Create Active Directory Exchange Reports with PowerShell. Microsoft Exchange is a popular email server software used by businesses and organizations worldwide. One of the key features of Exchange is the ability to generate reports on various aspects of the server and its usage. These reports provide valuable insights into the performance and health of the Exchange server, as well as the usage patterns of its users.
This article explores how to generate these reports using PowerShell, a powerful command line scripting language. We look at some common report types, the PowerShell cmdlets used to create them, and some best practices for working with PowerShell and Exchange. We should understand how to generate and work with Exchange reports in PowerShell by the end of this article.
Shall we start with Create Active Directory Exchange Reports with PowerShell.
Create Active Directory Exchange Reports with PowerShell
Also Read Deploy Azure AD Monitoring
Prerequisites
To run Exchange PowerShell commands, we need to meet the following prerequisites:
- We must have the appropriate permissions to run PowerShell commands on the Exchange server. Accessing these permissions typically means being a member of the Exchange Organization Management group or being assigned the proper roles and permissions.
- We must have the Exchange Management Shell installed on our computer. The Exchange Management Shell is a PowerShell module with cmdlets specifically designed to manage Exchange servers. Commonly, the Exchange Management Shell is built inside a Windows Server with Exchange services.
- Suppose we are to establish a remote PowerShell session with the Exchange server. This can be done using the Connect-ExchangeServer cmdlet, which allows us to connect to the server using our Exchange credentials.
- Alternatively, we import the Exchange Management Shell module into our PowerShell session. We import the module using the Import-Module cmdlet, followed by the module’s name.
Import-Module ExchangeManagementShell
Using the Get Mail Commands in PowerShell
The PowerShell Get-Mail cmdlet is a powerful tool for managing and working with email messages in Microsoft Exchange. It allows us to retrieve specific email messages or groups of notifications based on various criteria, such as sender, recipient, subject, or date range. In addition, we can use the Get-Mail cmdlet to view the details of individual messages or to export them to a file for further analysis.
Here are a few examples of the Get-Mail commands.
Generating an Email Traffic Report
All in all, email traffic reports generated by the Get-MailTrafficSummaryReport command assist us in analysing an organization’s email traffic by providing information such as the number of emails sent and received, the number of spams received and sent, malware, spoof emails, and so on.
Get-MailTrafficSummaryReport
The command above retrieves email traffic for the last seven (7) days by default. We can, however, recover the maximum of the previous 90 days’ email statistics report by using the -StartDate and -EndDate attributes. Here are a few examples:
Inbound and Outbound Email Traffic Report
Run the cmdlet with the –Direction parameter to get incoming and outgoing email traffic separately:
Get-MailTrafficSummaryReport –Direction Inbound –StartDate 6/13/22 -EndDate 6/15/22
The above snippet retrieves inbound email traffic statistics from June 13, 2022, to June 20, 2022.
We can do the same if we are viewing outbound traffic:
Get-MailTrafficSummaryReport –Direction Outbound
Accordingly, we can use the -EventType parameter values to determine what happened to messages after the service filtered them:
Get-MailTrafficSummaryReport –Direction Inbound –EventType GoodMail –StartDate 7/1/22 -EndDate 7/31/22
To learn about messages that were flagged as spoofed by anti spoofing software:
Get-MailTrafficSummaryReport –EventType SpoofMail
Please note that the output of the command will depend on the specific configuration of your Exchange Server and the mail traffic during the specified period.
Exchange Sent and Received Email Report
Additionally, administrators frequently want to know how many emails users send and receive. We can use the Get-MailTrafficTopReport cmdlet to view these email statistics. The cmdlet below displays the count of emails sent and received by users over the last 7 days:
Get-MailTrafficTopReport -EventType TopMailUser
View the number of emails users receive during the specified period.
Get-MailTrafficTopReport -EventType TopMailUser –Direction Inbound –StartDate 7/15/22 -EndDate 7/20/22
Also Read Try the Office 365 Reporting
Office 365 Mail Flow Status Report
Before using this command, ensure you are currently authenticated with a hybrid server converged to Office 365. Alternatively, you may connect and authenticate directly to Office 365 with the following command:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrl https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
The mail flow status report generated by the command Get-MailFlowStatusReport displays information about blocked incoming and outgoing emails by edge protection:
Get-MailFlowStatusReport | ft Date, EventType, MessageCount
Improve your Active Directory Security & Azure AD
Try us out for Free, Access to all features. – 200+ AD Report templates Available. Easily customise your own AD reports.
Also Read Deploy Office 365 User Reports
Generating an Email Protection Report
Above all, email Protection reports assist us in identifying spam and malware by Exchange Online Protection (EOP), as well as emails that match mail flow rules, DLP rules, and other criteria.
Office 365 Spam Reports
Altogether, the Get-MailDetailSpamReport command displays information about spam messages sent and received by our organization. The cmdlet displays a list of spam messages detected in the last ten (10) days.
Hence, Microsoft 365 rejects or marks emails sent from our organization as spam in some cases. Execute the following cmdlet to identify those emails:
Get-MailDetailSpamReport –Direction Outbound
Also, with anti-spam filters will sometimes classify good inbound emails as spam. The admin can white list a domain or specific address by checking those emails. To view inbound spam messages:
Get-MailDetailsSpamReport –Direction Inbound
To view spam sent by a specific user over a specified period by using the -StartDate and -EndDate parameters:
Get-MailDetailsSpamReport –SenderAddress marion@infrasos.com -StartDate 7/15/22 -EndDate 7/20/22
Run the cmdlet with RecipientAddress instead of SenderAddress to view spams received by a user.
Exchange Online Malware Reports
Next, the Get-MailDetailATPReport cmdlet assists in identifying emails containing malware. Run the cmdlet to see all malware sent and received in the last ten (10) days.
To view malware sent from our organization, we can use the following snippet below:
Get-MailDetailATPReport –Direction Outbound
In addition, we also list detected malware emails received by our organization if we use the Inbound direction instead:
Get-MailDetailATPReport –Direction Inbound
So, in order to view malware sent by specific users, use the -RecipientAddress parameter:
Get-MailDetailATPReport –RecipientAddress marion@infrasos.com
Identifying the Transport Rule
The PowerShell Get-MailDetailTranportRuleReport command displays information about messages that meet the conditions specified by any transport rules. The command shows the applied transport rule and the email details for the last ten (10) days.
The example below retrieves all messages sent by marion@infrasos.com that met the condition defined by the transport rule between July 15, 2021, and July 20, 2022:
Get-MailDetailTransportRuleReport -TransportRule r1 –StartDate 7/15/22 -EndDate 7/20/22 -SenderAddress marion@infrasos.com
The output below is an example of a transport rule report generated by the previous command:
Please, run the following cmdlet to identify emails and the Exchange transport rule redirecting the message to another email address:
Get-MailDetailTransportRuleReport –Action RedirectMessage
Monitor Emails Detected by DLP Policy
Most organizations configure Data Loss Prevention (DLP) policies to secure their confidential email data. We can use the cmdlet Get-MailDetailDLPPolicyReport to identify messages that match the conditions defined by DLP policies.
Get-MailDetailDLPPolicyReport
Also Read Use Office 365 Password Reports
Get Microsoft 365 Message Tracing Report
To monitor email flow, most administrators prefer message tracking. Message tracing gives administrators detailed information on messages sent, received, purged, and deleted. Among the details are:
- Sender address
- Recipient address
- Sent/received date
- Email Subject
- Email delivery status
- Email size
- Message trace id, etc.
- Source IP address
To get the trace report, we can run the Get-MessageTrace command. By default, the cmdlet retrieves the past 48 hours of data. We can retrieve the last ten (10) days’ data using the –StartDate and –EndDate parameters. We can use Start-HistoricalSearch and Get-HistoricalSearch cmdlets to search message data for more than ten days.
Basically, the example below retrieves trace information for messages sent by a particular user during the specified period:
Get-MessageTrace –SenderAddress marion@infrasos.com -StartDate 7/25/22 -EndDate 7/30/22
To export the message trace report to a CSV file:
Get-MessageTrace | Export-CSV -NoTypeInformation
We can send the output to the grid view if we want to filter the message trace details:
Get-MessageTrace | Out-GridView
The command above allows us to filter or narrow down the message trace details, such as
- Trace messages by subject,
- Message delivery statuses include delivered, failed, pending, expanded, quarantined, spam-filtered, and unknown
Thank you for reading Create Active Directory Exchange Reports with PowerShell. We shall conclude this article now.
Create Active Directory Exchange Reports with PowerShell Conclusion
In conclusion, Microsoft Exchange provides a wealth of information and insights about the performance and usage of our email server. By generating reports using PowerShell, we access this information to improve your Exchange server’s health and efficiency.
Whether we are system administrators or users, understanding how to generate and work with Exchange reports in PowerShell can be a valuable skill. By following the examples and best practices outlined in this article, we should be well on our way to mastering this powerful tool.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free
- Free 15-Days Trial
- Easy Setup
- Full Access to Enterprise Plan
Comments (6)
Ian Martin
June 19, 2023I’ve been running the ‘Get-MailTrafficSummaryReport’ command and if I run it for any date before 6th June 23 it returns data as expected however if I run it for any date after 6th it returns NO data (doesn’t give any errors just returns the prompt with no data) I’ve tried sender, recipient and spam category’s and its the same.
Interestingly I’ve just tried running this report:
Microsoft 365 Defender / Reports / Email & Collaboration / Top senders and recipients
If I use dates before 6th jun23 it shows a graph and returns data
Any date after the 6th Jun 23 empty graph and no data
So even the Microsoft website is showing the same missing data!
Anyone else seeing this?
Ian Martin
June 28, 2023Still nothing except a daily message from MS:
We are engaging with our next level team investigation still ongoing, once we get, we will connect with you.
Still, we haven’t proper update, once we had we will connect with you.
We are appreciating your patience.
Regards,
Sushma
Microsoft 365 Support Engineer
Can’t say I’m filled with confidence.
Ian Martin
July 14, 2023I’ve just had an email from MS saying the issue is now fixed. I have not had chance to check myself yet.
Ian Martin
July 17, 2023I am now getting results from the command however after spot checking a couple of users the results are not correct!
I also tried adding ‘-Domain ALL’ which increased some results and oddly decreased others!?
I have reported this back to MS.
Ian Martin
July 17, 2023MS are telling me I have to raise another case over the incorrect results!
Ian Martin
August 23, 2023Final response from Microsoft support it will not work for intra-org emails, only external emails!
Their response:
If you are trying to verify the sending mail data reports for the External senders, we will get the same results in Both Outlook applications and PowerShell outputs.
If you are trying to match the mail sending reports for Internal users will not get the same results, it’s still on the features on yet to developed from our Product team.
Currently the feature not available for users.
Please can you confirm with the customer if the email was sent within the organization? basically were they intra-org sent emails.
if that is the case, then the numbers won’t add up.
This feature still not released from Microsoft end. There is no ETA.