Unauthorised mailbox access Exchange 2003

Posted on 2011-10-17
Medium Priority
Last Modified: 2012-05-12
Hello all,

We have a situation in our company where it seems an admin may have been abusing his priviledges and accessing other peoples email accounts.

I'm no expert but have been tasked with collecting as much evidence and logging as possible from the server to try and prove the claims. I understand there are some events posted in the event log, but is there anything else I can save? Is there anything I can pull from the domain controllers (apart from login events). I'm not sure of the logging on the server but if there is anything we can check then I would appreciate someone highlighting for me!

Question by:purejamie

Expert Comment

ID: 36978777
Simple change your admin if you don't trust him.

Domain admin always win in any chalenge.

Accepted Solution

purejamie earned 0 total points
ID: 36978822
Indeed - trouble is you can't change your admin without proof.

I've looked at the article you posted before rajkr2020 - and have it covered as far as the simple logging is concerned (i.e. pulling the exchange event logs). I was just wondering if there are any under the hood tricks or additional logs I should be looking into whilst the case is pretty fresh.

Expert Comment

ID: 37065840
I Have to agree with morpheios here, as an admin you are charged with some very serious security stuffs, if you even have a hankering that your admin is off you should change him.

abuse of an admin account is very serious indeed.


Author Closing Comment

ID: 37511193

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month14 days, 2 hours left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question