Unfortunately the Exchange Management Console does not allow use of
wildcard values for things like senders and recipients. These need to be
specific user or list of users. However you can search these logs for
wildcard values using the Exchange Management Shell.
Here are two
examples to search for any user at example.com. These will output the
results to a text file for easier viewing. Make sure to update the date
ranges and domain name as needed.
Search for messages sent TO any users at example.com:
Get-MessageTrackingLog
-ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" |
where{$_.recipients -like "*@example.com"} | select-object
Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients}
| export-csv C:\ExchangeLogResults.txt
Search for messages sent FROM users at example.com:
Get-MessageTrackingLog
-ResultSize Unlimited -Start "5/1/2011" -End "5/12/2011" |
where{$_.sender -like "*@example.com"} | select-object
Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients}
| export-csv C:\ExchangeLogResults.txt
This information applies to Exchange 2003, 2007, and 2010.
No comments:
Post a Comment