Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Who changed exchange server mailbox permission?

Posted on 2012-04-02
8
589 Views
Last Modified: 2012-04-10
Event Viewer logs are not showing who(user name) changed mailbox permission in a exchange server.

I was logged in as "administrator" and tried setting a mailbox permission for a User mailbox. Once after successfully setting the mailbox permission, i checked the Event viewer log in Domain Controller machine to find the user account name which tried to set the permission on that mailbox.

But Event Viewer shows the User as "User:Domain\MailboxServer$", instead of showing the exact account name which was logged and which did the change on that mailbox (instead of "User: Domain\administrator)..

This happens in Exchange Server 2003/2007/2010....

Any reasons why the event viewer has not recorded the  user name that was logged in.
0
Comment
Question by:tmani
  • 5
  • 2
8 Comments
 
LVL 19

Expert Comment

by:compdigit44
ID: 37807496
Have you enabled auditing on your Exchange servers?
http://exchange-anzy.blogspot.com/2010/02/auditing-in-exchange-2003.html
0
 

Author Comment

by:tmani
ID: 37807700
This screenshot show event for changing mailbox permission in Exchange Server 2010, but not showing the user name correctly.This screenshot show event for changing mailbox permission in Exchange Server 2003Here i attached screenshot of what i am getting while changing mailbox permission in my environment.

I have enabled all the audit-policy for auditing mailbox permission in my exchange server.
Also the event for change mailbox permission are also triggered while changing mailbox permission and then i checked event log but it showing User as "User:Domain\ExchangeMailboxServer$", instead of showing the exact account name "User: Domain\administrator".

Please help me to resolve that what i am missing in my environment.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 37808804
Please read this article it talks about how to tracking changes to Exchange objects: http://msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 19

Expert Comment

by:compdigit44
ID: 37808827
The C:\  drive location of the Recyclin Bin is C:\Recycler. This is a hidden system folder. You could try to exclude this folder under your folder redirect policy. I nevered tried this but just a thought.
0
 

Author Comment

by:tmani
ID: 37822481
Hi Compdigit44,

     Still i am unable to get exact user account name "User: Domain\administrator" while changing mailbox permission in exchange server 2010 event log..

Also i am not interested in "AdminAuditLogConfig" in Logging the mailbox permission in exchange 2010.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 37825697
please disregard post ID: 37808827 i posted this responce in the wrong form
0
 
LVL 19

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 37825711
in exchnage 2010 is sounds as if all audited events are placed in a mailbox instead of the Windows Event logs:

http://www.msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part2.html
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question