.png)
Authored by: Support.com Tech Pro Team
How to Track Who Accessed Mailboxes in Exchange Server 2016
Go to the ‘Start’ menu and open the ‘Exchange Management Shell.’ In the Shell, type the below command to get the ‘Exchange Server.’ In the shell, type the following command to verify whether auditing is enabled on a mailbox.
Get-Mailbox –Identity TestUser1 | Format-List *audit*
If Audit is enabled, you will get a true value. Under AuditAdmin and Audit Delegate, you will get all the functions the mailbox can perform.
To enable mailbox audit logging, type the below command in Exchange Management Shell:
Set-Mailbox -Identity “TestUser1†-AuditEnabled $True
This command enables audit for TestUser1
Administrators, delegates or owners can enable mailbox auditing for specified operations. Run the below commands in Exchange Management Shell:
Set-Mailbox -Identity “TestUser1†-AuditAdminHardDelete, SoftDelete -AuditEnabled $TrueSet-Mailbox -Identity “TestUser1†-AuditDelegateSendAsSendOnBehalf -AuditEnabled $TrueSet-Mailbox -Identity†TestUser1†-AuditOwnerMoveToDeletedItems –AuditEnabled $True
To get the audit log data by email (for TestUser1 mailbox), run:
New-MailboxAuditLogSearch –Mailboxes “TestUser1†–LogonTypes admin, Delegate –StartDate 07/12/2017 –EndDate 11/12/2017 –StatusMailRecipientsadministrator@www.domain.com –ShowDetails
Here, you will get information on logon details, start and end audit date, and recipients mail address on which you will receive mail.
Support.com is committed to your privacy
We do not share or sell your data to third parties. We do use cookies and other third-party technologies to improve our site and services. The California Consumer Privacy Act (CCPA) gives you the ability to opt out of the use of cookies, third-party technologies and/or the future sale of your data. Do not sell my personal information.
Support.com is committed to your privacy
Read our Privacy Policy for a clear explanation of how we collect, use, disclose and store your information
