Using powershell to list users accessing OWA

Sometimes it’s useful to identify how many users are using Outlook Web Access, particularly for capacity management. Just because an account has OWA enabled, doesn’t mean it’s being used.

The below PowerShell script will enumerate the IIS logs looking for OWA access, if found it’ll add the user account to a list of accounts accessing OWA.

$path = "C:\WINDOWS\system32\LogFiles\W3SVC1\ex*"

# Create new DataTable to hold log entries
$tblLog = New-Object System.Data.DataTable "Log"
$arrUsers = New-Object System.Collections.ArrayList($null)
$bFirstRun = $TRUE;

foreach ($file in Get-ChildItem $path)
{
	# Get the contents of the file, excluding the first three lines.
	$fileContents = Get-Content $file.FullName | where {$_ -notLike "#[D,S-V]*" }

	# Create DataTable columns. No handling for different columns in
	# each log file.
	if( $bFirstRun )
	{
		$columns = (($fileContents[0].TrimEnd()) -replace "#Fields: ", "" -replace "-","" -replace "\(","" -replace "\)","").Split(" ")
		$colCount = $columns.Length

		# Create a DataColumn from the column string and add to our DataTable.
		foreach ($column in $columns)
		{
			$colNew = New-Object System.Data.DataColumn $column, ([string])
			$tblLog.Columns.Add( $colNew )
		}
		$bFirstRun = $FALSE;
		Write-Host "Columns complete"
	}
	
	# Get the row contents from the file, filtering what I want to retrieve.
	$rows = $fileContents | where {$_ -like "*/owa/Default.aspx*"}

	# Loop through rows in the log file.
	foreach ($row in $rows)
	{
		if(!$row)
		{
			continue
		}

		$rowContents = $row.Split(" ")
		$newRow = $tblLog.newrow()
		for($i=0;$i -lt $colCount; $i++)
		{
			$columnName = $columns[$i]
			$newRow.$columnName = $rowContents[$i]
		}
		$tblLog.Rows.Add( $newRow )
	}
	Write-Host $file.Name "Done"
}
$tblLog | foreach {  if(! $arrUsers.Contains( $_.csusername ) ) { $arrUsers.Add( $_.csusername ) } }
$arrUsers


Save to a file with the “.ps1” extension and run. You’ll then be presented with a list of users, for example:

NWTRADERS\Administrator
NWTRADERS\Steve
NWTRADERS\Dave
NWTRADERS\James
NWTRADERS\Albert

You’ll need to alter the path to the IIS logs if you’ve stored them in a non-default location. To filter only logs for the current year, you can use a wildcard in the $path variable. For example “ex13*” for 2013 only.

Published by

Dave Hope

Dave is a Principal Software Analyst for a UK based retirement developer, in his spare time he enjoys digital photography and rock climbing.

15 thoughts on “Using powershell to list users accessing OWA”

  1. Should this work for Exchange 2007?
    I modified the path to match my 2007 CAS
    $path = “C:inetpublogsLogFilesW3SVC1u_ex*”
    It looks like it goes through the log files but it returns zero.
    [PS] C:>.owatest.ps1
    Columns complete
    u_ex130522.log Done
    u_ex130523.log Done
    u_ex130524.log Done
    u_ex130525.log Done
    u_ex130526.log Done
    u_ex130527.log Done
    u_ex130528.log Done
    0
    [PS] C:>

    Thanks in advance

    1. It was written for use against 2007. Are your IIS logs really in that location? I presume they are if its seeing the files, but make sure it’s for the right website if there are more than one.

      Is OWA accessed under /OWA/….?

      Also, which windows version are you using?

      1. I only ran this against one log file and it doesn’t do anything once it finishes.

        Columns complete
        u_ex130709.log Done

  2. Hi Dave-

    I was wondering if you had any thoughts of a way to determine which users have only used OWA, but no other method such as Outlook or Mobile Device? Is there anyway in this existing script to note when the user last accessed via OWA?

    1. Hi Ken, That’s exactly what this script does. It filters for /owa/default.aspx – So you only see users who have actually logged into OWA.

    1. Hi David,

      You’d need to maintain a separate kvp in the script to maintain a mapping of usernames to datetime’s. Probably not too difficult to add it.

  3. hey ,

    in my case (win2k8 , exchange 2k10)

    it returns
    olumns complete
    u_ex140410.log Done
    u_ex140411.log Done
    u_ex140412.log Done
    u_ex140413.log Done
    u_ex140414.log Done
    u_ex140415.log Done
    u_ex140416.log Done
    u_ex140417.log Done

    ——————————-

    no list of users? 🙁

    1. The script was written for Win2k3/EX2k7 so it’s possible the IIS log file is different on Win2k8/E2k10. I’ll take a look when I get chance to setup a lab.

  4. Hi,

    I run this on Windows Powershell 1.0, as administrator, having tweaked the path for c:\inetpub\logs\Logfiles\W3SVC1 … but when I run the script, it returns absolutely nothing – I’m just returned to the prompt. What am I doing wrong? I’m running Win Server 2008 I believe, 64 bit version. Exchange 2007. Any ideas?

    regards
    Ash

  5. For above script to work on exchane 2013 you have to
    make small modification.

    Run ps script on CAS server. Change lines to this

    $path = “C:\inetpub\logs\LogFiles\W3SVC1\*ex*”

    $rows = $fileContents | where {$_ -like “*/owa/*”}

    Then you will have list of users.

    P.S Thank you for great script 🙂

    1. Since Exchange 2013 uses Https and not Mapi anymore, If I run this script in Exchange 2013 environment, will show records for Outlook clients too or just for users who are accessing through Ooutlok Web Access?

Leave a Reply

Your email address will not be published. Required fields are marked *