Technology Tips and News
Team,
I am trying to do search audit log of a single id while runing the command during output. The command gets failed. Attach is the errror message screen shot.
Please help me to know what are the synatx and command need to run for auditing and export audit logs to meet the compliance requirement in my organizastion at present i am runing Exchange 2013 sp1.
Hi ,
Please check the below mentioned command on the exchange management shell and share me the results.
Search-MailboxAuditLog -Identity "nithya" -LogonTypes Delegate -StartDate "1/1/2015" -EndDate "1/2/2015" -ResultSize 2000 -showdetails
Note : On the above command You need use the date format which is available on your exchange server.
command to find the date format :
start----->run------>cmd------->date
Above command will show you the date format of the exchange server on where you are going to use the above mentioned command.However the error you have faced is not related to incorrect date format but we need to use the proper date format as same as exchange server while running the command and also please run the command on EMS.
Hi Zubish,
Have your tried the above suggestion? How about the result ?
Best regards,
Hi Zubish,
Any update?
Best regards,
Hi Niko,
I try above suggetion but no luck. Attach is the screen shot of error message please suggest.
Hi ,
1.make sure the account which you are using is having the enough permissions to query the mailbox audit logs
2.Please run it on the EMS and check the results.
Hi ,
Just add your admin account in the "Records Management" group and check the results.
Hi Nityanandham,
My id zubair shaikh is already a part of role management group and also i try running the command on Exchange EMS.
Hi ,
Thanks for your reply.
Just open the exchange management shell as an administrator and run the below mentioned command without dates and logon types.
Search-MailboxAuditLog -Identity "nithya" -showdetails | fl
Hi ,
is there is any update on this issue ?
Hi Nityanandham,
I try using the above command but no luck it still giving error message, Attach is the screen shot.
Hi ,
Have you checked with some other mailboxes which is having audit enabled ?
Hi ,
How many exchange servers did you have in your environment ? Have you tried to run the same command on the other exchange servers ?
What happens when you try to run the below mentioned command without mentioning any identity?
Search-MailboxAuditLog
What happens when you try to run the below mentioned command ? Please tell me did the output gives you any error messages ?
Search-AdminAuditLog
Hi ,
Did you run the command on the different exchange server because it says it connected to EXMAIL02.NSEROOT.COM. But Previously it was connecting to the different exchange server which is named as EXMAIL01.NSEROOT.COM.
Same time please tell me is your existing exchange 2013 environment is coexist with exchange 2010 ?
Does both the above mentioned servers have exchange 2013 installed ?
Hi Nitya,
I try runing the command on exmail02 only will try on another server as well and post you the result. We have only exchange 2013 sp1 server
hi nitya,
i posted the result for mail01 it is the same as mail02
Hi ,
1.Please run the below mentioned command and check the details.
Search-MailboxAuditLog -Identity "nithya" | fl
Note : Above command doesn't have the showdetails parameter .Let us check the results.
2.What happens when you try to run the option "Run a non-owner mailbox access report" which is on the compliance management in ECP? Just tell me did you get any results or not ?
3.On the exchange servers Did you get any error related events logs for the command's which is throwing the error ?
Hi Zubish,
Is there any update with your issue?
Best regards,
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier