Tuesday, July 1, 2014

Easy Checking Message Tracking Log Across All Servers

Hi Folks,

This is a quick tip on how to extract information from message tracking logs. Exchange has nice GUI tools like Message Tracking which used ECP, EAC and Tracking Log Explorer. However we can use them against a single server (even it's remote) at a time.

The following commands allow you to extract message tracking information from all Hub Transport servers at the same time. Let's imagine the following scenario: you have Hub Transport server role co-located with CAS on the servers. And also you are trying to find all emails that were sent to a user named John Smith with email address john.smith@smtpdomain.com from a user Mary Jones with email address mary.jones@smtpdomain.com (of course nothing personal, these names are fictional here).

First I created variable called $Hubs which I populate with Hub Transport servers.

If you have separate Hub transport server roles you can use (and no Edge servers will be there simply because they are not present):

$Hubs=Get-TransportServer

If you have Edge servers in your Exchange topology then the following command is for you

$Hubs=Get-ExchangeServer | Where-Object {$_.ServerRole -like "HubTransport"}

And finally in my scenario where I have Edge servers in topology and Hub Transport servers also has CAS role running, I have populated my $Hubs variable this way (since I don't need edge servers there because I was looking only for internal emails):

$Hubs=Get-ExchangeServer | Where-Object {$_.ServerRole -like "ClientAccess, HubTransport"}

Afterwards I have run Get-MessageTrackingLog command against each Hub Transport server in $Hubs variable with specifying

$Hubs |foreach {Get-MessageTrackingLog -server $_.Name -Sender mary.jones@smtpdomain.com -Recipients john.smith@smtpdomain.com}

This command can be even better filtered by using -Start and -End  with dates and times specified (to search limited to certain dates) or any other parameter.You can check all the parameters for Get-MessageTrackingLog command here .

And finally report can be outputted as list (Format-List) to see every single detail for each SMTP transaction, though very hard to read or you can output it to CSV file using Export-CSV command. Something like:

$Hubs |foreach {Get-MessageTrackingLog -server $_.Name -Recipients john.smith@domain.com} |select EventId,Source,Sender,@{N="Recipients";E={$_.Recipients}},MessageSubject,TimeStamp |Export-Csv D:\Software\Output.csv

Enjoy!