In my organisation, we are running exchange 2003. Recently I noticed that one of the junior systems administrator has put his user account in the security of other key director accounts (i.e in AD when I checked the directors account properties, under the security tab, his account was there and having all the permissions to the directors mailboxes). We thought of pulling him in and asking what his account is doing inside other directors mailboxes, but one of the directors has suggested that we actually try and audit to find out what he is up to and what exactly he has been doing in these users mailboxes.
The problem is we don't know where to set up this auditing. Please help