Exchange 2010 BCC Email Recipient Email Trace
Hi... One of our employee have send an email and have added certain email groups in BCC - we would like to trace from Exchange 2010 - how can we trace that this user have send email to BCC users. I tried Exchange toolkit message tracking but couldn't able to find - i could only see email send (TO) Even through Outlook 2010 email header i couldn't Kindly assist... Thanks
July 22nd, 2012 9:12am
Hi, You may use a cmdlet like Get-MessageTrackingLog -Start "MM/DD/YYYY 6:00AM" -End "MM/DD/YYYY 6:00PM" -Sender bccuser@domian.com -EventId RECEIVE > C:\BCC.txt Then, search for the text bcc in the text. If user sends a BCC message, RecipientStatus field will have bcc valueRegards from www.windowsadmin.info | www.blog.windowsadmin.info
Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2012 10:11am
Hi, You may use a cmdlet like Get-MessageTrackingLog -Start "MM/DD/YYYY 6:00AM" -End "MM/DD/YYYY 6:00PM" -Sender bccuser@domian.com -EventId RECEIVE > C:\BCC.txt Then, search for the text bcc in the text. If user sends a BCC message, RecipientStatus field will have bcc valueRegards from www.windowsadmin.info | www.blog.windowsadmin.info
July 22nd, 2012 10:17am
Hello, Please use journal rules to trace the user who have sent email to BCC users. Best Regards, Lisa
Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 2:28am
Hello, Please use journal rules to trace the user who have sent email to BCC users. Best Regards, Lisa
July 23rd, 2012 2:30am
Try this cmdlet: Get-ExchangeServer | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq $true}| Get-MessageTrackingLog -Sender test@domain.com.br -Start "8/09/2012 2:00PM" -End "8/09/2012 6:00PM" | fl > Output.txt Please note in "Recipients" field we have 2 recipients and "RecipientStatus" shows "To" and "BCC" respectively: RunspaceId : 7e8be518-b174-411a-be4e-1358805e8066 Timestamp : 8/09/2012 2:31:03 PM ClientIp : 10.10.10.10 ClientHostname : SERVER01.domain.local ServerIp : 20.20.20.20 ServerHostname : SERVER01 SourceContext : 08CEEAC4B47B3415 ConnectorId : Source : STOREDRIVER EventId : RECEIVE InternalMessageId : 27201680 MessageId : <90F14C16A6187A438A2D3907556R63080DFC179D@server> Recipients : {gr@domain2.com.br, financeiro@domain.com.br} RecipientStatus : {To, BCC}Marcelo Lagden
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2012 9:50am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics