Message Tracking by Subject

  • Article

This post talks about how we can do Message Tracking by Subject line

Let's talk about a scenario where we want to message tracking using Subject line. We don’t want to search using any other means like Message ID or Recipient information. We are trying to achieve this in Office 365 environment where we have more than 20K users

Points to ponder upon:

================

* We can do message tracking using Message ID, sender, recipient, .. etc, but there is no direct way in GUI or Powershell to track the message using Subject.

* Historical search requires us to specify sender or recipient information

* We can use eDiscovery, but as of now we have a hard limit of 10 K mailboxes which eDiscovery searches, so we had to (not so simple!!! )

Get all the users

Divide them to 10k Batches

Run the Discovery search

Collate information from all the searches

Not at all easy or state forward :)

 

* We can use Search-Mailbox command, use that in a loop to search all mailboxes.

Since we have 20K + mailboxes this search would take a lot of time to complete

Even though we might need to trace only specific period i.e.. eg Last 2 days, last 5 hours this search will perform a search for entire mailbox

Since it runs continuously for a long time we need to introduce Sleep in powershell to avoid throttling. This would further introduce delay

* We can run the below command to get the required results (This won't work in our scenario as we have 20 K users)

Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -Page $c | Where {$_.Subject -like "*example*"} | ft -Wrap

 

* When we have huge number of users we will not get the required results as our environment would produce extremely huge number of results which spanned multiple pages. By default only 1000 items will be present in a page and only the first page will be displayed.

We can increase the number of items to be displayed to 5000, using the below command, still you might not get the required result if the output spans multiple pages.

Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -PageSize 5000 | Where {$_.Subject -like "*example*"} | ft -Wrap

Resolution

========

Created a below script to resolve the issue

$dateEnd = get-date # Get current date

$dateStart = $dateEnd.AddHours(-10) # Minus number of hours from the current time you want to include in search

for($c=1;$c -lt 1001; $c++) # For loop goes for 1000 iterations as Maximum number of pages there could be 1000

  {

    if((Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -PageSize 5000 -Page $c).count -gt 0)             

# If the current page we pulled has some entries, then enter the loop and search for Subject name

{

  Get-MessageTrace -StartDate $dateStart -EndDate $dateEnd -PageSize 5000 -Page $c | Where {$_.Subject -like "*example*"} | ft -Wrap

}

else

   {break;}

}  

 Note: We can copy the results to a file, but not so easy and straight forward.