The Exchange server interface for examining message tracking logs forces you to put in one mailbox to search before you can do anything else.
If you need to find emails sent from one outside person to groups of users or all users on site then this interface doesnt really help.
Using powershell we can read the messagetracking logs and then expand and process them in any way we want.
By expanding the arrays and hashes lists in powershell we can have one flat CSV to analyse any way we want (excel data filters).
# # read the message tracking log (search by subject) $mylog=get-messagetrackinglog -MessageSubject "Message Subject I am looking for." -Server myexcgangeserver -ResultSize unlimited # can save that to a file for later processing. $mylog | Export-Clixml "MyLogsSaved01.xml" #
Now read that back and process it.
#
$MyLogs=Import-Clixml "MyLogsSaved01.xml"
#
# convert recipientemail which is an array of text elements to one text element
#
$m1= $MyLogs | Select-Object timestamp, eventid, sender, source, recipientcount, @{Name=“recipientemail”;Expression={$_.recipients }} , messagesubject , directionality, transporttraffictype , @{name="eventdata1";expression={$_.eventdata | foreach-object { "$($_.key)=$($_.value)"}}} , eventdata
#
# convert eventdata convert hash to one text element
#
$m2= $m1 |Select-Object timestamp, eventid, sender, source, recipientcount, recipientemail , @{Name=“EventDataNew”;Expression={$_.eventdata1 -join " - "}} , messagesubject , directionality, transporttraffictype
# save as CSV for import to excel
#
$m2 | export-csv "MyLogsSaved01.csv"
#
In Excel for my purposes I just needed to filter for DELIVER in the eventid and then copy the recipients emails to see who had received the particular message. some emails could have multiple recipients but in this case they didnt.
