The below post was promoted from the draft bin due to a recent customer engagements. Exchange admins have grown very used to the message tracking UI tools that have shipped with the previous Exchange builds. This is completely understandable since they are required to investigate and resolve numerous issues. There may be a question of did Steve in accounting get that email last week, or why are the messages from Anne in sales stuck in a queue?
For the last 10 years or so the Exchange Message Tracking Tool has been the weapon of choice for many admins when troubleshooting such issues. However, this does not exist in Exchange 2013 or 2016. Instead we can use Delivery Reports or PowerShell to query the message tracking logs.
Scroll to the bottom for a pro tip on adding a GUI back to message tracking.
In the most simple form, we can use Get-MessageTrackingLog to search and return all hits from the specified server. In any large organisation, scrolling though the screeds of output is a waste of time and is not efficient. We need to apply some filtering logic.
Search By Sender
Get-MessageTrackingLog -Sender administrator@contoso.com
Search By Recipient
Get-MessageTrackingLog -Recipient thedude@hotmail.com
Search By Recipient Domain
Note that it is also possible to use a wildcard in the search to include an entire domain:
Get-MessageTrackingLog -Recipients *@hotmail.com
Alternately we could use a where statement such as the below, though this will typically be slower
Get-MessageTrackingLog | Where {$_.Recipients -like "*tailspintoys.com"}
Search By Subject
Get-MessageTrackingLog -MessageSubject "I Am Zorg"
Search By MessageID
Get-MessageTrackingLog -MessageId <MessageID>
Search By Time Window
Get-MessageTrackingLog -ResultSize Unlimited -Start "3/28/2015 8:00AM" -End "3/28/2015 5:00PM" -EventId "Fail" -Sender "mailto:pat@contoso.com"
Search By Message EventID
Get-MessageTrackingLog -ResultSize Unlimited -EventId "Fail"
Multiple Example – Time Window & EventID & Sender
The various elements can be combined to filter out unwanted results.
Get-MessageTrackingLog -ResultSize Unlimited -Start "3/28/2015 8:00AM" -End "3/28/2015 5:00PM" -EventId "Fail" -Sender "pat@contoso.com"
Get All Messages In the Last Hour
Note that AddHours is used with a negative value to move the search window back an hour.
Get-MessageTrackingLog -Sender administrator@contoso.com -Server (Get-Date).AddHours(-1)
Export to CSV
If you are an Excel black belt, it is possible to export the search results to a CSV file for subsequent analysis in Excel.
Get-MessageTrackingLog | Export-CSV –path C:\temp\tracking.csv –NoTypeInformation
Get-MessageTrackingLog | select @{Name="RecipientsXX";Expression={$_.Recipients}}
Measure Execution Time
Measure-Command {Get-TransportServer | Get-MessageTrackingLog -MessageSubject "zorg" -ResultSize unlimited}
Search GUI For Exchange 2013/2016
As noted at the start of this post there is no longer a Message Tracking log Explorer tool in Exchange 2013 or 2016. What we can do is to craft the desired search command using one of the above examples and then use native PowerShell functionality to display the results in a UI.
This is the Out-GridView which has been present in PowerShell for many, many, many years.
As a simple example:
Get-MessageTrackingLog | Out-GridView
Note that we can click on the columns to sort, in addition to adding criteria.
Cheers,
Rhoderick
I want bozos my husband
hi, cool article, thank you
when i do : Get-MessageTrackingLog | Export-CSV –path C:\temp\tracking.csv –NoTypeInformation
i get a lot of information, not just the information i need. how can i filter data out of the csv? for example servername
thank you
Hey,
Do all of that before your pipe to Export CSV. For example:
Get-MessageTrackingLog -Sender administrator@contoso.com -Server (Get-Date).AddHours(-1)
Also, the last example at the bottom of the post uses Out-GridView - that is really handy to sort and look at data.
Cheers,
Rhoderick