0
votes

I'm trying to do a search through our Exchange 2007 system for all emails from 8 different domains.

So far I've managed to get this working:

Get-MessageTrackingLog -ResultSize Unlimited -Start "01/01/2014" -End "19/06/2014" | where{$.sender -like "*@example.com"} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$.Recipients} | export-csv C:\ExchangeLogResults.txt

But what I'd like is to be able to change the "where" clause to something like a get-content, eg:

Get-MessageTrackingLog -ResultSize Unlimited -Start "01/01/2014" -End "19/06/2014" | where{$_.sender -like (get-content .\list_of_domains.txt)} | select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} | export-csv C:\temp\ExchangeLogResults.txt

With the list_of_domains.txt having the list of domains that I'm interested in.

When I run the second script I don't get any results, but when I run the single wildcarded domain I get loads.

Any thoughts?

Thanks

Andrew

1

1 Answers

0
votes

You can't use -like that way.

I do this kind of filtering by building a regex from the list of domains, and then using -match:

$DomainList = get-content .\list_of_domains.txt 

[regex]$dom_rgx = "`(?i)(?:" + (($DomainList |% {"@" + [regex]::escape($_)}) -join "|") + ")$"

Get-MessageTrackingLog -ResultSize Unlimited -Start "01/01/2014" -End "19/06/2014" |
 where{$_.sender -match $dom_rgx} | 
 select-object Timestamp,SourceContext,Source,EventId,MessageSubject,Sender,{$_.Recipients} |
 export-csv