Solved

Who changed exchange server mailbox permission?

Posted on 2012-04-02
8
590 Views
Last Modified: 2012-04-10
Event Viewer logs are not showing who(user name) changed mailbox permission in a exchange server.

I was logged in as "administrator" and tried setting a mailbox permission for a User mailbox. Once after successfully setting the mailbox permission, i checked the Event viewer log in Domain Controller machine to find the user account name which tried to set the permission on that mailbox.

But Event Viewer shows the User as "User:Domain\MailboxServer$", instead of showing the exact account name which was logged and which did the change on that mailbox (instead of "User: Domain\administrator)..

This happens in Exchange Server 2003/2007/2010....

Any reasons why the event viewer has not recorded the  user name that was logged in.
0
Comment
Question by:tmani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 20

Expert Comment

by:compdigit44
ID: 37807496
Have you enabled auditing on your Exchange servers?
http://exchange-anzy.blogspot.com/2010/02/auditing-in-exchange-2003.html
0
 

Author Comment

by:tmani
ID: 37807700
This screenshot show event for changing mailbox permission in Exchange Server 2010, but not showing the user name correctly.This screenshot show event for changing mailbox permission in Exchange Server 2003Here i attached screenshot of what i am getting while changing mailbox permission in my environment.

I have enabled all the audit-policy for auditing mailbox permission in my exchange server.
Also the event for change mailbox permission are also triggered while changing mailbox permission and then i checked event log but it showing User as "User:Domain\ExchangeMailboxServer$", instead of showing the exact account name "User: Domain\administrator".

Please help me to resolve that what i am missing in my environment.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37808804
Please read this article it talks about how to tracking changes to Exchange objects: http://msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 20

Expert Comment

by:compdigit44
ID: 37808827
The C:\  drive location of the Recyclin Bin is C:\Recycler. This is a hidden system folder. You could try to exclude this folder under your folder redirect policy. I nevered tried this but just a thought.
0
 

Author Comment

by:tmani
ID: 37822481
Hi Compdigit44,

     Still i am unable to get exact user account name "User: Domain\administrator" while changing mailbox permission in exchange server 2010 event log..

Also i am not interested in "AdminAuditLogConfig" in Logging the mailbox permission in exchange 2010.
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 37825697
please disregard post ID: 37808827 i posted this responce in the wrong form
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 37825711
in exchnage 2010 is sounds as if all audited events are placed in a mailbox instead of the Windows Event logs:

http://www.msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part2.html
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question