Run Extended Message Trace using PowerShell and EAC

In this article you will learn how to run extended message trace in Office 365 using PowerShell and Exchange Admin Center (EAC). You will also learn how to export extended message trace report to CSV file, and how to read extended message trace report.

Watch video

Watch this video that demonstrates step by step how to run Message Trace in Exchange Online.

What is Extended Message Trace (EMT)

An extended message trace is a detailed report that provides comprehensive information about the delivery path of an email message. It goes beyond the basic details shown in a standard message trace. A standard message trace offers basic details like sender, recipient, date, subject, and delivery status. An extended message trace dives deeper, revealing hops the email took between servers, timestamps for each stage, and potential reasons (NDR Error Codes) for delivery failures.

How to run Extended Message Trace in Exchange Admin Center

To run Extended Message Trace (EMT), go to Exchange Admin Center, expand Mail Flow, click Message trace, and click Start a trace.

run message trace in exchange online

On the New Message Trace page, select Time Range for more than 10 days.

select time range in message trace

Important: To download Extended Message Trace report in CSV file, you need to select time range for more than 10 days.

Specify the sender and recipient, or a Message ID, under Report type select Extended report, and click Next.

download extended report in message trace

On the Prepare message trace report page, type a name for the report under Report title, add an email address to which the report will be sent once it is prepared, and click Prepare report.

prepare message trace report
Download message trace report

To download message trace report, on the Message trace page, click Downloadable reports, and click the report as shown below:

download message trace report

On the next page, click Download the report.

emt report download

You will also receive an email on the email address provided while running Extended Message Trace report as shown below from where you can download the extended message trace report.

emt email notification

Extended Message Trace PowerShell commands

To run extended message trace using PowerShell, we will use Start-HistoricalSearch and Get-HistoricalSearch commands.

Run Extended Message Trace using Message ID

To run extended message trace report using Message ID, we will specify the ReportType, Message ID, StartDate, and EndDate parameters.

Important: The ReportType parameter of Start-HistoricalSearch PowerShell command has 2 parameters for message trace as MessageTrace and MessageTraceDetail. If you want to download an extended message trace report, use MessageTraceDetail, and if you want to download enhanced message trace report, use Messagetrace under ReportType.

PowerShell
Start-HistoricalSearch -ReportTitle "Report Name" -ReportType MessageTraceDetail -MessageID "Type message ID" -StartDate "mm/dd/yyyy" -EndDate "mm/dd/yyyy" -NotifyAddress "email address to send report"

The actual command will look like below:

PowerShell
Start-HistoricalSearch -ReportTitle "EMT Report1" -ReportType MessageTraceDetail -MessageID "<4aee85529ac94b06bbf8c6e87ab54c67@177775138>" -StartDate "03/25/2024" -EndDate "04/08/2024" -NotifyAddress "[email protected]"

The above command will start an extended message trace job as shown below. Initially the report status will show as Not Started.

message trace report powershell

To check extended message trace report status, run below PowerShell command:

PowerShell
Get-HistoricalSearch

The above command will list all the message trace reports as shown below:

Get-HistoricalSearch

You can also find the extended message trace report in Exchange Admin Center and download it once status is changed to Complete.

download message trace report in exchange admin center
Run Extended Message Trace using Sender and Recipient

In this example we will run extended message trace report using sender and recipient email address.

PowerShell
Start-HistoricalSearch -ReportTitle "EMT Report2" -SenderAddress "[email protected]" -RecipientAddress "[email protected]" -ReportType MessageTraceDetail -StartDate "03/25/2024" -EndDate "04/08/2024" -NotifyAddress "[email protected]"
Run Extended Message Trace for all users in a specific domain

In this example we will run a message trace by adding all users of office365concepts.com domain in Senders field.

PowerShell
Start-HistoricalSearch -ReportTitle "EMT Report All Users" -SenderAddress "*office365concepts.com" -ReportType MessageTraceDetail -StartDate 03/25/2024 -EndDate 04/08/2024 -NotifyAddress "[email protected]"

How to read Extended Message Trace (EMT)

To learn how to read extended message trace report, please watch this video on our YouTube channel.

Conclusion

In this article you learnt how to run extended message trace using Exchange Admin Center and PowerShell. You might like our other articles on How to analyze email header, and Exchange Online Protection (EOP) architecture.

If you found this article helpful and informative, please share it within your community and do not forget to share your feedback in the comments below. Join us on YouTube for the latest videos on the Cloud technology and join our Newsletter for the early access of the articles and updates.

Happy Learning!!