Home » Exchange Server 2010 » Message Tracking in Exchange Server 2010/2013


Message Tracking in Exchange Server 2010/2013

Today let’s discuss about Message Tracking in detail, I was breaking my head searching logs for tracking messages.


Thought this might help Administrators to easily Enable or Disable but also Tracking the messages.


First we’ll discuss Enabling or Disabling this feature later we can discuss on how to track messages:


Enabling or Disabling Message Tracking


Under the Sever Configuration -> Hub Transport -> Right click on the server and click properties as shown below:




Click on Server properties -> Go to Log Settings




Put check mark on Enable this feature, if you want to disable uncheck the box as shown above.


Also this can be performed using PowerShell


To check this feature on the Exchange Hub Transport below is the command



Get-TransportServer | Select Name, MessageTrackingLogEnabled | ft -Auto




To check this feature in the Mailbox server below is the command



Get-MailboxServer | Select Name, MessageTrackingLogEnabled |ft -Auto




By default

Max Age 30 Days

MaxDirectorySize 1GB and this can be extended




As said the feature MaxDirectorySize can be extended based on your requirement using the command:

Now if you check Directorysize it will be shown as the size that you have set




Now let’s see how to find the messages. Messages can be searched using Exchange Management Console (EMC) or Exchange Management Shell (EMS)


Exchange Management Console:


Open EMC -> Toolbox ->




Click Tracking Log Explorer for tracking messages to granular level as shown below:




Now let’s track the messages using Exchange Management Shell




The above message can be executed




Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true} | Get-MessageTrackingLog -MessageId “da18339e-8151-4ff3-aeea-87ccf5fc9796@techrid.com” | Select-Object Timestamp,ServerHostname,ClientHostname,Source,EventId,Recipients | Sort-Object -Property Timestamp


The above syntax needs to be changed based on your requirement


Let’s go ahead message tracking user level using PowerShell commands:


Find messages by sender:


Get-MessageTrackingLog -sender “peppili@techrid.com”


Find messages by recipient:


Get-MessageTrackingLog -recipients “peppili@techrid.com”


Messages received or messages delivered to the mailbox:


You can further separate these by message received:


Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID RECEIVE


Messages delivered to the mailbox


Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER


Start and End date/time:


To further constrain these by Start and End times:


Get-MessageTrackingLog -sender peppili@techrid.com -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM”


Formatting output


To show only selected fields, you can pipe the output to the Select-Object command, and specify the fields required. Here we want the timestamp, recipients, and subject fields:


Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM” | Select timestamp,recipients,messagesubject


To get all fields from a message in a list format, you can pipe the output into a fl (format list).


By default, the Get-MessageTrackingLog command returns up to 1000 results. This can be hard to work with in a command screen that keeps scrolling endlessly. In addition to the above parameters used to filter the logs, you can also restrict the number of results returned using the ResultSize parameter.


Get-MessageTrackingLog -sender “peppili@techrid.com” -eventID DELIVER -Start “6/30/2015 01:00PM” -End “6/30/2015 03:00PM” -ResultSize 25


For Message tracking rather using EMC Tool using EMS will be much faster.


Tracking Messages sent to Distribution List


Most of the times situations come where administrators need to track messages sent to DL


Here below command might useful to track messages sent to DL




Note: No emails sent as it’s my Lab environment :).


Here we can also use the switch “-Autosize” even export to csv file as shown below:


Get-MessageTrackingLog -Start 06/29/2015 -EventID Expand | ft Timestamp,RelatedRecipientAddress -Autosize >C:\Message.csv


If we want to know how many messages received to that DL, this can be done by using small parameter as “Group-Object”




Messages sent to particular DL


Get-MessageTrackingLog -EventID Expand | ? {$_.RelatedRecipientAddress -like “IT-Helpdesk@contoso.com”} | ft Timestamp,Sender,MessageSubject -Autosize



Tracking Messages by Subject


Another good thing is here we can use “-MessageSubject” parameter while tracking messages. First we need to make sure that if this option is Enabled or not if not we can Enable this


So to check this feature run the command


Get-TransportServer | select name,*subject* | ft -auto




If it’s not Enabled you need to run the command as Set-TransportServer


Once after Enabling this you can Search the Message using “-MessageSubject”




Now let’s Track messages with EventID using PowerShell


Small Command


Get-MessageTrackingLog -ResultSize Unlimited | Group-Object -Property:EventId | Sort-Object Count -Desc | Select Name,Count






Great from this we have learnt Message tracking using EMC and EMS.



For More Info :

Search Message Tracking

Message Tracking in Exchange-2003-2007-2010.aspx




MCTS,MCITP | Exchange Server

Leave a comment