Solved

Who changed exchange server mailbox permission?

Posted on 2012-04-02
8
582 Views
Last Modified: 2012-04-10
Event Viewer logs are not showing who(user name) changed mailbox permission in a exchange server.

I was logged in as "administrator" and tried setting a mailbox permission for a User mailbox. Once after successfully setting the mailbox permission, i checked the Event viewer log in Domain Controller machine to find the user account name which tried to set the permission on that mailbox.

But Event Viewer shows the User as "User:Domain\MailboxServer$", instead of showing the exact account name which was logged and which did the change on that mailbox (instead of "User: Domain\administrator)..

This happens in Exchange Server 2003/2007/2010....

Any reasons why the event viewer has not recorded the  user name that was logged in.
0
Comment
Question by:tmani
  • 5
  • 2
8 Comments
 
LVL 19

Expert Comment

by:compdigit44
ID: 37807496
Have you enabled auditing on your Exchange servers?
http://exchange-anzy.blogspot.com/2010/02/auditing-in-exchange-2003.html
0
 

Author Comment

by:tmani
ID: 37807700
This screenshot show event for changing mailbox permission in Exchange Server 2010, but not showing the user name correctly.This screenshot show event for changing mailbox permission in Exchange Server 2003Here i attached screenshot of what i am getting while changing mailbox permission in my environment.

I have enabled all the audit-policy for auditing mailbox permission in my exchange server.
Also the event for change mailbox permission are also triggered while changing mailbox permission and then i checked event log but it showing User as "User:Domain\ExchangeMailboxServer$", instead of showing the exact account name "User: Domain\administrator".

Please help me to resolve that what i am missing in my environment.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 37808804
Please read this article it talks about how to tracking changes to Exchange objects: http://msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part1.html
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 37808827
The C:\  drive location of the Recyclin Bin is C:\Recycler. This is a hidden system folder. You could try to exclude this folder under your folder redirect policy. I nevered tried this but just a thought.
0
 

Author Comment

by:tmani
ID: 37822481
Hi Compdigit44,

     Still i am unable to get exact user account name "User: Domain\administrator" while changing mailbox permission in exchange server 2010 event log..

Also i am not interested in "AdminAuditLogConfig" in Logging the mailbox permission in exchange 2010.
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 37825697
please disregard post ID: 37808827 i posted this responce in the wrong form
0
 
LVL 19

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 37825711
in exchnage 2010 is sounds as if all audited events are placed in a mailbox instead of the Windows Event logs:

http://www.msexchange.org/articles_tutorials/exchange-server-2010/compliance-policies-archiving/administrator-audit-logging-part2.html
0

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now