Hi everybody.
I had been tasked with tracking down a user's emails.
I ran a script in powershell to export data I could work with.
For some reason this particular user's emails in this time range do not show up as the EVENTID "SEND".
They also do not have a Byte Count nor a list of recipients.
They only seem to show up as "SUBMIT"
Apparently this user has been sending out emails with a large amount of BCCs.
Is there any way to actually see this activity? Why would it be showing up as SUBMIT and not SEND? Why won't it show any recipients or byte count?
Here is my example script.
Get-MessageTrackingLog -ResultSize Unlimited -Server "contoso-ex1" -Start "5/1/2014 12:01:00 AM" -End "5/8/2014 6:40:00 PM" | Select Sender,{$_.Recipients},{$_.RecipientStatus},MessageSubject,TimeStamp, EventId, Source,SourceContext,MessageId,InternalMessageId,ClientIP,ClientHostName,ServerIP,ServerHostName,ConnectorId,TotalBytes,RecipientCount,RelatedRecipientAddress,Reference,ReturnPath,MessageInfo | Export-Csv .\MessageTrackingLog.csv
Please note that only this one user's emails are showing only as SUBMIT. The rest are mostly SEND.
MCSE 2003, Exchange. MCTS Vista, 7. Administrator of awful, neglected website http://timssims.net