Go Up
You are here: DeploymentConfigure IT InfrastructureExchangeConfigure Exchange Administrator Audit Logging Settings

Configure Exchange Administrator Audit Logging Settings

If the audited AD domain has an Exchange organization configured, you must configure the Exchange Administrator Audit Logging (AAL) settings. To do this, perform the following procedure on any of the audited Exchange servers (these settings will then be replicated to all Exchange servers in the domain).

To configure Exchange Administrator Audit Logging settings

  1. On the computer where the monitored Exchange server is installed, navigate to Start Programs Exchange Management Shell.

  2. Execute the following command depending on your Exchange version:

    • Exchange 2019, 2016 and 2013

      Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogAgeLimit 30 -AdminAuditLogCmdlets * -LogLevel Verbose

    • Exchange 2010
    • Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogAgeLimit 30 -AdminAuditLogCmdlets *

  3. On the computer where Netwrix Auditor is installed, browse to the %Netwrix Auditor Server installation folder%/Active Directory Auditing folder, locate the SetAALExcludedCmdlets.ps1 file and copy it to Exchange.

  4. In Exchange Management Shell, in the command line, execute this file by specifying the path to it:

    <Path_To_SetAALExcludedCmdlets_File>.\SetAALExcludedCmdlets.ps1

    This file contains a list of cmdlets that must be excluded from Exchange logging to reduce server load. Make sure your policies allow script execution.

Go Up