The Get-MessageTrackingLog cmdlet provides two parameters for specifying sender and recipient email addresses as search criteria.
ยท -Sender โ a single SMTP address for the sender of the email message
ยท -Recipients โ one or more SMTP addresses for the recipients of the email message
Both parameters are optional, so if they are omitted the search will return all senders, all recipients, or all of both.
To demonstrate the use of these parameters consider the following email message sent from Alan Reid to three recipients.
SEARCHING MESSAGE TRACKING LOGS BY SENDER EMAIL ADDRESS
Because I happen to have sent this test message within the last hour it is not very difficult for me to search for by combining the -Sender parameter with the -Start parameter to search within a time/date range.
[PS] C:\>Get-MessageTrackingLog -Sender Alan.Reid@exchangeserverpro.net -Start (Get-Date).AddHours(-1)
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Payroll report for September
RECEIVE SMTP Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Payroll report for September
DELIVER STORE... Alan.Reid@exchangeserverpro.net {Alex.Heyne@exchangeserverpro.... Payroll report for September
DELIVER STORE... Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Payroll report for September
However, if I were searching over a broader time range I may see more results than I really want to see.
[PS] C:\>Get-MessageTrackingLog -Sender Alan.Reid@exchangeserverpro.net
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Descry turmoil deviance
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Impending abeyance recitals ba...
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Egress
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Presage visceral penurious
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Stipple voluble blatant stymie
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Inured
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Heinous mercurial
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Relapse smolder
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Meeting minutes
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Supine poignant
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Indigence denigrate swerve vig...
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Jocular
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Oblivious apropos condone savant
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Obdurate splice penitent
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Extenuate aplomb obtain eulogy
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Cursory cryptic rescind euphoria
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Lucubrate ruffian
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Indigence umbrage
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Emaciate valiant tractable
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Volatile fission cajole
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Concord legacy chisel fagged
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Egress reconcile contrite cred...
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Abstruse salacious constrict
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Unearth recreancy paucity
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} A meeting #1
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} A meeting #2
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Assuage foppish
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Clamor austere collusion
SUBMIT STORE... Alan.Reid@exchangeserverpro.net {} Waffle saturnine
...snip!
So in the case where I want to search a broader time window, but see fewer irrelevant results, I can combine the -Sender and -Recipients parameters in my search command.
SEARCHING MESSAGE TRACKING LOGS BY RECIPIENT EMAIL ADDRESS
It doesnโt matter whether the recipient was in the To, CC, or BCC of the message, the search will return any match regardless. Here the โPayroll report for Septemberโ email shown above is found even though Alex Heyne was one of several recipients and was in the CC field.
[PS] C:\>Get-MessageTrackingLog -Sender Alan.Reid@exchangeserverpro.net -Recipients alex.heyne@exchangeserverpro.net
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
RECEIVE SMTP Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Payroll report for September
DELIVER STORE... Alan.Reid@exchangeserverpro.net {Alex.Heyne@exchangeserverpro.... Payroll report for September
You can specify multiple recipient SMTP addresses simply by separating them with a comma. When you do this the condition is an โorโ not an โandโ. In other words, any messages with any one of the recipients will be returned in the results, they do not need to be messages sent to all the recipients.
Here both the payroll email sent to Alex and David, as well as another email sent only to David, are returned in the same results.
[PS] C:\>Get-MessageTrackingLog -Sender Alan.Reid@exchangeserverpro.net -Recipients alex.heyne@exchangeserverpro.net,david.gower@exchangeserverpro.net
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
RECEIVE SMTP Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Payroll report for September
DELIVER STORE... Alan.Reid@exchangeserverpro.net {Alex.Heyne@exchangeserverpro.... Payroll report for September
DELIVER STORE... Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Payroll report for September
RECEIVE SMTP Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Also how about lunch?
DELIVER STORE... Alan.Reid@exchangeserverpro.net {David.Gower@exchangeserverpro... Also how about lunch?
SEARCHING MESSAGE TRACKING LOGS FOR WILDCARD VALUES OR PARTIAL MATCHES
Unfortunately wildcard searches are not allowed with the -Sender and -Recipientparameters.
For example, this will return no results.
[PS] C:\>Get-MessageTrackingLog -Recipients *@gmail.com
However, you can use wildcards if you pipe the output of Get-MessageTrackingLog intoWhere-Object instead.
In this situation it is wise to limit the search to a specific date range for better performance. Or, if you do need to search the entire set of log files remember to use โ-Resultsize Unlimitedโ.
[PS] C:\>Get-MessageTrackingLog -Start (Get-Date).AddHours(-1) | Where-Object {$_.recipients -like "*@gmail.com"}
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
RECEIVE STORE... Alan.Reid@exchangeserverpro.net {exchangeserverpro@gmail.com} Email to the internet!
TRANSFER ROUTING Alan.Reid@exchangeserverpro.net {exchangeserverpro@gmail.com} Email to the internet!
SEND SMTP Alan.Reid@exchangeserverpro.net {exchangeserverpro@gmail.com} Email to the internet!
You can see that the wildcard is used with the -like comparison operator, but another technique is to use the -match comparison operator which doesnโt require the wildcard character.
[PS] C:\>Get-MessageTrackingLog -Start (Get-Date).AddHours(-1) | Where-Object {$_.recipients -match "gmail"}
EventId Source Sender Recipients MessageSubject
------- ------ ------ ---------- --------------
RECEIVE STORE... Alan.Reid@exchangeserverpro.net {exchangeserverpro@gmail.com} Email to the internet!
TRANSFER ROUTING Alan.Reid@exchangeserverpro.net {exchangeserverpro@gmail.com} Email to the internet!
SEND SMTP Alan.Reid@exchangeserverpro.net {exchangeserverpro@gmail.com} Email to the internet!
The same use of Where-Object with -like or -match also applies to the sender email address.
No comments:
Post a Comment