?
Solved

Who changed exchange server mailbox permission?

Posted on 2012-04-02
8
Medium Priority
?
595 Views
Last Modified: 2012-04-10
Event Viewer logs are not showing who(user name) changed mailbox permission in a exchange server.

I was logged in as "administrator" and tried setting a mailbox permission for a User mailbox. Once after successfully setting the mailbox permission, i checked the Event viewer log in Domain Controller machine to find the user account name which tried to set the permission on that mailbox.

But Event Viewer shows the User as "User:Domain\MailboxServer$", instead of showing the exact account name which was logged and which did the change on that mailbox (instead of "User: Domain\administrator)..

This happens in Exchange Server 2003/2007/2010....

Any reasons why the event viewer has not recorded the  user name that was logged in.
0
Comment
Question by:tmani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 20

Expert Comment

by:compdigit44
ID: 37807496
Have you enabled auditing on your Exchange servers?
http://exchange-anzy.blogspot.com/2010/02/auditing-in-exchange-2003.html
0
 

Author Comment

by:tmani
ID: 37807700
This screenshot show event for changing mailbox permission in Exchange Server 2010, but not showing the user name correctly.This screenshot show event for changing mailbox permission in Exchange Server 2003Here i attached screenshot of what i am getting while changing mailbox permission in my environment.

I have enabled all the audit-policy for auditing mailbox permission in my exchange server.
Also the event for change mailbox permission are also triggered while changing mailbox permission and then i checked event log but it showing User as "User:Domain\ExchangeMailboxServer$", instead of showing the exact account name "User: Domain\administrator".

Please help me to resolve that what i am missing in my environment.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37808804
Please read this article it talks about how to tracking changes to Exchange objects: http://msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html
0
Get MySQL database support online, now!

At Percona’s web store you can order your MySQL database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card.

 
LVL 20

Expert Comment

by:compdigit44
ID: 37808827
The C:\  drive location of the Recyclin Bin is C:\Recycler. This is a hidden system folder. You could try to exclude this folder under your folder redirect policy. I nevered tried this but just a thought.
0
 

Author Comment

by:tmani
ID: 37822481
Hi Compdigit44,

     Still i am unable to get exact user account name "User: Domain\administrator" while changing mailbox permission in exchange server 2010 event log..

Also i am not interested in "AdminAuditLogConfig" in Logging the mailbox permission in exchange 2010.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37825697
please disregard post ID: 37808827 i posted this responce in the wrong form
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 1500 total points
ID: 37825711
in exchnage 2010 is sounds as if all audited events are placed in a mailbox instead of the Windows Event logs:

http://www.msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part2.html
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month9 days, 15 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question