asked on

Search Exchange 2016 Audit Logs

Need to search Audit log ALL mailboxes affected by an admin action on a particular date range... The csv Output should have the following columns:

Search-MailboxAuditLog -Id < > -LogonTypes admin -ShowDetails -StartDate 11/23/2018 -EndDate 11/27/2018 | select logontype,lastaccessed,logondisplayname,operationresult,operation,logonUserdisplayname

Anthony K O365

ASKER

Also the LogonUserDisplayName should be 'AdminJones' as an example

Saif Shaikh

You can use the following command:

Search-MailboxAuditLog -Identity nelson -LogonTypes Owner -StartDate (Get-Date).AddHours(-2) -ShowDetails | fl operation*,logonuserdisplayname,sourceitemsubject* | Export-CSV C:\AdminAuditLogResults.csv

Saif Shaikh

my command as below:
#Set-Mailbox -Identity “andy” -AuditOwner Create, SoftDelete, HardDelete, Update, Move, MoveToDeletedItems -AuditEnabled $true

#Search-MailboxAuditLog -ShowDetails -Identity “andy” -LogonTypes owner

#Search-MailboxAuditLog -Identity andy -LogonTypes Owner -StartDate (Get-Date).AddHours(-1) -ShowDetails

#Search-MailboxAuditLog -Identity nelson -LogonTypes Owner -StartDate (Get-Date).AddHours(-2) -ShowDetails | fl operation*,logonuserdisplayname,sourceitemsubject* | Export-CSV C:\AdminAuditLogResults.csv

Anthony K O365

ASKER

Saif,

the mailboxes are already set for auditing. I need a way to output ALL the mailboxes into a csv...not just one at a time.

ASKER CERTIFIED SOLUTION

Saif Shaikh

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Anthony K O365

ASKER

What exactly will this do for me?

Anthony K O365

ASKER

After looking at the command closer, this is what I was looking for!

Thanks!!