Using Exchange MessageTracking with wildcards


Here are some field notes from a recent message tracking case.

If you have to find all messages from one certain domain, that have entered your Exchange environment, this is possible using Exchange Management Shell and the Get-MessageTrackingLog cmdlet.

Run the following:

Get-MessageTrackingLog -Server "ExchangeServerName" -Start "8/1/2011" -End "9/1/2011" -resultsize unlimited | where {$_.Sender -like *}

This works on Exchange 2007 and 2010.