?
Solved

exchange online and 2010 tracking logs and message trace

Posted on 2016-07-26
3
Medium Priority
?
58 Views
Last Modified: 2016-08-25
Is there any specific exchange role that could be assigned to our investigation team so they can run searches of tracking logs and message traces for investigations. We dont want to give them anything elevated where they could make changes, but so they can do such searches themselves without having to take up the time of the support teams.

I presume searching logs and running message traces cannot impact performance if run during peak working hours?

we have quite a complex exchange environment, half is exchange online 2013, and the other is older exchange 2010 on prem
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Author Comment

by:pma111
ID: 41729416
Out of interest, in EAC, where is a message trace report searching, is that just searching through the tracking logs, or is it looking at other logs as well? I am guessing it is a different set of logs, as tracking logs go back 30 days, whereas trace seems to return up to 90 days of history.
0
 
LVL 32

Accepted Solution

by:
Scott C earned 1000 total points
ID: 41729451
Here you go:

Enabling Message Tracking for non-administrator accounts

1.  In Exchange System Manager, at the Organization level, right-click and choose Delegate Control.  Grant the user or group Exchange View Only Admin permissions.

2.  On each Exchange server you want them to be able to track messages from, perform the following steps.

a.  Enable Message Tracking.  This is done in Exchange System Manager by going to the properties of the server.  The Message Tracking options are on the General tab.

b.  Grant read access to the Message Tracking log share.  Make sure that the user or group has rights to the Share as well as rights at the NTFS level.  Read rights are sufficient here.

c.  Open the WMI Management console either by going to the Computer Management, Services and Applications, WMI Control, or by simply typing wmimgmt.msc at the Run prompt.  Go to the properties of WMI Control, then go to the Security tab.  Expand Root, then highlight MicrosoftExchangeV2 and click Security.  Add the user or group and ensure that you allow the following four permissions.

   1.  Execute Methods
   2.  Provider Write
   3.  Enable Account
   4.  Remote Enable

3.  If you are accessing Message Tracking via Exchange System Manager that has been installed on your workstation, you should be good to go.  If you are accessing Exchange System Manager by logging on to a Terminal Services session on the Exchange server, then you will have to grant the user or group Log on Locally rights on the Exchange server(s).  You will also likely have to edit the Terminal Services Configuration (Windows 2000), or the Remote Desktops section (Computer properties, Remote tab, Windows 2003) and grant the user or group rights to log on via Terminal Services.


https://blogs.technet.microsoft.com/benw/2006/12/08/enabling-message-tracking-for-non-administrator-accounts/


And here's a good blog on searching the message tracking logs.

http://exchangeserverpro.com/searching-message-tracking-logs-by-sender-or-recipient-email-address/
0
 
LVL 19

Assisted Solution

by:suriyaehnop
suriyaehnop earned 1000 total points
ID: 41729463
I think you can create a custome rbac role. Assigned only specific cmdlet to run specific task

https://blogs.technet.microsoft.com/nepapfe/2014/02/04/create-a-custom-admin-role-for-exchange-using-rbac/
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question