Message Tracking in Exchange Server 2010/2013
Enabling or Disabling Message Tracking
Under the Sever Configuration -> Hub Transport -> Right click on the server and click properties as shown below:
http://www.techrid.com/wp-content/uploads/2015/07/MT1-300x99.png
Click on Server properties -> Go to Log Settings
http://www.techrid.com/wp-content/uploads/2015/07/MT2-300x89.png
Put check mark on Enable this feature, if you want to disable uncheck the box as shown above.
Also this can be performed using PowerShell
To check this feature on the Exchange Hub Transport below is the command
Syntax:
Get-TransportServer | Select Name, MessageTrackingLogEnabled | ft -Auto
http://www.techrid.com/wp-content/uploads/2015/07/MT3-300x43.png
To check this feature in the Mailbox server below is the command
Syntax:
Get-MailboxServer | Select Name, MessageTrackingLogEnabled |ft -Auto
http://www.techrid.com/wp-content/uploads/2015/07/MT4-300x45.png
By default
Max Age 30 Days
MaxDirectorySize 1GB and this can be extended
http://www.techrid.com/wp-content/uploads/2015/07/MT5-300x45.png
As said the feature MaxDirectorySize can be extended based on your requirement using the command:
Now if you check Directorysize it will be shown as the size that you have set
http://www.techrid.com/wp-content/uploads/2015/07/MT6-300x65.png
Now let’s see how to find the messages. Messages can be searched using Exchange Management Console (EMC) or Exchange Management Shell (EMS)
Exchange Management Console:
Open EMC -> Toolbox ->
http://www.techrid.com/wp-content/uploads/2015/07/MT7-300x121.png
Click Tracking Log Explorer for tracking messages to granular level as shown below:
http://www.techrid.com/wp-content/uploads/2015/07/MT8-300x140.png
Now let’s track the messages using Exchange Management Shell
PowerShell
The above message can be executed
Syntax:
Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -MessageId “da18339e-8151-4ff3-aeea-87ccf5fc9796@techrid.com” | Select-Object Timestamp,ServerHostname,ClientHostname,Source,EventId,Recipients | Sort-Object -Property Timestamp
The above syntax needs to be changed based on your requirement
Let’s go ahead message tracking user level using PowerShell commands:
Find messages by sender:
Get-MessageTrackingLog -sender “peppili@techrid.com”
Find messages by recipient:
Get-MessageTrackingLog -recipients “peppili@techrid.com”
Messages received or messages delivered to the mailbox:
You can further separate these by message received:
Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID RECEIVE
Messages delivered to the mailbox
Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER
Start and End date/time:
To further constrain these by Start and End times:
Get-MessageTrackingLog -sender peppili@techrid.com -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM”
Formatting output
To show only selected fields, you can pipe the output to the Select-Object command, and specify the fields required. Here we want the timestamp, recipients, and subject fields:
Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM” | Select timestamp,recipients,messagesubject
To get all fields from a message in a list format, you can pipe the output into a fl (format list).
By default, the Get-MessageTrackingLog command returns up to 1000 results. This can be hard to work with in a command screen that keeps scrolling endlessly. In addition to the above parameters used to filter the logs, you can also restrict the number of results returned using the ResultSize parameter.
Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM” -ResultSize 25
For Message tracking rather using EMC Tool using EMS will be much faster.
Tracking Messages sent to Distribution List
Most of the times situations come where administrators need to track messages sent to DL
Here below command might useful to track messages sent to DL
http://www.techrid.com/wp-content/uploads/2015/07/MT9-300x14.png
Note: No emails sent as it’s my Lab environment :).
Here we can also use the switch “-Autosize” even export to csv file as shown below:
Get-MessageTrackingLog -Start 06/29/2015 -EventID Expand | ft Timestamp,RelatedRecipientAddress -Autosize >C:\Message.csv
If we want to know how many messages received to that DL, this can be done by using small parameter as “Group-Object”
http://www.techrid.com/wp-content/uploads/2015/07/MT10-300x31.png
Messages sent to particular DL
Get-MessageTrackingLog -EventID Expand | ? {$_.RelatedRecipientAddress -like “IT-Helpdesk@contoso.com”} | ft Timestamp,Sender,MessageSubject -Autosize
Tracking Messages by Subject
Another good thing is here we can use “-MessageSubject” parameter while tracking messages. First we need to make sure that if this option is Enabled or not if not we can Enable this
So to check this feature run the command
Get-TransportServer | select name,*subject* | ft -auto
http://www.techrid.com/wp-content/uploads/2015/07/MT11-300x85.png
If it’s not Enabled you need to run the command as Set-TransportServer
Once after Enabling this you can Search the Message using “-MessageSubject”
http://www.techrid.com/wp-content/uploads/2015/07/MT12-300x28.png
Now let’s Track messages with EventID using PowerShell
Small Command
Get-MessageTrackingLog -ResultSize Unlimited | Group-Object -Property:EventId | Sort-Object Count -Desc | Select Name,Count
http://www.techrid.com/wp-content/uploads/2015/07/MT13-300x25.png
http://www.techrid.com/wp-content/uploads/2015/07/MT14-300x97.png
Great from this we have learnt Message tracking using EMC and EMS.
For More Info :