Posted in : Exchange, Office 365 Av Joel Jerkin Översätt med Google ⟶
6 years ago
Enabling Mailbox Auditing as an Exchange Administrator has for a long time been something you have need to do manually.
Yesterday, Microsoft announced that they will be enabling mailbox auditing by default for all user mailboxes using Office 365 and Exchange Online. This is a welcome change, so you don’t need to manually enable mailbox auditing on new users or use a script that enables that for all users in Office 365 and Exchange Online.
For on-premises Exchange environment, there is no such feature (hopefully it will come with a future Cumulative Update) so you still need to change it manually. Either you add this as a process when creating a new mailbox, or you can use a PowerShell script as an Schedule Task on your Exchange Server that will automatically enable auditing.
Here’s an example on how such script can look like, and you can find it as a download here.
#requires -version 3 <# .SYNOPSIS This script will enable owner mailbox access auditing on every mailbox in your Exchange environment .DESCRIPTION This script will enable owner mailbox access auditing on every mailbox in your Exchange environment .NOTES Credits to: https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/EnableMailboxAuditing.ps1 #> [cmdletbinding()] Param( [string]$LogFolder = "C:\Scripts\Set-MailboxAuditingOnprem\Logs", [int]$LogCount = 100 ) Begin{ $ScriptName = $MyInvocation.MyCommand.Name $StartDate = Get-date -Format "yyyy-MM-dd_HHmmss" If(-not(Test-Path -Path $LogFolder -PathType Container)){ New-Item $LogFolder -ItemType Container -Force } [string]$SummaryLog = "$($LogFolder)\$($ScriptName)_Summary_$StartDate.log" [string]$VerboseLog = "$($LogFolder)\$($ScriptName)_Verbose_$StartDate.log" $SummaryLogFiles = (Get-ChildItem "$($LogFolder)\$($ScriptName)_Summary_*.log" | Sort-Object Name) if ($SummaryLogFiles.Count -gt $LogCount) { $SummaryLogFiles[0..($SummaryLogFiles.Count-$LogCount)] | Remove-Item -Force } $VerboseLogFiles = (Get-ChildItem "$($LogFolder)\$($ScriptName)_Verbose_*.log" | Sort-Object Name) if ($VerboseLogFiles.Count -gt $LogCount) { $VerboseLogFiles[0..($VerboseLogFiles.Count-$LogCount)] | Remove-Item -Force } Function Write-Log{ Param( [string]$Message, [validateset('Verbose','Error','Information')] [string]$Level = 'Verbose', [string]$SummaryLog = $SummaryLog, [string]$VerboseLog = $VerboseLog ) Switch($Level){ 'Verbose'{ Write-Verbose $Message "$(Get-date -Format "yyyy-MM-dd HH:mm:ss") : $Level : $Message" | Out-File -FilePath $VerboseLog -Append } 'Error'{ Write-Error $Message "$(Get-date -Format "yyyy-MM-dd HH:mm:ss") : $Level : $Message" | Out-File -FilePath $VerboseLog -Append "$(Get-date -Format "yyyy-MM-dd HH:mm:ss") : $Level : $Message" | Out-File -FilePath $SummaryLog -Append } 'Information'{ Write-Verbose $Message "$(Get-date -Format "yyyy-MM-dd HH:mm:ss") : $Level : $Message" | Out-File -FilePath $VerboseLog -Append "$(Get-date -Format "yyyy-MM-dd HH:mm:ss") : $Level : $Message" | Out-File -FilePath $SummaryLog -Append } } } } Process{ Try{ Write-Log -Message "Script started." -Level Information # Import Exchange PowerShell Snapin Add-PSSnapin *Exchange* # Get all mailboxes where AuditEnabled is $False $Mailboxes = Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"} # Enabling auditing on all mailboxes if ($mailboxes.count -gt 0) { foreach ($mailbox in $mailboxes) { if ($mailbox.AuditEnabled -eq $false) { Write-Log -Message "Enable auditing on $($mailbox.SamAccountName)" -Level Information Set-Mailbox -Identity $mailbox.Identity -AuditEnabled $true -AuditLogAgeLimit 365 -AuditOwner Create,HardDelete,MailboxLogin,MoveToDeletedItems,SoftDelete,Update } else { Write-Log -Message "Auditing already enabled on $($mailbox.SamAccountName)" -Level Verbose } } } else { Write-Log -Message "All mailboxes already have auditing enabled" -Level Verbose } } Catch{ $Line = $_.InvocationInfo.ScriptLineNumber $Offset = $_.InvocationInfo.OffsetInLine Write-Debug $_ Write-Log -Message $_ -Level Error Write-Log -Message "Error occurred at line: $line and offset $offset" } } End{ Write-Log -Message "Script finished." -Level Information }
Tags : Exchange, Exchange Online, Exchange Server, Office 365
Personlig rådgivning
Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.
Add comment