I haven't posted anything in a long time and I have chosen not to go back over what has already been posted to see if it is still valid. I expect readers to have a level of understanding and knowledge to know how to interpret what has been posted and determine if it is relevant. I use blogs like these just to point me in the right direction, which brings me to an item that Microsoft had published for Exchange 2010, but the link is now defunct (after they moved their library) and I couldn't find it anywhere else, except on another blog. So this is to bolster that blog in case it too vanishes.
When using PowerShell / Exchange Management Shell, certain characters are interpreted as scripting language (e.g. the $ symbol). When writing something to the screen for example, when a dollar sign is encountered, PS is looking for a variable. You can overcome this using the tilde character (`) immediately before any character you want to be displayed literally (it is located to the left of number one across the top of most keyboards). So, to get the following to display the way you intend it to:
write-host "The contents of $variable are"$variable
you would write:
write-host "The contents of `$variable are"$variable
It's a subtle difference. If you wanted to display a tilde, you'd put a tilde in front of it.
The same principle is not used in Transport Rules. When you want to match criteria in a rule, you need to use a different approach. Below is a copy of the content originally posted by Microsoft. It was in relation to Exchange 2010, but is still relevant in exchange 2016 at least. Note that the criteria you filter for is not case-sensitive so looking for 'External' is the same as 'external' and 'EXTERNAL' and even 'ExTeRnAL'.
Here is an example to match only 'External' encased in brackets and not 'external' elsewhere in the field being searched:
\(External\)
Pattern matching in Exchange Transport Rules
| Pattern string | Description |
|---|---|
\S | The \S pattern string matches any single character that's not a space. |
\s | The \s pattern string matches any single white-space character. |
\D | The \D pattern string matches any non-numeric digit. |
\d | The \d pattern string matches any single numeric digit. |
\w | The \w pattern string matches any single Unicode character categorized as a letter or decimal digit. |
\W | The \W pattern string matches any single Unicode character not categorized as a letter or a decimal digit. |
| | The pipe ( | ) character performs an OR function. |
* | The asterisk ( * ) character matches zero or more instances of the previous character. For example, ab*c matches the following strings: ac, abc, abbbbc. |
( ) | Parentheses act as grouping delimiters. For example, a(bc)* matches the following strings: a, abc, abcbc, abcbcbc, and so on. |
\ | A backslash is used as an escaping character before a special character. Special characters are characters used in pattern strings:
(525), you would type \(525\). |
^ | The caret ( ^ ) character indicates that the pattern string that follows the caret must exist at the start of the text string being matched.For example, ^fred@contoso matches fred@contoso.com and fred@contoso.co.uk but not alfred@contoso.com. |
$ | The dollar sign ( $ ) character indicates that the preceding pattern string must exist at the end of the text string being matched.For example, contoso.com$ matches adam@contoso.com and kim@research.contoso.com, but doesn't match kim@contoso.com.au |