Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange Logon Statistics

Posted on 2014-01-15
6
Medium Priority
?
2,428 Views
Last Modified: 2014-01-15
Hi, I have a employee that swears she did not send and email out.  This was an internal email and we are running exchange 2010.  I have verified from her outlook it was not sent from her pc, and also message tracking in exchange doesnt show a source IP address.  

I tried using Get-LogonStatistics however I am not familiar enough to know how to use this feature to track this.  Can anyone suggest any options I may have to find out who internally sent this message?
0
Comment
Question by:diesel1218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:EEhotline
ID: 39783011
She didn't send the email but it said it was sent from her mailbox? Does anyone else have permission to her mailbox?
0
 

Author Comment

by:diesel1218
ID: 39783098
No one else has permission but that's why I think someone may know her password and sent it through webmail or something.
0
 
LVL 8

Expert Comment

by:EEhotline
ID: 39783187
You can try these:

Get-LogonStatistics -Identity <username> | ft applicationid,logontime,clientversion,lastaccesstime

The Get-LogonStatistics cmdlet can be useful for doing some basic checks on client logons, but the information returned from the previous command can be a little confusing and might seem inaccurate.

For example, the ClientVersion property returned for each logon will always be reported as the same version number for end-user logons. This is due to the fact that client connections go through the Client Access role in Exchange 2010.

The ApplicationId property will indicate whether clients are connected via RPC or through Outlook Web App. Keep in mind that, depending on the client, multiple connections could be reported.

Client's applications initiate multiple connections, so you will likely notice that this cmdlet will return anywhere from three to five records for each user connected to a mailbox

Hope it will help you a bit,

*Edit*: if someone might know her password, you should try to change her password first.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:diesel1218
ID: 39783221
Thank you, Is there any way to see IP info?
0
 
LVL 8

Accepted Solution

by:
EEhotline earned 2000 total points
ID: 39783237
Yes

Get-LogonStatistics -Identity <username> | ft applicationid,logontime,clientversion,lastaccesstime,clientipaddress

*Edit*: if you go to the RPC client access log under Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access it DOES have all of this information. shows correct client IP, cached mode, outlook version etc... It's just in an ugly log file.
0
 

Author Closing Comment

by:diesel1218
ID: 39783257
Thank you
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question