Share via

message tracking query - powershell

mrtro-1199 236 Reputation points
2020-08-27T14:03:51.737+00:00

Dear experts,

Running Exchange 2016 on-prem and have searched and tried to get a message tracking query to do the work for me without success. I would like to execute a powershell command that returns all incoming email from a perticular domain between two dates and write the log to a csv file. I also would like one for outgoing email to a perticular domain. The output should just contain timestamp, sender, recipient, subject. However I do not seem to get both recipient and sender in the log som some reason.

Anyone that are able to help?

Exchange Exchange Server Management
Accepted answer
  1. Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
    2020-08-28T12:43:41.187+00:00

    I changed my Display Name :)

    Which event are you interested in?

    If you mean the "SEND" event or "DELIVER" you can add that to the queries. This will give you one entry for each email :)
    Deliver shows when it was delivered to the mailbox:

    Example: 

    Get-TransportService | Get-MessageTrackingLog -EVENTID DELIVER -Start 08/25/2020 -End 08/26/2020 -ResultSize unlimited|?{$_.sender -like "*domain.com*" } | select timestamp,   
sender, @{n="Recipients"; e={$_.Recipients}}, Messagesubject | Export-Csv -NoTypeInformation tracking.csv

    SEND shows when it was sent from Exchange: 

    Get-TransportService | Get-MessageTrackingLog -EVENTID SEND -Start 08/25/2020 -End 08/26/2020 -ResultSize unlimited|?{$_.  
recipients -like "*domain.com*" } | select timestamp, sender, @{n="Recipients"; e={$_.Recipients}}, Messagesubject | Export-Csv -NoTypeInformation tracking.csv

    Other info:

    https://learn.microsoft.com/en-us/exchange/mail-flow/transport-logs/message-tracking?view=exchserver-2019#EventTypes

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
    2020-08-27T14:41:48.82+00:00

    Hi @mrtro-1199

    Here are some examples. I have attached a text doc

    20830-image.png 

    Get-TransportService | Get-MessageTrackingLog -Start 08/25/2020 -End 08/26/2020 -ResultSize unlimited|?{$_.sender -like "*domain.com*" } | select timestamp,   
sender, @{n="Recipients"; e={$_.Recipients}}, Messagesubject | Export-Csv -NoTypeInformation tracking.csv  

Get-TransportService | Get-MessageTrackingLog -Start 08/25/2020 -End 08/26/2020 -ResultSize unlimited|?{$_.  
recipients -like "*domain.com*" } | select timestamp, sender, @{n="Recipients"; e={$_.Recipients}}, Messagesubject | Export-Csv -NoTypeInformation tracking.csv

    20953-example.txt

    Let me know if this works for you!

    2 people found this answer helpful.
  2. Yuki Sun-MSFT 41,376 Reputation points Moderator
    2020-08-28T03:04:37.253+00:00

    Hi @mrtro-1199 ,

    I tested in my lad using the powershell scripts provided by AD-7937 and it worked perfect!

    21122-1.png
    Please have a go at your convenience to check the results. If it works, you can accept AD-7937's reply as Answer, it will encourge the person who help you and make answer searching easier in this forum. If you need further assistance on this, please feel free to post back.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.