Solved

Who changed exchange server mailbox permission?

Posted on 2012-04-02
8
594 Views
Last Modified: 2012-04-10
Event Viewer logs are not showing who(user name) changed mailbox permission in a exchange server.

I was logged in as "administrator" and tried setting a mailbox permission for a User mailbox. Once after successfully setting the mailbox permission, i checked the Event viewer log in Domain Controller machine to find the user account name which tried to set the permission on that mailbox.

But Event Viewer shows the User as "User:Domain\MailboxServer$", instead of showing the exact account name which was logged and which did the change on that mailbox (instead of "User: Domain\administrator)..

This happens in Exchange Server 2003/2007/2010....

Any reasons why the event viewer has not recorded the  user name that was logged in.
0
Comment
Question by:tmani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 20

Expert Comment

by:compdigit44
ID: 37807496
Have you enabled auditing on your Exchange servers?
http://exchange-anzy.blogspot.com/2010/02/auditing-in-exchange-2003.html
0
 

Author Comment

by:tmani
ID: 37807700
This screenshot show event for changing mailbox permission in Exchange Server 2010, but not showing the user name correctly.This screenshot show event for changing mailbox permission in Exchange Server 2003Here i attached screenshot of what i am getting while changing mailbox permission in my environment.

I have enabled all the audit-policy for auditing mailbox permission in my exchange server.
Also the event for change mailbox permission are also triggered while changing mailbox permission and then i checked event log but it showing User as "User:Domain\ExchangeMailboxServer$", instead of showing the exact account name "User: Domain\administrator".

Please help me to resolve that what i am missing in my environment.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37808804
Please read this article it talks about how to tracking changes to Exchange objects: http://msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 20

Expert Comment

by:compdigit44
ID: 37808827
The C:\  drive location of the Recyclin Bin is C:\Recycler. This is a hidden system folder. You could try to exclude this folder under your folder redirect policy. I nevered tried this but just a thought.
0
 

Author Comment

by:tmani
ID: 37822481
Hi Compdigit44,

     Still i am unable to get exact user account name "User: Domain\administrator" while changing mailbox permission in exchange server 2010 event log..

Also i am not interested in "AdminAuditLogConfig" in Logging the mailbox permission in exchange 2010.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37825697
please disregard post ID: 37808827 i posted this responce in the wrong form
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 37825711
in exchnage 2010 is sounds as if all audited events are placed in a mailbox instead of the Windows Event logs:

http://www.msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part2.html
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question