Authored by: Support.com Tech Pro Team
How to Track Who Accessed Mailboxes in Exchange Server 2016
Go to the ‘Start’ menu and open the ‘Exchange Management Shell.’ In the Shell, type the below command to get the ‘Exchange Server.’ In the shell, type the following command to verify whether auditing is enabled on a mailbox.
Get-Mailbox –Identity TestUser1 | Format-List *audit*
If Audit is enabled, you will get a true value. Under AuditAdmin and Audit Delegate, you will get all the functions the mailbox can perform.
To enable mailbox audit logging, type the below command in Exchange Management Shell:
Set-Mailbox -Identity “TestUser1†-AuditEnabled $True
This command enables audit for TestUser1
Administrators, delegates or owners can enable mailbox auditing for specified operations. Run the below commands in Exchange Management Shell:
Set-Mailbox -Identity “TestUser1†-AuditAdminHardDelete, SoftDelete -AuditEnabled $TrueSet-Mailbox -Identity “TestUser1†-AuditDelegateSendAsSendOnBehalf -AuditEnabled $TrueSet-Mailbox -Identity†TestUser1†-AuditOwnerMoveToDeletedItems –AuditEnabled $True
To get the audit log data by email (for TestUser1 mailbox), run:
New-MailboxAuditLogSearch –Mailboxes “TestUser1†–LogonTypes admin, Delegate –StartDate 07/12/2017 –EndDate 11/12/2017 –StatusMailRecipientsadministrator@www.domain.com –ShowDetails
Here, you will get information on logon details, start and end audit date, and recipients mail address on which you will receive mail.