在交換在線郵箱中搜索消息的一種絕佳方法是使用PowerShell。您可以將命令調整為自己的喜好,並獲得所需的結果。另外,將結果導出到CSV文件很棒,因此您可以在其中過濾。在本文中,您將學習如何使用PowerShell搜索電子郵件。
安裝Microsoft Graph PowerShell
運行Windows PowerShell作為管理員並安裝Microsoft Graph PowerShell。
Install-Module Microsoft.Graph -Force重要的:在運行CMDLET或腳本以防止錯誤和錯誤結果之前,請務必更新到最新的Microsoft Graph PowerShell模塊版本。
在Microsoft Entra中配置應用程序註冊
在運行命令或腳本之前,必須首先創建一個使用正確權限的應用程序註冊,並使用Microsoft Graph PowerShell進行身份驗證的客戶端秘密。
1。註冊新申請
在Microsoft Entra ID中註冊新應用程序:
- 登錄到微軟Entra管理中心
- 點擊身份>應用程序>應用程序註冊
- 點擊新註冊
- 命名申請搜索郵件
- 選擇僅此組織目錄中的帳戶(僅Exoip - 單人租戶)
- 點擊登記
應用程序搜索郵件已成功創建。複製下面的值並將其粘貼到記事本中,因為稍後將需要它們連接到Microsoft Graph PowerShell。
有關的:這是在Outlook中搜索電子郵件的方法|簡單的步驟
- 複製應用程序(客戶)ID
- 複製目錄(租戶)ID
2。分配API權限
為您在上一步中註冊的應用程序分配API權限:
- 點擊API許可
- 點擊添加權限
- 點擊Microsoft API
- 點擊Microsoft Graph
- 點擊申請許可
- 搜尋User.Read.All
- 選擇用戶> user.read.all
- 搜尋mail.read
- 選擇郵件>郵件
- 點擊添加權限
API許可成功添加。下一步是授予管理員同意。
3。授予管理員同意
您必須授予管理員同意,以獲取您在上一步中選擇的權限:
- 點擊授予管理員同意
- 點擊是的
- 綠色複選標記顯示您已成功授予管理員同意
4。創建客戶秘密
在Microsoft Entra註冊新應用程序,分配API權限並授予管理員同意後,您需要創建客戶端秘密。
要在Microsoft Entra ID中為您的應用程序創建客戶端秘密,請按照以下步驟:
- 點擊證書和秘密
- 點擊客戶秘密>新客戶秘密
- 類型描述
- 選擇一個截止日期
- 點擊添加
筆記:客戶秘密到期日期最多24個月(2年)。您始終可以使用PowerShell續訂Microsoft Entra ID中的客戶秘密。
- 複製客戶端秘密值並將其保存到記事本
用客戶秘密連接到Microsoft Graph PowerShell
您需要更改以下參數的值,以連接到MS Graph PowerShell,並使用客戶端秘密:
- 輸入應用客戶端ID價值第2行
- 輸入目錄租戶ID價值第3行
- 輸入客戶秘密價值價值第4行
在下面運行PowerShell腳本。
# Configuration
$ClientId = "c6787ff5-08ec-4e96-b4d2-1d1782303310"
$TenantId = "eb403171-a4ec-4d98-a08f-1876318c9deb"
$ClientSecret = "6_q8Q~X9e-fjwWhVVP_WWx~ua4JMI.BWkI7Q7b7B"
# Convert the client secret to a secure string
$ClientSecretPass = ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force
# Create a credential object using the client ID and secure string
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ClientId, $ClientSecretPass
# Connect to Microsoft Graph with Client Secret
Connect-MgGraph -TenantId $tenantId -ClientSecretCredential $ClientSecretCredential搜索特定用戶的電子郵件
從特定用戶獲取所有消息。
$User = "[email protected]"
Get-MgUserMessage -All -UserId "$User" |
Select-Object Subject, InternetMessageId, ReceivedDateTime,
@{Name = "Sender"; Expression = { $_.Sender.EmailAddress.Address } },
@{Name = "Recipients"; Expression = { $_.ToRecipients.EmailAddress.Address -join ', ' } } |
Out-GridView從讀取的特定用戶中獲取所有消息。
$User = "[email protected]"
Get-MgUserMessage -All -UserId "$User" -Filter "IsRead eq true" |
Select-Object Subject, InternetMessageId, ReceivedDateTime,
@{Name = "Sender"; Expression = { $_.Sender.EmailAddress.Address } },
@{Name = "Recipients"; Expression = { $_.ToRecipients.EmailAddress.Address -join ', ' } } |
Out-GridView從未讀的特定用戶那裡獲取所有消息。
$User = "[email protected]"
Get-MgUserMessage -All -UserId "$User" -Filter "IsRead eq false" |
Select-Object Subject, InternetMessageId, ReceivedDateTime,
@{Name = "Sender"; Expression = { $_.Sender.EmailAddress.Address } },
@{Name = "Recipients"; Expression = { $_.ToRecipients.EmailAddress.Address -join ', ' } } |
Out-GridView日期搜索電子郵件
在特定日期後搜索特定用戶的電子郵件。
$User = "[email protected]"
$Date = "2024-01-01"
Get-MgUserMessage -All -UserId "$User" -Filter "ReceivedDateTime gt $Date" |
Select-Object Subject, InternetMessageId, ReceivedDateTime,
@{Name = "Sender"; Expression = { $_.Sender.EmailAddress.Address } },
@{Name = "Recipients"; Expression = { $_.ToRecipients.EmailAddress.Address -join ', ' } } |
Out-GridView搜索主題的電子郵件
搜索以特定主題開頭的電子郵件。
$Subject = "The subject"
$user = "[email protected]"
Get-MgUserMessage -All -UserId "$User" -Filter "startswith(Subject,'$Subject')" |
Select-Object Subject, InternetMessageId, ReceivedDateTime,
@{Name = "Sender"; Expression = { $_.Sender.EmailAddress.Address } },
@{Name = "Recipients"; Expression = { $_.ToRecipients.EmailAddress.Address -join ', ' } } |
Out-GridView搜索與主題相等的電子郵件。
$Subject = "The specific subject"
$user = "[email protected]"
Get-MgUserMessage -All -UserId "$user" -Filter "Subject eq '$Subject'" |
Select-Object Subject, InternetMessageId, ReceivedDateTime,
@{Name = "Sender"; Expression = { $_.Sender.EmailAddress.Address } },
@{Name = "Recipients"; Expression = { $_.ToRecipients.EmailAddress.Address -join ', ' } } |
Out-GridView搜索最近30天的電子郵件
讓我們在收件人和發件人上搜索組織中的所有電子郵件。結果將出現在離格視圖並將導出到CSV文件。
從過去30天開始搜索組織中的所有電子郵件。
# Get all users
$users = Get-MgUser -All
# Initialize a List to store the data
$Report = [System.Collections.Generic.List[Object]]::new()
# Determine the date 30 days prior to today
$startDate = (Get-Date).AddDays(-30).ToString("yyyy-MM-dd")
# Loop through each user
foreach ($user in $users) {
# Ensure the user has an associated email address
if ($user.Mail) {
$messages = Get-MgUserMessage -UserId $user.Id -All -Filter "ReceivedDateTime ge $startDate" -ErrorAction SilentlyContinue
foreach ($message in $messages) {
$ReportLine = [PSCustomObject]@{
ReceivedDateTime = $message.ReceivedDateTime
Subject = $message.Subject
Sender = $message.Sender.EmailAddress.Address -join ','
Recipient = $message.ToRecipients.EmailAddress.Address -join ','
InternetMessageId = $message.InternetMessageId
}
$Report.Add($ReportLine)
}
}
}
# Display and export the data
$Report | Out-GridView
$Report | Export-Csv -Path "C:tempAll_emails.csv" -NoTypeInformation -Encoding utf8在過去30天內搜索已發送給特定收件人的組織中的所有電子郵件。
# Email address of the recipient you want to filter
$recipientEmailAddress = "[email protected]"
# Get all users
$users = Get-MgUser -All
# Initialize a List to store the data
$Report = [System.Collections.Generic.List[Object]]::new()
# Determine the date 30 days prior to today
$startDate = (Get-Date).AddDays(-30).ToString("yyyy-MM-dd")
# Loop through each user
foreach ($user in $users) {
# Ensure the user has an associated email address
if ($user.Mail) {
$messages = Get-MgUserMessage -UserId $user.Id -All -Filter "ReceivedDateTime ge $startDate" -ErrorAction SilentlyContinue
foreach ($message in $messages) {
# Check if the recipient matches the desired email address
if ($message.ToRecipients.EmailAddress.Address -eq $recipientEmailAddress) {
$ReportLine = [PSCustomObject]@{
ReceivedDateTime = $message.ReceivedDateTime
Subject = $message.Subject
Sender = $message.Sender.EmailAddress.Address
Recipient = $message.ToRecipients.EmailAddress.Address
InternetMessageId = $message.InternetMessageId
}
$Report.Add($ReportLine)
}
}
}
}
# Display and export the data
$Report | Out-GridView
$Report | Export-Csv -Path "C:tempRecipient_emails.csv" -NoTypeInformation -Encoding utf8搜索最近30天從特定發件人發送的組織中的所有電子郵件。
# Email address of the sender you want to filter
$senderEmailAddress = "[email protected]"
# Get all users
$users = Get-MgUser -All
# Initialize a List to store the data
$Report = [System.Collections.Generic.List[Object]]::new()
# Determine the date 30 days prior to today
$startDate = (Get-Date).AddDays(-30).ToString("yyyy-MM-dd")
# Loop through each user
foreach ($user in $users) {
# Ensure the user has an associated email address
if ($user.Mail) {
$messages = Get-MgUserMessage -UserId $user.Id -All -Filter "ReceivedDateTime ge $startDate" -ErrorAction SilentlyContinue
foreach ($message in $messages) {
if ($message.Sender.EmailAddress.Address -eq $senderEmailAddress) {
$ReportLine = [PSCustomObject]@{
ReceivedDateTime = $message.ReceivedDateTime
Subject = $message.Subject
Sender = $message.Sender.EmailAddress.Address
Recipient = ($message.ToRecipients.EmailAddress.Address -join ',')
InternetMessageId = $message.InternetMessageId
}
$Report.Add($ReportLine)
}
}
}
}
# Display and export the data
$Report | Out-GridView
$Report | Export-Csv -Path "C:tempSender_emails.csv" -NoTypeInformation -Encoding utf8就是這樣!
結論
您學會瞭如何使用PowerShell搜索電子郵件。首先,具有正確權限的Microsoft Entra中的應用程序。之後,將Microsoft Graph PowerShell連接到應用程序。最後,運行命令以使用PowerShell搜索電子郵件。
您喜歡這篇文章嗎?您可能還喜歡如何阻止Microsoft 365中的頂級域(TLD)。不要忘記關注我們並分享本文。