Go Up
You are here: DeploymentConfigure IT InfrastructureExchangeConfigure Exchange Administrator Audit Logging Settings

Configure Exchange Administrator Audit Logging Settings

If the audited AD domain has an Exchange organization running Exchange 2010, 2013, or 2016, you must configure the Exchange Administrator Audit Logging (AAL) settings. To do this, perform the following procedure on any of the audited Exchanges (these settings will then be replicated to all Exchanges in the domain).

To configure Exchange Administrator Audit Logging settings

  1. On the computer where the monitored Exchange server is installed, navigate to Start Programs Exchange Management Shell.

  2. Execute the following command depending on your Exchange version:

    • Exchange 2010

      Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogAgeLimit 30 -AdminAuditLogCmdlets *

    • Exchange 2013 and 2016

      Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogAgeLimit 30 -AdminAuditLogCmdlets * -LogLevel Verbose

  3. On the computer where Netwrix Auditor is installed, browse to the %Netwrix Auditor Server installation folder%/Active Directory Auditing folder, locate the SetAALExcludedCmdlets.ps1 file and copy it to Exchange.

  4. In Exchange Management Shell, in the command line, execute this file by specifying the path to it:

    <Path_To_SetAALExcludedCmdlets_File>\.SetAALExcludedCmdlets.ps1

    This file contains a list of cmdlets that must be excluded from Exchange logging to reduce server load. Make sure your policies allow script execution.

Go Up