Exchange Server | Murat Bilici

"Empower your knowledge"

Administrator Audit Log Reports in HTML Format – Exchange 2010 SP1

The Search-AdminAuditLog cmdlet is part of the new administrator audit logging functionality in Exchange 2010 SP1. I used it to write a script that sends an HTML report via e-mail based on the changes made within the organization in the last 24 hours. The details of the command used to make each change include the cmdlet name, the parameters and their assigned values, the user who ran it, and the object that was modified. If you want to read up on administrator audit logging, there are some great posts on it here, and over here. I’ve also blogged about it a couple times, here and here.

Here is a screenshot of how the report looks:

You can create a scheduled task to run once every day and have the report sent as an HTML formatted message to a specified e-mail address. You just need to supply the recipient, sender and smtp server; here is an example running the script manually:

[PS] C:\>.\AuditLogReport.ps1 -To admin@adatum.com -From audit@adatum.com -SmtpServer adatum-ex1

You can customize the script to limit the amount of information included in the report by modifying the parameters used with the Search-AdminAuditLog cmdlet. For example, you can modify the start and end time to use a shorter time window, or you can limit it to only report on certain cmdlets or user ids.

You can download a copy of the script here.

Categories: Exchange 2010 - Powershell
bir sistemcinin bilmesi gerekn en önemli komutlardan biri sağol murat hocam
16 Şubat 12 at 20:48
Bilici
teşekkürler Engin hocam
19 Şubat 12 at 13:24
 
[...] Kategori: Exchange Server Administrator Audit Log Reports in HTML Format – Exchange 2010 SP1 [...]