indented-automation · September 12, 2024 14:11
diff --git a/MessageTraceSearch.ps1 b/MessageTraceSearch.ps1
 # Written for Spadam22

 # Define some log search intervals.
 # Steart from today as the end date for the search
 $end = Get-Date
 $start = $end.AddDays(-10)

 # Create a lookup table for groups
 $groups = @{}
 # Find all groups, and for each group
 foreach ($group in Get-DistributionGroup -ResultSize Unlimited) {
    # Get the primary SMTP address
    $mail = $group.PrimarySmtpAddress.ToString()

    # Create a custom object that has the group name, primary SMTP, and places to pust last received / sent.
    $groups[$mail] = [PSCustomObject]@{
        Name         = $group.Name
        Email        = $mail
        LastReceived = $null
        LastSent     = $null
    }
 }

 $splat = @{
    StartDate = $start
    EndDate   = $end
 }
 # Find all the groups we haven't got a LastReceived date for yet.
 $recipient = $groups.Values | Where-Object LastReceived -eq $null
 # If there are still some to find...
 if ($recipient) {
    # Get the message logs where any of the groups was the recipient.
    $recipientLog = Get-MessageTrace -RecipientAddress $recipient.Email @splat

    foreach ($entry in $recipientLog) {
        <#
            The log entry is assumed to have the receipient address in a property called RecipientAddress, and the time this was logged
            or the message was received in Timestamp.

            First find the group entry that corresponds to this log entry.
        #>
        $group = $groups[$entry.RecipientAddress]

        # Then check if the LastReceived property should be updated because there's no current date, or the date is older than this log entry.
        if (-not $group.LastReceived -or $group.LastReceived -lt $entry.Timestamp) {
            # Store the new LastReceived date for this group
            $group.LastReceived = $entry.Timestamp
        }
    }
 }

 # Find all the groups we haven't got a LastSent date for yet.
 $sender = $groups.Values | Where-Object LastSent -eq $null
 if ($sender) {
    # Get the message logs where any of the groups was the sender.
    $senderLog = Get-MessageTrace -SenderAddress $sender.Email @splat

    foreach ($entry in $senderLog) {
        <#
            Same assumptions about the log format as the recipient log.

            First find the group entry that corresponds to this log entry.
        #>
        $group = $groups[$entry.SenderAddress]

        # Check if the LastSent property has not been set, or the date is older than the log entry.
        if (-not $group.LastSent -or $group.LastSent -lt $entry.Timestamp) {
            # Store the new LastSent date for this group.
            $group.LastSent = $entry.Timestamp
        }
    }
 }

 # These are the results.
 $groups.Values
 # You can also export them to CSV, excel, JSON, whatever.
 # $groups.Values | Export-Csv report.csv
	# Written for Spadam22

	# Define some log search intervals.
	# Steart from today as the end date for the search
	$end = Get-Date
	$start = $end.AddDays(-10)

	# Create a lookup table for groups
	$groups = @{}
	# Find all groups, and for each group
	foreach ($group in Get-DistributionGroup -ResultSize Unlimited) {
	# Get the primary SMTP address
	$mail = $group.PrimarySmtpAddress.ToString()

	# Create a custom object that has the group name, primary SMTP, and places to pust last received / sent.
	$groups[$mail] = [PSCustomObject]@{
	Name = $group.Name
	Email = $mail
	LastReceived = $null
	LastSent = $null
	}
	}

	$splat = @{
	StartDate = $start
	EndDate = $end
	}
	# Find all the groups we haven't got a LastReceived date for yet.
	$recipient = $groups.Values \| Where-Object LastReceived -eq $null
	# If there are still some to find...
	if ($recipient) {
	# Get the message logs where any of the groups was the recipient.
	$recipientLog = Get-MessageTrace -RecipientAddress $recipient.Email @splat

	foreach ($entry in $recipientLog) {
	<#
	The log entry is assumed to have the receipient address in a property called RecipientAddress, and the time this was logged
	or the message was received in Timestamp.

	First find the group entry that corresponds to this log entry.
	#>
	$group = $groups[$entry.RecipientAddress]

	# Then check if the LastReceived property should be updated because there's no current date, or the date is older than this log entry.
	if (-not $group.LastReceived -or $group.LastReceived -lt $entry.Timestamp) {
	# Store the new LastReceived date for this group
	$group.LastReceived = $entry.Timestamp
	}
	}
	}

	# Find all the groups we haven't got a LastSent date for yet.
	$sender = $groups.Values \| Where-Object LastSent -eq $null
	if ($sender) {
	# Get the message logs where any of the groups was the sender.
	$senderLog = Get-MessageTrace -SenderAddress $sender.Email @splat

	foreach ($entry in $senderLog) {
	<#
	Same assumptions about the log format as the recipient log.

	First find the group entry that corresponds to this log entry.
	#>
	$group = $groups[$entry.SenderAddress]

	# Check if the LastSent property has not been set, or the date is older than the log entry.
	if (-not $group.LastSent -or $group.LastSent -lt $entry.Timestamp) {
	# Store the new LastSent date for this group.
	$group.LastSent = $entry.Timestamp
	}
	}
	}

	# These are the results.
	$groups.Values
	# You can also export them to CSV, excel, JSON, whatever.
	# $groups.Values \| Export-Csv report.csv