Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange/AD Account

Posted on 2012-09-19
7
Medium Priority
?
316 Views
Last Modified: 2012-10-05
Does anyone know of a 3rd party tool that will let me scan an individual's email and/or Active Directory account?
We have 2 users whose email closes down (stops working) at specific times during the day and I'm pretty sure those accounts are compromised.
I've scanned the computer(s) with Microsoft Forefront (that's our AV product) and nothing is found.  I don't know what else to try.
0
Comment
Question by:skbarnard
7 Comments
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 1500 total points
ID: 38413623
Does anyone know of a 3rd party tool that will let me scan an individual's email and/or Active Directory account? - What exactly do you want to know ??

If you think their accounts are being used you can enable "Mailbox Auditing" for those users.

- Rancy
0
 
LVL 10

Expert Comment

by:chubby_informer
ID: 38413639
or just change the passwords
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38414299
Your Domain Controller will log authentication requests when an account is validated.

We have 2 users whose email closes down (stops working) at specific times during the day and I'm pretty sure those accounts are compromised.

How to you restore service again after email stops working?
What does stop working mean? Cannot send, gets errors, hangs?

I've seen some funky issues with DLP software and mimecast which resulted in Outlook crashing.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:skbarnard
ID: 38414594
The password had already been changed so I am going to try the mailbox autditing, thanks Rancy.
I'll report back within a day or two to update whether this helps me as much as I think it will
0
 

Author Comment

by:skbarnard
ID: 38415106
In repsonse to dvt_localboy - the email for these users hangs.  They are unable to use their Outlook even after closing it down and opening again.  They're unable to log in to their email via the web access.
Their email eventually starts back up (unfreezes, isn't hung) on its own.
For Rancy's suggestion - I have enabled mailbox auditing on these 2 accounts via the management shell.  Is there a report I can get that let's me see how much SMTP traffic the account is generating?  Do I have to explicity set what is to be audited? (AuditAdmin?, AuditOwner?)
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38416666
Is there a report I can get that let's me see how much SMTP traffic the account is generating? - Message Tracking is the only option for this

Get-MessageTrackingLog

- Rancy
0
 

Author Closing Comment

by:skbarnard
ID: 38467450
This problem is more wide-spread than just the 2 users when the question was originally posted.  Mailbox auditing has assisted some but no complete solution has been found.  We're going to install Exchange SP2 as this is supposed to fix the known problem with the store.exe crashing - likely this is our resolve.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question