if i need to search email body with the  word rejected. will the below syntax work.

Get-Mailbox  -Identity User2| Search-Mailbox  -SearchQuery {from:user1@domain.com AND Received:"5/1/2018 12.00..05/5/2018 23:59"} -TargetMailbox <rejected> -TargetFolder "User1_User2_search05052018" -LogOnly -LogLevel Full

Get-Mailbox  -Identity User1 | Search-Mailbox  -SearchQuery {to:user2@domain.com AND Send:"5/1/2018 12.00..05/5/2018 23:59"} -TargetMailbox <rejected> -TargetFolder "User1_User2_search05052018" -LogOnly -LogLevel Full

It should work, however this will not tell you when the message arrived in the mailbox or any other related mail flow information. For that you need the message trace data.

can any one correct the below two syntax

Get-Mailbox  -Identity User2| Search-Mailbox  -SearchQuery {from:user1@domain.com AND Received:"5/1/2018 12.00..05/5/2018 23:59"} -TargetMailbox <rejected> -TargetFolder "User1_User2_search05052018" -LogOnly -LogLevel Full

Get-Mailbox  -Identity User1 | Search-Mailbox  -SearchQuery {to:user2@domain.com AND Send:"5/1/2018 12.00..05/5/2018 23:59"} -TargetMailbox <rejected> -TargetFolder "User1_User2_search05052018" -LogOnly -LogLevel Full

This below syntax works but i am not getting the results. what ever is body its show success is true.

Get-Mailbox -Identity user2@mydomain.com | Search-Mailbox -SearchQuery {Body:"*TestEmail*" AND From:user1@mydomain.com AND Received:"05/15/2018 13:00..05/15/2018 16:05"} -EstimateResultOnly

The syntax is correct, but you might want to adjust the datetime formatting. I'm not so sure that the body keyword supports wildcards, so try with an exact word/phrase.

Hi experts, please help me, i am struck

I tried the below syntax it works but what ever you put in body the end result it gives as success. experts help me plz

Get-Mailbox -Identity user2@mydomain.com | Search-Mailbox -SearchQuery {Body:"*rejected to you*" AND From:user1@mydomain.com AND Received:"05/14/2018 11:00..05/15/2018 11:00"} -EstimateResultOnly

The below syntax dont work, what should be in target mailbox and targetfolder, iam searching with with keyword rejected to you in email body

PS C:\Windows\system32> Get-Mailbox  -Identity user2@mydomain.com | Search-Mailbox  
-SearchQuery {from:user1@mydomain.com AND Received:"05/15/2018 07.00..05/15/2018 11:00"} 
-TargetMailbox <rejected to you> -TargetFolder "user2_user1_search05152018" 
-LogOnly -LogLevel Full
At line:1 char:189
+ ... -TargetMailbox <rejected to you> -TargetFolder "user2_user1_search05152018 ...
+                    ~
The '<' operator is reserved for future use.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RedirectionNotSupported

User1 has sent test email to User2 and lets say i am user1 and in the email body i have put the word Testing and sent it to user2

with the below command it works fine but if i change body:"tttt" in the syntax still i am getting same result as with body:Testing

i never sent an email with email body as tttt. i should get false result with tttt but i am getting true result

Get-Mailbox -Identity user2@mydomain.com | Search-Mailbox -SearchQuery {Body:"*Testing*" AND From:user1@mydomain.com AND Received:"05/15/2018 16:00..05/15/2018 20:05"} -targetmailbox "user1@mydomain.com" -targetfolder "searchresults" -logonly -loglevel full