Run Exchange Online Message Trace using PowerShell
In this article you will find Office 365 Message Trace PowerShell commands. How will learn how to run Exchange Online message trace using PowerShell. We will discuss all the possible scenarios in message trace and utilize the PowerShell commands for our scenarios.
Table of Contents
Office 365 Message Trace PowerShell commands
Exchange Online Message Trace allows administrators to track the delivery of email messages within their organization. It provides detailed information about the path an email took as it traveled through the Exchange Online environment, including delivery status, sender and recipient information, and timestamps.
Office 365 Message Trace PowerShell commands provide administrators with powerful tools to perform message trace operations programmatically through PowerShell. These commands allow for efficient and flexible management of email delivery and tracking within the Office 365 environment.
To run message trace using PowerShell for less than 10 days, we use below 2 PowerShell commands:
Get-MessageTrace: This command is used to trace emails as they pass through the cloud-based organization.
Get-MessageTraceDetail: view the message trace event details for a specific message. This command return detailed information of the message trace.
If your requirement is to run message trace using PowerShell for more than 10 days, use Start-HistoricalSearch command.
Connect to Exchange Online PowerShell
Before you run below PowerShell commands, you need to connect to Exchange Online module. Open Windows PowerShell as administrator and run below commands one by one:
Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnlineRun message trace for specific date range
In this example, we will run message trace for specific date range. To achieve this we will use StartDate and EndDate parameters as shown below:
Get-MessageTrace -StartDate "mm/dd/yyyy" -EndDate "mm/dd/yyyy"Important: StartDate and EndDate parameters will have value in the format of MM/DD/YYYY.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/08/2024"Find emails from a specific IP address
In this example, we will find the emails those are sent from a specific IP address. To achieve this we will use date range along with FromIP parameter which is the public IP address of the SMTP email server that sent the email.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/08/2024" -FromIP "142.0.166.150"If you want to find emails those were sent to a particular IP address from your organization, run below PowerShell command:
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/08/2024" -ToIP "10.10.10.10"Run message trace by subject of emails
In this example, we will run message trace using PowerShell and will find the emails with subject “Automatic Reply”.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/08/2024" | Where-Object {$_.Subject -match "Automatic reply"}Run message trace for a specific recipient of your organization
In this example we will run message trace for a specific recipient (internal). To achieve this we will use RecipientAddress parameter along with date range.
Get-MessageTrace -RecipientAddress "[email protected]" -StartDate "03/30/2024" -EndDate "04/08/2024"Run message trace for a specific sender of your organization
In this example we will run message trace for a specific sender (internal). To achieve this we will use SenderAddress parameter along with date range.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -SenderAddress "[email protected]"Run message trace for sender and recipient
In this example we will run message trace for a particular sender and recipient. To achieve this we will use RecipientAddress and SenderAddress parameters along with date range.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -SenderAddress "[email protected]" -RecipientAddress "[email protected]"Run message trace for all users (recipients) of a domain
In this example we will run message trace for all users of a domain. We will run message trace using wildcard as shown below:
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -RecipientAddress "*@office365concepts.com"Run message trace for all users (senders) of a domain
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -SenderAddress "*@office365concepts.com"Find emails with delivery status as Delivered
In this example, we will run message trace using PowerShell to find the emails in a date range those were successfully delivered.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -Status "Delivered"Find emails with delivery status as Failed
In this example, we will run message trace using PowerShell to find the emails in a date range those were failed to deliver.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -Status "Failed"Find emails with delivery status as Getting Status
In this example, we will run message trace using PowerShell to find the emails in a date range whose delivery status is GettingStatus.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -Status "GettingStatus"Find emails with delivery status as FilteredAsSpam
In this example, we will run message trace using PowerShell to find the emails in a date range those were marked as Spam.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -Status "FilteredAsSpam"Find emails with delivery status as Expanded
The “Expanded” status in email tracking typically refers to a distribution group that has been expanded to show its individual members. When an email is sent to a distribution group, Exchange expands the group to display all the individual recipients who are members of that group. This expansion occurs before the email is delivered to the recipient’s mailboxes.
To find emails with status Expanded, run below PowerShell command:
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -Status "Expanded"If you want to find the users for whom the email was expanded, run below PowerShell command to get the message Id of the email:
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -Status "Expanded" | Select-Object MessageIDNext, copy the message id and paste it in below PowerShell command and run it to see the users for whom the distribution list was expanded, and to whom the email was delivered.
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -MessageId "<PN3P287MB0752EE2645C68F66245B2AE0A2002@PN3P287MB0752.INDP287.PROD.OUTLOOK.COM>"Run message trace using Message ID of email
The Message ID (Message Identifier) is a unique identifier assigned to each email message. It serves as a unique reference for that particular email within the Exchange environment. The Message ID is crucial for tracking, managing, and troubleshooting email messages.
To find an email with Message ID, run below PowerShell command:
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" -MessageId "<c99017320b2842d6bebde94e1543d6e4@177775138>"Find events information of an email using PowerShell
In this example, we will use PowerShell to find events information of an email. To achieve this we will use Get-MessageTraceDetail PowerShell command along with Message Trace ID and RecipientAddress parameters.
To find Message Trace ID and RecipientAddress of an email, run below PowerShell command:
Get-MessageTrace -StartDate "03/30/2024" -EndDate "04/09/2024" | Select-Object Subject,MessageTraceID,RecipientAddressCopy Message Trace ID and RecipientAddress and paste it in below PowerShell command and run it:
Get-MessageTraceDetail -MessageTraceId "1f92dfe2-34fb-4be5-e3f5-08dc57dc0f37" -RecipientAddress "[email protected]"Conclusion
In this article you learnt about Office 365 Message Trace PowerShell commands. You might like our other articles on Run Extended Message Trace using PowerShell and EAC and How to analyze email header.
If you found this article helpful and informative, please share it within your community and do not forget to share your feedback in the comments below.
Join us on YouTube for the latest videos on Cloud technology and join our Newsletter for the early access of the articles and updates.
Happy Scripting!!