Solved

AD Auditing showing owner of the mailbox  as Exchange server instead of actual owner.

Posted on 2014-09-03
8
108 Views
Last Modified: 2014-09-09
AD Auditing showing owner of the mailbox  as Exchange server instead of actual owner.
0
Comment
Question by:Gaurav Singh
  • 5
  • 3
8 Comments
 
LVL 13

Expert Comment

by:George Sas
ID: 40300501
What command you fire to get you that result ?
Normally the following accounts would have full permisions on the mailbox :
NT Auth\self
NT Auth\System
Domain\Exchange Servers
Domain\Exchange Services
Domain\Exchange Trusted Subsystems

But NOT the user himself.
0
 
LVL 17

Author Comment

by:Gaurav Singh
ID: 40300529
in ADUC console, when i check user - Security - Advance settings - owner - it shows the Exchange server name instead of the user who created the user. See the attached.

Why it changed to the name of the exchange server.
Issue.jpg
0
 
LVL 13

Expert Comment

by:George Sas
ID: 40300892
In the topic you talk about a mailbox, now you say an user... not the same thing.

Might be a migration that happen sometime ?
Else someone had manually changed the ownership of the user.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 17

Author Comment

by:Gaurav Singh
ID: 40300903
The user is associated with Mailbox. It was created recently.  It was not done manually thats what I am sure.
0
 
LVL 13

Expert Comment

by:George Sas
ID: 40301158
Then maybe you can look in the log files / events and see who created the user and what permission has the person that created the user. But this is kinda hard if you do not have enabled auditing and also have the log files / events saved.
Without this is pretty hard to see who and when changed the ownership.
Try to look for event 4670 if you have auditing enabled.
0
 
LVL 17

Accepted Solution

by:
Gaurav Singh earned 0 total points
ID: 40303528
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
0
 
LVL 17

Author Comment

by:Gaurav Singh
ID: 40303530
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
0
 
LVL 17

Author Closing Comment

by:Gaurav Singh
ID: 40311594
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PowerShell .lastLogonTimestamp off 11 25
Problem to setup GUI 11 31
E-mail delayed during DNS server reboot 8 36
archive enable with Remote mailbox 7 14
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question