?
Solved

AD Auditing showing owner of the mailbox  as Exchange server instead of actual owner.

Posted on 2014-09-03
8
Medium Priority
?
121 Views
Last Modified: 2014-09-09
AD Auditing showing owner of the mailbox  as Exchange server instead of actual owner.
0
Comment
Question by:Gaurav Singh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 13

Expert Comment

by:George Sas
ID: 40300501
What command you fire to get you that result ?
Normally the following accounts would have full permisions on the mailbox :
NT Auth\self
NT Auth\System
Domain\Exchange Servers
Domain\Exchange Services
Domain\Exchange Trusted Subsystems

But NOT the user himself.
0
 
LVL 17

Author Comment

by:Gaurav Singh
ID: 40300529
in ADUC console, when i check user - Security - Advance settings - owner - it shows the Exchange server name instead of the user who created the user. See the attached.

Why it changed to the name of the exchange server.
Issue.jpg
0
 
LVL 13

Expert Comment

by:George Sas
ID: 40300892
In the topic you talk about a mailbox, now you say an user... not the same thing.

Might be a migration that happen sometime ?
Else someone had manually changed the ownership of the user.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 17

Author Comment

by:Gaurav Singh
ID: 40300903
The user is associated with Mailbox. It was created recently.  It was not done manually thats what I am sure.
0
 
LVL 13

Expert Comment

by:George Sas
ID: 40301158
Then maybe you can look in the log files / events and see who created the user and what permission has the person that created the user. But this is kinda hard if you do not have enabled auditing and also have the log files / events saved.
Without this is pretty hard to see who and when changed the ownership.
Try to look for event 4670 if you have auditing enabled.
0
 
LVL 17

Accepted Solution

by:
Gaurav Singh earned 0 total points
ID: 40303528
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
0
 
LVL 17

Author Comment

by:Gaurav Singh
ID: 40303530
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
0
 
LVL 17

Author Closing Comment

by:Gaurav Singh
ID: 40311594
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question