asked on Search Exchange Logs
I am using Exchange 2010 on Windows Server 2008. I have been asked to prove that an item (two contacts to be exact) was deleted and if possible who deleted it. My guess is that they deleted it on the user's workstation that they belonged to. So the who is probably impossible. But I am trying to narrow down the time frame. I am guessing there is some kind of log that should store this. And I am guessing it is the transaction log. But I am not sure if there is a good way to "read" them and better yet, filter them. I have checked the security logs in Windows, but they are overwritten. Or if I am looking in the wrong place, I would really appreciate some help. Thanks.
Exchange
Last Comment
William Ramsey
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
That is an awesome tool! Unfortunately it looks like the user has already put the contact back which would have altered the Last Modifier name and timestamp. I am really grateful for this information. But is there any other place that I might be able to find this information? I am going to check and see if it is on my backup tomorrow morning or see if he moved it back before the backup. (I really wish I would have been made aware of this a lot sooner). Thanks again.
ASKER
Awesome info! I really like the software that you showed me. Unfortunately my employee had already modified the contact again so that last time and last modifier fields had changed. I was hoping for more of a log. But this is better than nothing. Thanks!