GUI testing script for Exchange Online Mail Flow.

In this blog, I will review a script with a GUI interface that I wrote in order to test mail flow from & to Exchange Online.

  • The testing process:
  1. Filling up an email address of a user who owned a mailbox in Exchange Online. This mailbox will send the test email to an external domain.
  2. Filling up the password of the sender’s you have just submitted above. This process will connect the Exchange Online user to the tenant in order to use the Send-MailMessage command.
  3. Filling up an email address of an external email address (at Hotmail, Outlook, Gmail, Yahoo, etc).
    In our example, I have used my old Hotmail.com account.
  4. A rule at the external email site, forwards the test email to the sender’s secondary email address since the rule cannot forward the email back to the same email address of the sender.
  5. The script review the time was taken to the email return to the Exchange Online sender’s mailbox using the Get-MessageTrace command.
  6. In case that the email’s route takes more than 2 minutes, you will get a red message, saying the MailFlow is Broken.

7. In case that the email’s route takes less than to 2 minutes, you will get a green message, saying the MailFlow is Working.

The first step before running the script is setting the permissions needed in order to the mail flow test.
There is one specific command that the test user should use when running the script, it is the Get-MessageTrace command.

In case that the user who’s running the script has high privileges like the built-in Exchange Online groups or global administrator, you can continue to the next paragraph.
In case that you want to have a simple user (not a strong one ) running the test , need to create an RBAC (Role Based Access Control) role and give this user the right permissions.
In case you are configure RBAC for the first time in your tenant, you should run the following command, otherwise, you will get an error:

Enable-OrganizationCustomization

Now let’s run the next 3 commands to allow the user running the script:

  • Replicate all the roles from “View-Only Recipients” role:
    New-ManagementRole -Name “MessageTrace” -Parent “View-Only Recipients”
  • Remove all cmdlets except Get-MessageTrace from the MessageTrace role:
    Get-ManagementRoleEntry “MessageTrace\*” | Where-Object {$_.Name -ne ‘Get-MessageTrace’}| %{Remove-ManagementRoleEntry “$($_.Role)\$($_.Name)” -Confirm:$False}
  • Create a new group named MsgTrace which contains only the Get-MessageTrace role and add User1 to the group:
    New-RoleGroup -Name “MsgTrace” -Roles “MessageTrace” -Members “User1@msftdomain.onmicrosoft.com”
  • Optional command to verify that only Get-MessageTrace is available:
    Get-ManagementRoleEntry -Identity “MessageTrace\*”

There are 2 things we must have from networking and security perspectives in order to successfully run this script:

  • Internet Connectivity :-)
  • Open port TCP 587 outside the organization from the computer that runs the script to smtp.office365.com.

In order to create a rule which forwards the test email back to the sender, we need to have a secondary email address for the Exchange Online test user.
For example, in addition to the primary email address User1@msftdomain.onmicrosoft.com, we created an additional email address (secondary) named testemail@msftdomain.onmicrosoft.com.

Part of the testing process is sending back a test email from the external site, back to the Exchange Online mailbox.
In order to do so, we have to create a forwarding rule to the secondary email address of the sender, which is actually the same user.

In our example, we configured that every email that arrives from User1@msftdomain.onmicrosoft.com, will be forwarded to testemail@msftdomain.onmicrosoft.com.

These addresses belong to the same mailbox at Exchange Online — User1.
We have to use a secondary email address since the rule will not work if the source and forward addresses are the same.

  • Important!
    Verify that your Office 365 domain or the primary email address of the sender is at your safe senders’ list at the external test where you send the testing emails, otherwise, you will not get an email back and the test will fail.

In order to run the script, just open a Windows PowerShell and navigate to the script location:

When you run the script for the first time, all 3 text boxes will be empty:

After the first run, the Sender’s Address will be kept in a txt file under C:\Temp\SendersAddress.txt.
The External’s Address will be kept in other txt file under C:\Temp\ExternalAddress.txt.
Those addresses will be loaded every time you will open the script again, so you will have to type them again.
Each time you will run the script, you will have to type only the password for the Exchange Online user (Sender).

To run the script, just click on Run-Test button.
During the testing period, the Run-Test button will be grayed out and will be changed from Run-Test to Running…

Since the “Normal” time for mail flow testing is 2 minutes, this is more or less the time the script will end up with the result.

In case the mail flow test recognize that it took more than 2 minutes, a red message will show up

In case the mail flow test recognizes that it took more than 2 minutes, a green message will show up.

At the end of each testing, the Time Laps field will be replaced by the date and time of the last test

Click the link below in order to get the script:

During the last 13 years, I'm working as a Senior Customer Succes Engineer (former PFE) at Microsoft. My areas of expertise are Exchange, Powershell & Azure.