Resultsize unlimited -start "01/01/2019 09:00:00" -End "11/14/2019 17:00:00" -recipients "abdcef@468.com" | Export-csv c:\temp\results.csv
This should search all of our over 3500 users to see if they sent email to abdcef@468.com correct?
This is what I put into the command:
Get-MessageTrackingLog -Resultsize unlimited -start "01/01/2019 09:00:00" -End "11/14/2019 17:00:00" -recipients "abdcef@468.com" | Export-csv c:\temp\results.csv
This should search all of our over 3500 users to see if they sent email to abdcef@468.com correct?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Correct,
I'd say do this, do an email to your personal account, then put your own email address in and see if it returns it, if it does my code is sound and no one emailed that address. If it doesn't, then there is another issue and I think that could be down to your exchange logging.
regards
Alex
I'd say do this, do an email to your personal account, then put your own email address in and see if it returns it, if it does my code is sound and no one emailed that address. If it doesn't, then there is another issue and I think that could be down to your exchange logging.
regards
Alex
ASKER
Ok I tired that with my own email and when I make the changes in the command and run it, it did not find my email...
run it without the export and see if you get the message back then.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Ok will do that now but I ran Get-TransportServer and it shows all the exchange servers have message tracking log enabled
ASKER
when I run it without the export, it sits there for a couple of seconds and then drops back to the C prompt and does not show anything
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Alex,
Thanks for all your help with this. I got this command to work and I should be good to go..
get-MessageTrackingLog -Resultsize unlimited -Start "01/01/2019 09:00:00" -End "11/14/2019 17:00:00" | Where-Object {$_.recipients -like "*@gmail.com"} |export-csv d:\temp\results.csv
Thanks again for your help
Thanks for all your help with this. I got this command to work and I should be good to go..
get-MessageTrackingLog -Resultsize unlimited -Start "01/01/2019 09:00:00" -End "11/14/2019 17:00:00" | Where-Object {$_.recipients -like "*@gmail.com"} |export-csv d:\temp\results.csv
Thanks again for your help
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
https://practical365.com/exchange-server/searching-message-tracking-logs-by-sender-or-recipient-email-address/