Read time: 4 minutes

Summary: Are you looking to fetch specific information from Microsoft Exchange log? Then, the best method to retrieve such log messages is to run Get-MessageTrackingLog cmdlet in PowerShell. This blog will help you recover the mail you require from message logs in Exchange. However, in cases of EDB corruption, it’s better to use Kernel for Exchange Server software, which helps restore corrupt EDB data.

Free Download 100% Secure

The secure environment of the Exchange Server makes sure that a mailbox remains in a consistent state in which all the incoming and outgoing emails are put in their respective folders. Generally, a manager does not need to take care of individual emails or the mail flow. Still, they may require checking the message activity moving in the transport pipeline in rarer circumstances.

For the convenience of checking the mail flow, Exchange Server registers a message tracking log that is accessible through Exchange Management Shell. Organization with frequent flow of business communication utilizes message logs more for better run of operations.

Understanding the use of message logs

The Exchange Server for a business firm hosts various messages daily, some of which are crucial. So, the business administrator often wants to track a specific old message, which can be assessed through Exchange’s message log. So, you must adequately run Get-MessageTrackingLog cmdlet in the Exchange Management Shell (PowerShell).

It will provide the following information to you:

  • Learn what happened to an email message that a user delivered to a certain recipient.
  • Determine if a transport rule, sometimes referred to as a mail flow rule, affected a message.
  • Check to see if a message that was delivered through the Internet made it into your Exchange organization.
  • Find every message that was sent by a certain user during a given time frame.

    • Organizations tend to activate message logs for their Exchange Server to search for sent & received messages from past logs. However, several guidelines are crucial to follow to streamline the proper use of the Exchange message log feature as you need to run Get-MessageTrackingLog cmdlet in PowerShell. Find the essential factors of using message logs mentioned below:

Important points to remember before checking the message logs in Exchange

  1. The Administrator account must have additional permissions like Organization Management Role, Records Management Role, and Recipient Management.
  2. The Microsoft Exchange Transport Log Search service must be active to search the message tracking logs. You cannot run delivery reports or check the message tracking logs if you disable or terminate this service. However, disabling this service has no impact on Exchange’s other functions.
  3. The Get-MessageTrackingLog cmdlet cannot be used to search the message tracking log files copied from another Exchange server. Additionally, if you manually save an existing message tracking log file, the query logic that Exchange uses to search the message tracking logs is broken due to the change in the file’s date-time stamp.
  4. Message tracking logs on Exchange 2013 Mailbox servers and Exchange 2010 Hub Transport servers in the same Active Directory site may be searched using the Get-MessageTrackingLog cmdlet in Exchange 2016. The message tracking logs on Exchange 2016 and Exchange 2013 Mailbox servers inside the same Active Directory site may be searched using the Get-MessageTrackingLog cmdlet in Exchange 2019.

How to run Get-MessageTrackingLog cmdlet in Exchange Management Shell?

The process of searching for old information from Exchange Server using PowerShell requires proper execution. Once you have started the Exchange Management Shell as the Administrator, then you can run the Get-MessageTrackingLog in multiple ways.

  1. The basic usage of the cmdlet is the following-
    2. Get-MessageTrackingLog

    It will bring the first 1000 recent message log entries from the single server.

  2. For getting some specific entries from a specific time frame, you can input the cmdlet a little differently.
    3. Get-MessageTrackingLog -ResultSize Unlimited -Start “3/28/2015 8:00AM” -End “3/28/2015 5:00PM” – -Sender “tom@contoso.com”

    The results will bring a list of emails sent from the given sender between a start and end date.

  3. There are various events in Exchange that require a quick glance and you can check them using another cmdlet.
    4. Get-MessageTrackingLog [-Server <ServerIdentity>] [-ResultSize <Integer> | Unlimited] [-Start <DateTime>] [-End <DateTime>] [-EventId <EventId>] [-InternalMessageId <InternalMessageId>] [-MessageId <MessageId>] [-MessageSubject <Subject>] [-Recipients <RecipientAddress1,RecipientAddress2…>] [-Reference <Reference>] [-Sender <SenderAddress>

Practical usage of message tracking logs

To make the most of the Exchange message logs feature, you need to understand its helpful aspects of working. If you analyze your requirements & their benefits, then the execution will be more productive. Message tracking logs can play a good part in solving different purposes of a business that you must know before heading to run Get-MessageTrackingLog cmdlet:

  • Resolving email delivery issues : Message monitoring logs can provide you with information about why a message wasn’t delivered, if it arrived late, and more. Especially, it may create several issues like Exchange cannot open mailbox or show some specific errors.
  • Statistics : Every communication that passed via your servers is tracked in message tracking logs. How many messages were processed or who sent the most messages inside the firm are two examples of data that can be obtained relatively easily for analysis.
  • Forensics : Let’s say you don’t have an email backup, and someone deletes an email. Even worse, your rival firm received an email that included private information. Message monitoring logs can help you out in this situation by giving you some useful email-related information.
  • Litigation : Similar to the preceding circumstance When a message tracking record is needed as evidence in court, it is frequently employed.

What is an ultimate solution for EDB related issues?

Exchange Server deals with uncountable messages daily for which you can run Get-MessageTrackingLog cmdlet & find any one message quickly. But the chances of EDB file corruption are the most common & harmful issue that you can experience. Integrating a third-party reliable tool is suggested for cutting downtime & attaining faster solutions.
Kernel for Exchange Server is effective software with advanced features that help you quickly recover data from a corrupt EDB file. The Exchange recovery tool allows you to save the recovered EDB file to your preferred location, such as Outlook PST, Live Exchange Server, Office 365, etc.

The software can completely recover emails, contacts, calendars, notes, and other details. The lost items will be placed in their exact location where they were located before the deletion. Its functional process is adaptive enough to recover deleted mailbox in Exchange 2010 and newer versions alike.

Free Download 100% Secure

Conclusion

The above article helps you to handle situations when you are trying to look at the message tracking logs for deleted messages and checking the methods to recover them. In that case, you can also check the retention policies set for your organization. But the manual techniques to recover the deleted messages are not up to the mark. It would help if you used professional software Kernel for Exchange Server as mentioned above to recover deleted and corrupted items.

Kernel for Exchange Server
Related Posts
10 Best performing EDB to PST Converter software in 2024
10 Best performing EDB to PST Converter software in 2024
Simple error fixes: LDAP Server is unavailable
Simple error fixes: LDAP Server is unavailable
Resolve the issue “Exchange 2010 not sending large attachments”
Resolve the issue “Exchange 2010 not sending large attachments”