I need help regarding pulling specific information from exchange 2013. The information pertains to mail-exchange audit logs. The exchange in my environment is ms-exchange 2013. Steps performed so far are:-
**step#1**
Create test Environment on Exchange Server 2010 and Active Directory:
Two Mailboxes for testing (with dummy email messages) (i.e., test-mailbox-1, test-mailbox-2)
Two Active Directory Accounts for testing (testAcct01, testAcct02)
Assign Permission to Test Mailboxes: Owner of Email Box test-mailbox-1: testAcct01, Owner of Email Box test-mailbox-2: testAcct02
**step 2**
Enable Mailbox Auditing on the test-mailbox-1:
Use EMS to enable mailbox auditing on mailbox: test-mailbox-1
Commands:
oSet-Mailbox -Identity "test-mailbox-1" -AuditDelegate Copy,Create,FolderBind,HardDelete,Move,MoveToDeletedItems,SendAs,SendOnBehalf,SoftDelete,Update -AuditEnabled $true
oSet-Mailbox -Identity "test-mailbox-1" -AuditAdmin Copy,Create,FolderBind,HardDelete,MessageBind,Move,MoveToDeletedItems,SendAs,SendOnBehalf,SoftDelete,Update -AuditEnabled $true
Note: You must have permission for Organization Management and Record Management if you want to enable mailbox auditing.
**step#3**
Verify that the Mailbox Auditing is Successfully enabled for mailbox: test-mailbox-1:
Use EMS to verify the settings of mailbox auditing
Command:
oGet-Mailbox "test-mailbox-1" | Format-List *audit*
**step#4**
Verify that the Mailbox Auditing is Successfully enabled for mailbox: test-mailbox-1:
Use EMS to verify the settings of mailbox auditing
Command:
oGet-Mailbox "test-mailbox-1" | Format-List *audit*
**step#5**
Perform test activities on mailbox “test-mailbox-1” using account id: testAcct02
For Example: Access Inbox folder, move items from one folder to another folder, delete items, read messages, send email using SendAs and SendOnBehalf, create new folder, copy email items etc.
**step#6**
Perform test activities on mailbox “test-mailbox-1” using “Administrator” Account.
For Example: Access Inbox folder, move items from one folder to another folder, delete items, read messages, send email using SendAs and SendOnBehalf, create new folder, copy email items etc.
**step#7**
Use EMS Cmdlet to retrieve Mailbox audit logs for mailbox “test-mailbox-1”
Command:
oSearch-MailboxAuditLog -Identity test-mailbox-1 -LogonTypes Admin,Delegate –ShowDetails -StartDate mm/dd/2014 -EndDate mm/dd/2014 | Export-Csv “c:\test-Audit-Results.csv”
oNew-MailboxAuditLogSearch "Admin and Delegate Access" -Mailboxes " test-mailbox-1" -LogonTypes Admin,Delegate -StartDate mm/dd/2014 -EndDate mm/dd/2014 -StatusMailRecipients ali.imran@test.ru
I'm unable to go past step#7, as I see nothing in csv file. I don't know why is this? any help.
**step#1**
Create test Environment on Exchange Server 2010 and Active Directory:
Two Mailboxes for testing (with dummy email messages) (i.e., test-mailbox-1, test-mailbox-2)
Two Active Directory Accounts for testing (testAcct01, testAcct02)
Assign Permission to Test Mailboxes: Owner of Email Box test-mailbox-1: testAcct01, Owner of Email Box test-mailbox-2: testAcct02
**step 2**
Enable Mailbox Auditing on the test-mailbox-1:
Use EMS to enable mailbox auditing on mailbox: test-mailbox-1
Commands:
oSet-Mailbox -Identity "test-mailbox-1" -AuditDelegate Copy,Create,FolderBind,HardDelete,Move,MoveToDeletedItems,SendAs,SendOnBehalf,SoftDelete,Update -AuditEnabled $true
oSet-Mailbox -Identity "test-mailbox-1" -AuditAdmin Copy,Create,FolderBind,HardDelete,MessageBind,Move,MoveToDeletedItems,SendAs,SendOnBehalf,SoftDelete,Update -AuditEnabled $true
Note: You must have permission for Organization Management and Record Management if you want to enable mailbox auditing.
**step#3**
Verify that the Mailbox Auditing is Successfully enabled for mailbox: test-mailbox-1:
Use EMS to verify the settings of mailbox auditing
Command:
oGet-Mailbox "test-mailbox-1" | Format-List *audit*
**step#4**
Verify that the Mailbox Auditing is Successfully enabled for mailbox: test-mailbox-1:
Use EMS to verify the settings of mailbox auditing
Command:
oGet-Mailbox "test-mailbox-1" | Format-List *audit*
**step#5**
Perform test activities on mailbox “test-mailbox-1” using account id: testAcct02
For Example: Access Inbox folder, move items from one folder to another folder, delete items, read messages, send email using SendAs and SendOnBehalf, create new folder, copy email items etc.
**step#6**
Perform test activities on mailbox “test-mailbox-1” using “Administrator” Account.
For Example: Access Inbox folder, move items from one folder to another folder, delete items, read messages, send email using SendAs and SendOnBehalf, create new folder, copy email items etc.
**step#7**
Use EMS Cmdlet to retrieve Mailbox audit logs for mailbox “test-mailbox-1”
Command:
oSearch-MailboxAuditLog -Identity test-mailbox-1 -LogonTypes Admin,Delegate –ShowDetails -StartDate mm/dd/2014 -EndDate mm/dd/2014 | Export-Csv “c:\test-Audit-Results.csv”
oNew-MailboxAuditLogSearch "Admin and Delegate Access" -Mailboxes " test-mailbox-1" -LogonTypes Admin,Delegate -StartDate mm/dd/2014 -EndDate mm/dd/2014 -StatusMailRecipients ali.imran@test.ru
I'm unable to go past step#7, as I see nothing in csv file. I don't know why is this? any help.