We had issue with meeting auto forward issue with Apple device bug that has apparently been fixed by the latest iOS 10.3.3. In order to figure out which client caused the auto forwarding, here is the tip that explains how to determine which type of email client sent a particular email:
The good news is that the Message Tracking Logs, as expected, records this information. Every email sent has a SourceContext property which contains, amongst other information, the ClientType used to send the email. The important thing is to check this property for SUBMIT events, i.e., when the Mailbox Transport Submission service passes the email to the Transport service (in other words, when Exchange picks up the email from the mailbox's outbox folder and passes it on for delivery).
Please note that this only applies to emails sent by internal users! There is no SUBMIT event when an external sender sends an email to an internal user, meaning there is no ClientType property for these emails.
To check a particular email, we can run something like the following cmdlet and look at the SourceContext field:
Get-TransportService | Get-MessageTrackingLog -ResultSize Unlimited -Start 07/28/2017 -EventID SUBMIT -Sender user@xyz.com -MessageSubject "subject of the message" | ft SourceContext -auto -wrap
the output is something like:
MDB:5f3ad20c-4f7c-4336-b90b-80713daf208f, Mailbox:58d5fcea-e4eb-4546-b11e-4553bee5db46, Event:220387198,
MessageClass:IPM.Note, CreationTime:2017-07-28T09:19:48.649Z, ClientType:AirSync
MessageClass:IPM.Note, CreationTime:2017-07-28T09:19:48.649Z, ClientType:AirSync
So it's the iPad's activesync caused the forwarding for our case...
Get-TransportService | Get-MessageTrackingLog -ResultSize Unlimited -Start 07/28/2017 -EventID SUBMIT -Sender user@xyz.com -MessageSubject "subject of the message" | ft SourceContext -auto -wrap This field will contain information like this:
MDB:34f3dc86-91bb-4ee7-a6a5-3d3ddc536050, Mailbox:a1de664f-9826-43a3-b9c8-3db019c86d8b, Event:29647741, MessageClass:IPM.Note, CreationTime:2017-07-28T07:17:14.922Z, ClientType:MOMT In this case, MOMT stands for MAPI on the Middle Tier, basically clients that connect using Outlook or any other application that connects using RPC/HTTP or MAPI/HTTP.
To count the number of emails sent using OWA for today, we can do something like:
To count the number of emails sent using OWA for today, we can do something like:
(Get-TransportService | Get-MessageTrackingLog -ResultSize Unlimited -Start 07/28/2017 -EventID SUBMIT | ? {$_.SourceContext -match "OWA"}).Count
No comments:
Post a Comment