I am going to get right to it today. I really don’t like Microsoft Exchange. I think it is a bloated, convoluted, over-priced product. Welcome to being a Microsoft admin :).
I was recently tasked with doing a bit of investigative work on an Exchange server and determining what all was using the box for mail services. To that end, I needed to answer two questions…
What mailboxes are currently in use?
What is currently using this machine as an SMTP server to send mail out?
Below I am going to provide the powershell commands I had to figure out which helped me answer those questions.
Off to the races, create a new function:
{
$mailboxes = @($input)
$HTServers = @()
Get-ExchangeServer | ? { `
($_.AdminDisplayVersion.Major -eq "15" -and $_.ServerRole -match "Mailbox") -or `
($_.AdminDisplayVersion.Major -eq "8" -and $_.ServerRole -match "HubTransport") -or `
($_.AdminDisplayVersion.Major -eq "14" -and $_.ServerRole -match "HubTransport") `
} | % {$HTServers += $_.Name}
$MessageTrackingLog = @()
foreach($HTServer in $HTServers)
{
$MessageTrackingLog += Get-MessageTrackingLog -ResultSize Unlimited -Server $HTServer
}
$CSV = @()
foreach ($mailbox in $mailboxes)
{
$LastEmailReceived = ($MessageTrackingLog | ? {$_.Recipients -match $mailbox.WindowsEmailAddress} | sort TimeStamp -Descending | select -First 1).TimeStamp
$CSVLine = New-Object System.Object
$CSVLine | Add-Member -Type NoteProperty -Name DisplayName -Value $mailbox.DisplayName
$CSVLine | Add-Member -Type NoteProperty -Name LastEmailReceived -Value $LastEmailReceived
$CSV += $CSVLine
}
$CSV
}
Copy and paste the above into your Exchange Powershell Console to create a new function called “Get-LastReceivedEmail”. This function gets the last received email date for a mailbox.
All credit for this function goes to this awesome person: http://markgossa.blogspot.com/2015/12/get-mailbox-last-received-email.html
After you paste it in, hit the enter key twice. Your new function is created…
Now you can run this command (change the location of the output file to something on your exch server):
What you will get is a table with all of your mailboxes listed on the left and the last time they received an email on the right. Anything that is blank on the right indicates the box has either never received an email or the last time it did was so long ago that there is no longer a log of it.
Great, question 1 answered.
As a bonus, if you want to get the total size of all of the mailboxes on your server:
Now onto the next…. what is sending mail through my email server?
Modify the date range on the above as needed. You may also want to change the out-string -width number value if your table looks ugly. I dropped a few columns from the output (like date/time sent) because I didn’t care about them.
That left me with a lot of duplicate sending email addresses/users which was a pain to sift through so a variation on the command is this:
In this case we are only collecting one field, the “sender”, then we sort this field so all of the same entries are grouped together, finally we use the Unique flag to get rid of all duplicates and then spit it out to a text file.
Now I have a nice clean list of all of the active sending addresses that are pushing mail through my server which answers question two.
Conclusion:
It took me a long time to piece together different articles and answers on stack overflow to put together the above. I failed to write an article the first time I started working on this project which resulted in a lot of re-work to look up the commands I needed to pull the information again. Hopefully the above will save you a bit of time and headache.
Cheers and good luck!