In this article I want to share the search script in logs CAS Exchange 2013 current users and their version of Outlook. The script requires two CAS server, the script must be run under the administrator of these servers, the path to the log specified standard.
Download ex13_username_version.ps1
Download ex13_username_version.ps1
$cas1 = "cas1.blogspot.com"
$cas2 = "cas2.blogspot.com"
$LogFile = "ex13_username_version.csv"
$LogParser = "C:\Program Files (x86)\Log Parser 2.2\LogParser.exe"
$LogTime = Get-Date -Format "yyyyMMdd"
$LogHProxy = "RpcHttp" + $LogTime + "*.log"
$query = """SELECT DISTINCT EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,1,';'),1,'=') as username,EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,2,';'),1,'}') as client `
into $($LogFile) FROM '\\$($cas1)\c$\Program Files\Microsoft\Exchange Server\V15\Logging\RpcHttp\W3SVC1\$($LogHProxy)', `
'\\$($cas2)\c$\Program Files\Microsoft\Exchange Server\V15\Logging\RpcHttp\W3SVC1\$($LogHProxy)' `
where (EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,1,';'),1,'=') NOT LIKE '%{%' AND EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,1,';'),1,'=') IS NOT null `
AND EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,2,';'),1,'}') IS NOT null)"""
$LogParserStr = "-i:csv -o:csv " + $query + " –nSkipLines:4"
$LP = Start-Process -FilePath $LogParser -ArgumentList $LogParserStr -Wait -Passthru -NoNewWindow
