Exchange 2010, from Exchange Management Shell
Get-MailboxDatabase | fl Name,EdbFilePath,LogFolderPath
and from Windows Explorer
C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\"nameofDatabase"
From the Exchange Command Shell
(Get-WinEvent -LogName Microsoft-Exchange-ManagedAvailability/* | % {[XML]$_.toXml()}).event.userData.eventXml| ?{$_.ActionID -like "*ForceReboot*"} | ft RequesterName
Above command will search for the "Microsoft-Exchange-ManagedAvailability" for a value like "force Reboot"
Increase diagnostic logging for Transport Server
Message tracking log
SMTP send/receive logs
Few Message tracking logs from msexchangeguru.com
Some of the Message Tracking cmdlets I use often:
To find Send Emails:
Get-MessageTrackingLog -resultsize unlimited -Start “06/01/2014 4:30:00 PM” -End “06/04/2014 5:17:00 PM” |where-object {$_.Recipients -like “*@contoso.com” -AND $_.EventId -eq “Send”} | where {$_.recipients -like “*@ contoso.com”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C:EmailAddress_Statistics_Send.csv”
Get-MessageTrackingLog -resultsize unlimited -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” |where-object {$_.EventId -eq “Send”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C: Dec2_Email_Statistics_Send.csv”
Get-Messagetrackinglog -Resultsize Unlimited | Where {$_.Sender -match “@contoso.com”} -EventID “Send” -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C: Dec2_Email_Statistics.csv”
To find Received Emails:
Get-MessageTrackingLog -resultsize unlimited -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” |where-object {$_.Recipients -like “*@ contoso.com” -AND $_.EventId -eq “RECEIVE”} | where {$_.recipients -like “*@contoso.com”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C:EmailAddress_Statistics_Receive.csv”
Get-MessageTrackingLog -resultsize unlimited -Start “12/02/2014 4:20:00 PM” -End “12/02/2014 07:30:00 PM” |where-object {$_.EventId -eq “RECEIVE”} | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C: Dec2_Email_Statistics_Receive.csv”
Get-MessageTrackingLog -resultsize unlimited |where {$_.MessageSubject -like “Win a Lottery”} >> “C:UsersusernameDesktopoutput.txt”
Get-MessageTrackingLog -resultsize unlimited -Start “6/3/2013 12:29:00 PM” -End “6/6/2013 12:39:00 PM” |where {$_.MessageSubject -like “Update your Social Security Number”} >> “C:UsersusernameDesktopoutput.txt”
Get-MessageTrackingLog -Server HUBServerName -resultsize unlimited |where-object {$_.Recipients -like “*@contoso.com” -AND $_.EventId -eq “Send”} | where {$_.recipients -like “*@contoso.com”} | ft EventId,Timestamp,Sender,recipients,MessageSubject,@{label=”size”;Expression={$_.Totalbytes/1mb}} >>c: @contoso_emails.csv
Get-Messagetrackinglog -Server HubServerName -resultsize unlimited -Sender “User@contoso.com” -EventID “SEND” -Start “5/10/2012 12:29:00 PM” -End “6/4/2012 12:39:00 PM” |ft Timestamp, Source, EventID, Recipients, MessageSubject, RecipientStatus, @{label=”size”;Expression={$_.Totalbytes/1mb}}
Get-Messagetrackinglog -Server HubServerName -resultsize unlimited -Start “12/01/2012 12:29:00 PM” -End “12/06/2012 12:39:00 PM” |where {$_.MessageSubject -like “Click Here to be SOX Compliant”} |ft Timestamp, Source, EventID, Recipients, MessageSubject, RecipientStatus, @{label=”size”;Expression={$_.Totalbytes/1mb}}
Domain based search: To find all emails from a specific domain in Exchange server
Get-MessageTrackingLog -Server hub1 -resultsize unlimited -Start “2/24/2013 12:29:00 AM” -End “2/26/2013 12:29:00 PM” |where-object {$_.Sender -match “contoso.com” -AND $_.EventId -eq “Receive”} | ft EventId,Timestamp,Sender,recipients,MessageSubject,@{label=”size”;Expression={$_.Totalbytes/1mb}}
Get-MessageTrackingLog -resultsize unlimited -Start “9/10/2014 12:29:00 PM” -End “9/12/2014 12:39:00 PM” |where {$_.MessageSubject -like “Pay off your Mortgage”} |fl Recipients, MessageSubject, Sender, ReturnPath, EventID
Get-Messagetrackinglog -Recipients:user@contoso.com -EventID “RECEIVE” -Start “05/25/2014 4:30:00 PM” -End “05/30/2014 5:17:00 PM”
Get-Messagetrackinglog -Recipients:user@contoso.com -EventID “RECEIVE” -Start “05/25/2014 4:30:00 PM” -End “05/30/2014 5:17:00 PM” | Select @{Name=’Recipients';Expression={[string]::join(“;”, ($_.Recipients))}}, Sender, EventId, Timestamp, Source, MessageSubject | Export-CSV “C:EmailAddress_Statistics_forUser.csv”