How to generate a message trace with more than 5000 lines in PowerShell

Applies to: Exchange Online, Exchange Online Protection.

This scenario is addressed to companies that generate high mail flows or use multiple applications to relay emails.

Many admins are at some point facing a situation where analyzing a complex transport scenario is needed, this being translated into generating lengthy message traces.

 

The purpose of this article is to help Office 365 administrators generate message trace CSVs that contain more than 5000 lines each.

 

 

Microsoft documented the limitation of the 5000 results in a message trace in the following TechNet article: https://technet.microsoft.com/en-us/library/jj200712(v=exchg.150).aspx

 

The following script is using the parameters: “-Page” and “-PageSize” to go around this 5000 limitation:

Page Optional System.Int32 The Page parameter specifies the page number of the results you want to view. Valid input for this parameter is an integer between 1 and 1000. The default value is 1.
PageSize Optional System.Int32 The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an integer between 1 and 5000. The default value is 1000.

https://technet.microsoft.com/en-us/library/jj200704(v=exchg.160).aspx

 

By declaring the -PageSize to the maximum allowed value of 5000 and using the parameter -Page we force the trace generation to move to another page, incrementally, once the 5000 lines are filled with data.

 

DISCLAIMER : This application is a sample application. The sample is provided "as is" without warranty of any kind. Microsoft further disclaims all implied warranties including without limitation any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the samples remains with you. in no event, shall Microsoft or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss arising out of the use of or inability to use the samples, even if Microsoft has been advised of the possibility of such damages. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

Before running the below script, you must meet the following prerequisites:

Global Admin permissions on Exchange Online.

PowerShell access to the Office 365 tenant.

 $cred = Get-Credential$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirectionImport-PSSession $Session Start-Transcript -Path C:\temp\Transcript.txt -Force $index = 1while ($index -le 1001){Get-MessageTrace -StartDate 08/28/2017 -EndDate 09/1/2017 -PageSize 5000 -Page $index | export-csv c:\temp\test.csv -Append$index ++sleep 5}Stop-Transcript

The same logic applies to Get-MessageTraceDetailed : https://technet.microsoft.com/en-us/library/jj200681(v=exchg.160).aspx

In addition to this sample transcript you can use all the parameters accepted by the Get-MessageTrace Get-MessageTraceDetailed cmdlets.