Microsoft Exchange Server depends on Internet Information Services (IIS). Sometimes you have to restart IIS,…
Search message tracking logs in Exchange
How to search for message tracking logs by sender or recipient email address in Exchange? What if there is a tool that can search and show you the results. Learn more about the Exchange message tracking logs GUI PowerShell script.
Table of contents
Information
In Microsoft Exchange Server, the message tracking log is a detailed record of all message activity as messages are transferred to and from the Transport service on Mailbox servers, mailboxes on Mailbox servers, and Edge Transport servers.
Why you want to use message tracking logs:
- Message forensics
- Mail flow analysis
- Reporting
- Troubleshooting
Prepare the search message tracking logs GUI script
Download the Exchange Message Tracking GUI.ps1 PowerShell script. Save the file on your Exchange Server in the following path: C:\scripts\. You can find the original article over here.
Now that we placed the message tracking script in the scripts folder. The next step is to run the Exchange message tracking GUI script.
Run Exchange message tracking GUI script
Run Exchange Management Shell or PowerShell as administrator; both will work. Run the following cmdlet to start.
PS C:\> C:\scripts\Exchange-Message-Tracking-GUI.ps1After the application starts, you can change the language. In our example, we are changing the language to English.
Search message tracking logs by sender
We like to search for messages that are sent by the user Amanda Morgan.
- Enable and enter email address of the sender
- Enable and set the eventID by selecting SEND
- Set the results to 100
- Click Search to search the sent messages
I recommend setting a small size of limit results. If you are sure that the information is correct, and need more data, change the limit results. If you want to see all the results, change the Results to Unlimited.
After we click on the Search button, the sent messages will show in the Out-GridView.
The Out-GridView cmdlet sends the output from a command to a grid view window where the output is displayed in an interactive table.
If you like to export the results to a CSV file, enable Save results to CSV-File. Choose a folder, or it will save the CSV file by default on the desktop.
Search message tracking logs by recipient
We like to search for all messages that have been received by the user Amanda Morgan.
- Enable and enter email address of the recipient
- Enable and set the eventID by selecting DELIVER
- Set the results to 100
- Click Search to search the received messages
I recommend setting a small size of limit results. If you are sure that the information is correct, and need more data, change the limit results. If you want to see all the results, change the Results to Unlimited.
After clicking the Search button, the received messages will show in the Out-GridView window.
Do you like to export the results to a CSV file? Enable Save results to CSV-File. Choose a folder, or it will save the CSV file by default on the desktop.
Search message tracking logs by date and time
Another example is searching for all the messages sent on the date 15/10/2020, between 00:00 – 02:00.
- Enable and set the EventID by selecting SEND
- Enable and set the start date and time at 00:00
- Enable and set the end date and time at 02:00
- Set the results to 100
- Click Search to search the received messages
I recommend setting a small size of limit results. If you are sure that the information is correct, and need more data, change the limit results. If you want to see all the results, change the Results to Unlimited.
After we click the Search button, the received messages will show in the Out-GridView window.
Tracking message logs in Exchange is simple with the GUI. Did you make use of the message tracking logs GUI PowerShell script?
Keep reading: Search and delete messages from Exchange user mailboxes »
Conclusion
In this article, you learned how to search message tracking logs in Exchange Server. If you like to have a GUI with a lot of options, use the Exchange Message Tracking GUI PowerShell script. It’s also great if you don’t want to run cmdlets in PowerShell. Don’t forget to export the message tracking logs to a CSV file if you need it.
Did you enjoy this article? You may also like Export a list of mailboxes to text in Exchange. Don’t forget to follow us and share this article.
What Others Are Reading
Please for your advice
When select dates powershell report the following error
Get-Date : The input object cannot be bound to any parameters for the command either because the command does not take
pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
At line:1 char:85
The issue is with the “nexted” piping of the command with dates. e.g:
get-transportservice | get-messagetrackinglog -wa 0 -Start (“3/12/2024 11:54” | Get-Date) -End (“3/13/2024 11:54” | Get-Date)
The solution is to modify the script a bit.
Search the following string in the script:
get-transportservice
and replace with:
(get-transportservice).id
Tested on a lone Exchange 2016 server running on the server itself.
The issue is limited to running the script from ISE only. Runs fine in a regular terminal instance.
Powershell 5.1
When i search by date on Exchange 2016 i’ve same error, how can I resolve?
Very nice script, thanks.
When trying to search by date, I get the below error
Get-Date : The input object cannot be bound to any parameters for the command either because the command does not take
pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
At line:1 char:154
+ … 08:55:26″ | Get-Date) -End (“12/31/2021 09:55:26” | Get-Date) | wher …
+ ~~~~~~~~
+ CategoryInfo : InvalidArgument: (12/31/2021 09:55:26:String) [Get-Date], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.PowerShell.Commands.GetDateCommand
Cannot process argument transformation on parameter ‘Start’. Cannot convert null to type “System.DateTime”.
+ CategoryInfo : InvalidData: (:) [Get-MessageTrackingLog], ParameterBindin…mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MessageTrackingLog
+ PSComputerName : dc-mx09.datacentre.accent.nl
Hi Richard, I have exchange 2013 and I get the same error, have you solved?
Thanks.
Thanks a lot !!