TechGuy_007
asked on
Exchange conversation ID
Investigating someone accessing an email account on a server that should not have through OWA.
We are going through IIS logs and looking for some way to see what messages/attachments were actually viewed.
The URL when requesting an email from the server includes what looks like a "Conversation ID" in the query string. Here is an example:
Conversation&id=CID.9gq4Ho S59kq4uLGq OoZ1PQ%3d% 3d.LgAAAAC 3c1JmG%2bF YSoBxC3ra8 gZlAQBnA1L iUGSQQrdy0 NrqgcKuAAA AWcycAAAB. vyIAAABZzJ gAAAAAlQAA AAAAAAA%3d
Is there anyway to tie this back to an email, for example, by using MFCMAPI? There is a field called PR_CONVERSATION_ID in MFCMAPI but the values look like they are in a different format. Here is an example from this:
71BF97E6E112844187331BAEC0 E238DF
Does anyone have any ideas?
Thanks
We are going through IIS logs and looking for some way to see what messages/attachments were actually viewed.
The URL when requesting an email from the server includes what looks like a "Conversation ID" in the query string. Here is an example:
Conversation&id=CID.9gq4Ho
Is there anyway to tie this back to an email, for example, by using MFCMAPI? There is a field called PR_CONVERSATION_ID in MFCMAPI but the values look like they are in a different format. Here is an example from this:
71BF97E6E112844187331BAEC0
Does anyone have any ideas?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.