AD Auditing showing owner of the mailbox as Exchange server instead of actual owner.
AD Auditing showing owner of the mailbox as Exchange server instead of actual owner.
ASKER
in ADUC console, when i check user - Security - Advance settings - owner - it shows the Exchange server name instead of the user who created the user. See the attached.
Why it changed to the name of the exchange server.
Issue.jpg
Why it changed to the name of the exchange server.
Issue.jpg
In the topic you talk about a mailbox, now you say an user... not the same thing.
Might be a migration that happen sometime ?
Else someone had manually changed the ownership of the user.
Might be a migration that happen sometime ?
Else someone had manually changed the ownership of the user.
ASKER
The user is associated with Mailbox. It was created recently. It was not done manually thats what I am sure.
Then maybe you can look in the log files / events and see who created the user and what permission has the person that created the user. But this is kinda hard if you do not have enabled auditing and also have the log files / events saved.
Without this is pretty hard to see who and when changed the ownership.
Try to look for event 4670 if you have auditing enabled.
Without this is pretty hard to see who and when changed the ownership.
Try to look for event 4670 if you have auditing enabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
ASKER
I found it, account created from Exchange 2010, their owner shows Exchange server names in AD.
Normally the following accounts would have full permisions on the mailbox :
NT Auth\self
NT Auth\System
Domain\Exchange Servers
Domain\Exchange Services
Domain\Exchange Trusted Subsystems
But NOT the user himself.