Compliance audit logs reports

Team,

I am trying to do search audit log of a single id while runing the command during output. The command gets failed. Attach is the errror message screen shot.

Please help me to know what are the synatx and command need to run for  auditing and export audit logs to meet the compliance requirement in my organizastion at present i am runing Exchange 2013 sp1.




  • Edited by Zubish Saturday, January 24, 2015 9:01 AM
January 24th, 2015 11:59am

Hi , 

Please check the below mentioned command on the exchange management shell and share me the results.

Search-MailboxAuditLog -Identity "nithya" -LogonTypes Delegate -StartDate "1/1/2015" -EndDate "1/2/2015" -ResultSize 2000 -showdetails

Note : On the above command You need use the date format which is available on your exchange server.

command to find the date format :

start----->run------>cmd------->date

Above command will show you the date format of the exchange server on where you are going to use the above mentioned command.However the error you have faced is not related to incorrect date format but we need to use the proper date format as same as exchange server while running the command and also please run the command on EMS.

Free Windows Admin Tool Kit Click here and download it now
January 24th, 2015 12:35pm

Hi Zubish,

Have your tried the above suggestion? How about the result ?

Best regards,

January 26th, 2015 11:15am

Hi Zubish,

Any update?

Best regards,

Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 1:00pm

Hi Niko,

I try above suggetion but no luck. Attach is the screen shot of error message please suggest.


  • Edited by Zubish Tuesday, January 27, 2015 10:03 AM more comments
January 27th, 2015 1:01pm

Hi ,

1.make sure the account which you are using is having the enough permissions to query the mailbox audit logs 

2.Please run it on the EMS and check the results.

Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 1:05pm

Hi ,

Just add your admin account in the "Records Management" group and check the results.

January 27th, 2015 1:09pm

Hi Nityanandham,

My id zubair shaikh is already a part of role management group and also i try running the command on Exchange EMS.

Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 2:13pm

Please check both the screen shot already a part of Role menagement group and also try runing on exchange ems.
January 27th, 2015 2:14pm

Hi ,

Thanks for your reply.

Just open the exchange management shell as an administrator and run the below mentioned command without dates and logon types.

Search-MailboxAuditLog -Identity "nithya" -showdetails | fl 

Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 2:32pm

Hi ,

is there is any update on this issue ?

January 27th, 2015 3:39pm

Hi Nityanandham,

I try using the above command but no luck it still giving error message, Attach is the screen shot.

Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 3:57pm

Hi ,

Have you checked with some other mailboxes which is having audit enabled ?

January 27th, 2015 4:05pm

Yes i try runing the command on another mailbox but still same error message.
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 4:09pm

Hi ,

How many exchange servers did you have in your environment ? Have you tried to run the same command on the other exchange servers ?

What happens when you try to run the below mentioned command without mentioning any identity?

Search-MailboxAuditLog

What happens when you try to run the below mentioned command ? Please tell me did the output gives you any error messages ?

Search-AdminAuditLog

January 27th, 2015 4:22pm

When i run the search-mailboxauditlog command i get the output. But when irun the search-adminauditlog command there is no output. Attach is the screen shot of the same. Please suggest further action plan.
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2015 5:23pm

Hi ,

Did you run the command on the different exchange server because it says it connected to EXMAIL02.NSEROOT.COM. But Previously it was connecting to the different exchange server which is named as EXMAIL01.NSEROOT.COM. 

Same time please tell me is your existing exchange 2013 environment is coexist with exchange 2010 ? 

Does both the above mentioned servers have exchange 2013 installed ?

January 27th, 2015 6:50pm

Hi Nitya,

I try runing the command on exmail02 only will try on another server as well and post you the result. We have only exchange 2013 sp1 server 

Free Windows Admin Tool Kit Click here and download it now
January 28th, 2015 8:00am

January 28th, 2015 8:55am

Free Windows Admin Tool Kit Click here and download it now
January 28th, 2015 8:55am

hi nitya,

i posted the result for mail01 it is the same as mail02

January 28th, 2015 8:56am

Hi ,

1.Please run the below mentioned command and check the details.

Search-MailboxAuditLog -Identity "nithya" | fl 

Note : Above command doesn't have the showdetails parameter .Let us check the results.

2.What happens when you try to run the  option "Run a non-owner mailbox access report" which is on the compliance management in ECP? Just tell me did you get any results or not ?

3.On the exchange servers Did you get any error related events logs for the command's which is throwing the error ?

Free Windows Admin Tool Kit Click here and download it now
January 28th, 2015 12:59pm

Hi Zubish,

Is there any update with your issue?

Best regards,

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

February 2nd, 2015 12:22am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics