-->

Saturday, February 10, 2018

Exchange - Enabling Mailbox Auditing Scheduled Task - Part 3

In my previous post, I showed that mailbox auditing takes up very little storage space. In this post, I'll show you how to create a Scheduled Task to enable auditing on newly created mailboxes...we don't wanna do that manually every time we enable mailbox, right?

Create a Service Account:

First, you'll want to create a Service Account in your domain, which will be used to run the scheduled task. It's best practice to use service accounts rather than your own account to run scheduled tasks, so if you ever leave your position and they deactivate your account, it won't break the task!

In your domain, create a new user called something like exchscriptaccount and set a super-strong password.

This account will need to be a member of the Records Management Role Group, otherwise it won't have permissions to enable auditing on mailboxes.

Next, add the newly created user to the Local Administrators Group on your Exchange Management Tools server or Exchange server if your running it from there. The scheduled task will need local admin rights to run PowerShell things, and since you have a super strong password, it's not an issue.

Creating The Task:

On your Exchange Management Server or an Exchange Server, open the Task Scheduler Control Panel, click Action > Create Task...

On the General tab:

Give it a name like Set Shared Mailbox Auditing

Click "Change User or Group..." hit "Locations" and switch to your domain, then search for your exchscriptaccount service account.

Check the box for "Run with highest privileges"

On the Triggers Tab:

Click "New..."

Set it for how often you need it to run. I run mine Daily at 12AM - no specific reason, but you do want it to run Daily.

On the Actions Tab:


Set the "Action" dropdown to "Start a program"

Under Program/Script, copy/paste the following:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

In the "Add arguments" field, copy/paste the following:

-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited | ? {$_.AuditEnabled -eq $False} | Set-Mailbox -AuditEnabled $True -AuditOwner SoftDelete, HardDelete"

**Note** You can create one Schedule Task to enable auditing on all mailboxes, or create separate tasks by specifying the Mailbox Type like I have above...it depends on your mailbox creation rate.
To set for mailbox type just change the "-RecipientTypeDetails SharedMailbox" to another mailbox type like "-RecipientTypeDetails UserMailbox"

In the Settings Tab:

Checkmark the following boxes:

- Allow task to be run on demand

- Stop the task if it runs longer than: 1 hour (if it runs longer than an hour, you got something wrong!)

- If the running task does not end when requested, force it to stop

Click OK when you have everything set.

Testing the Task:

In the main task window, right-click your new "Set Shared Mailbox Auditing" task, and click Run.

When it finishes running, you should have a (0x1) Last Run Result.

Check Our Work:

Check that auditing is set on All Shared Mailboxes by running:

Get-Mailbox -Filter {AuditEnabled -eq $false -and recipienttypedetails -eq "sharedmailbox"}

The output should be empty.

Now run:

Get-Mailbox -Filter {AuditEnabled -eq $true -and recipienttypedetails -eq "sharedmailbox"}

The list should show all Shared Mailboxes

Now, Exchange will do the boring job of applying auditing for you :)

No comments:

Post a Comment