Monday, October 15, 2012

How to search Exchange Admin Log in Exchange 2010?

In my case there was a situation when one of the exchange admins has created a mailbox for a user. Team group leader wanted to know who was responsible for a user's mailbox creation.
Microsoft Exchange 2010 has enabled administrator audit logging entries for each cmdlet that is run in EMC or Exchange Management Shell. Searching the the log is easy using Search-AdminAuditLog cmdlet. In my case, I was searching for user mailbox creation and the syntax for it is:

Search-AdminAuditLog -StartDate 09/01/2012 -EndDate 09/09/2012 -ObjectID domain.name/Users/user.name
 
You can dump all log entries using Search-AdminAuditLog > c:\temp\adminlog.txt .

More on Adminsitrator Audit Logging on http://technet.microsoft.com/en-us/library/dd335144.aspx

No comments:

Post a Comment