Share via

How to generate a message trace with more than 5000 lines in PowerShell

  • Article

Applies to: Exchange Online, Exchange Online Protection.

This scenario is addressed to companies that generate high mail flows or use multiple applications to relay emails.

Many admins are at some point facing a situation where analyzing a complex transport scenario is needed, this being translated into generating lengthy message traces.

 

The purpose of this article is to help Office 365 administrators generate message trace CSVs that contain more than 5000 lines each.

 

 

Microsoft documented the limitation of the 5000 results in a message trace in the following TechNet article: https://technet.microsoft.com/en-us/library/jj200712(v=exchg.150).aspx

 

The following script is using the parameters: “-Page” and “-PageSize” to go around this 5000 limitation:

Page Optional System.Int32 The Page parameter specifies the page number of the results you want to view. Valid input for this parameter is an integer between 1 and 1000. The default value is 1.
PageSize Optional System.Int32 The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.

https://technet.microsoft.com/en-us/library/jj200704(v=exchg.160).aspx

 

By declaring the -PageSize to the maximum allowed value of 5000 and using the parameter -Page we force the trace generation to move to another page, incrementally, once the 5000 lines are filled with data.

 

DISCLAIMER : This application is a sample application. The sample is provided "as is" without warranty of any kind. Microsoft further disclaims all implied warranties including without limitation any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the samples remains with you. in no event, shall Microsoft or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss arising out of the use of or inability to use the samples, even if Microsoft has been advised of the possibility of such damages. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

Before running the below script, you must meet the following prerequisites:

Global Admin permissions on Exchange Online.

PowerShell access to the Office 365 tenant.

 $cred = Get-Credential$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirectionImport-PSSession $Session Start-Transcript -Path C:\temp\Transcript.txt -Force $index = 1while ($index -le 1001){Get-MessageTrace -StartDate 08/28/2017 -EndDate 09/1/2017 -PageSize 5000 -Page $index | export-csv c:\temp\test.csv -Append$index ++sleep 5}Stop-Transcript

The same logic applies to Get-MessageTraceDetailed : https://technet.microsoft.com/en-us/library/jj200681(v=exchg.160).aspx

In addition to this sample transcript you can use all the parameters accepted by the Get-MessageTrace Get-MessageTraceDetailed cmdlets.

Comments

  • Anonymous
    September 05, 2017
    Cool stuff (Y)
    • Anonymous
      September 12, 2017
      Hope you find it useful :)
  • Anonymous
    December 13, 2017
    Upgraded script version, forcing the loop to end once the message trace output stops writing in the CSV:$cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $Session   $index = 1 do{ $a = Get-MessageTrace -StartDate 11/14/2017 -EndDate 12/14/2017 -PageSize 5000 -Page $index $a | export-csv c:\temp\test.csv -Append $index ++ }while ($index -le 1000 -and $a.count) Hope it helps :)
    • Anonymous
      December 17, 2017
      thank you for the update to the script, it was just what I was looking for- works perfectly
  • Anonymous
    March 20, 2018
    Hi, how can I do this for x1 email address?
  • Anonymous
    March 22, 2018
    The comment has been removed