Exchange Message Tracking

As Exchange administrator, you may need to search track email on exchange. Here is some examples PW command we can use to track the any message. This command I tested on Exchange 2016 environment, but it might work in other version of exchange.

Below some examples command of Get-MessageTrackingLog.

Find emails log from a particular sender in the last hour:

get-MessageTrackingLog -Sender -Start (Get-Date).AddHours(-1)

Find emails log and filter based on sender domain:

get-messagetrackinglog | where {[string]$_.recipients -like "*"}

Find all emails log from a particular sender between a certain time period:

get-messagetrackinglog -sender -Start "02/24/2019 09:00:00" -End "02/25/2019 17:00:00" |ft Timestamp, Source, Sender, Recipients, MessageSubject

Find all emails log in specific time period and mails sent to any user under “”

Get-MessageTrackingLog -ResultSize Unlimited -Start "02/24/2019" -End
"02/25/2019" | where {$_.recipients –like "*"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients}

The Get-MessageTrackingLog results are displayed on-screen. You can write the results to a file by piping the output to ConvertTo-Html or ConvertTo-Csv and adding “> ” to the command.

For Example you want to export the result of emails log from a particular sender in the last hour:

Get-MessageTrackingLog -Sender (Get-Date).AddHours(-1) | export-csv C:\Logs\tempMessageTrackingLogResults.csv


