Windows 2008 R2 (functional level)
Exchange 2013 / 2010 / 2007 (mailboxes on 2013)
My question is, is there a way to audit mailbox access (historically) without mailbox auditing having been enabled.
I had been looking for errors like 1016 but they seem to not be relevant in Exchange 2013.
What event ID's are logged in Exchange 2013/ Windows 2008 R2 GC/DC's for mailbox access by a non-owner (I have searched online but cannot seem to find anything).
I have the potential that someone has been accessing mailboxes and I need to find explicitly the logs that they indeed have - As a non-owner.
Alternatively, is there a way to prove that no non-users have sent email from a mailbox.
Thanks in advance