Export (0) Print
Expand All

Set-AdminAuditLogConfig

Applies to: Exchange Server 2010

Topic Last Modified: 2011-03-19

Use the Set-AdminAuditLogConfig cmdlet to configure the administrator audit logging configuration settings.


Set-AdminAuditLogConfig [-Identity <OrganizationIdParameter>] [-AdminAuditLogAgeLimit <Nullable>] [-AdminAuditLogCmdlets <MultiValuedProperty>] [-AdminAuditLogEnabled <$true | $false>] [-AdminAuditLogMailbox <SmtpAddress>] [-AdminAuditLogParameters <MultiValuedProperty>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Name <String>] [-TestCmdletLoggingEnabled <$true | $false>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description

AdminAuditLogAgeLimit

Optional

System.Nullable

The AdminAuditLogAgeLimit parameter specifies how long each log entry should be kept before it's deleted. The default age limit is one year.

To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds. For example, to specify 180 days and 12 hours, enter 180.12:00:00.

To clear the age limit, specify a value of $null.

Dd298169.important(en-us,EXCHG.140).gifImportant:
This parameter isn't functional in this release of Exchange 2010.

AdminAuditLogCmdlets

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The AdminAuditLogCmdlets parameter specifies which cmdlets should be audited. You can specify one or more cmdlets, separated by commas. You can also use the wildcard character (*) to match multiple cmdlets in one or more of the entries in the cmdlet list. To audit all cmdlets, specify only the wildcard character (*).

AdminAuditLogEnabled

Optional

System.Boolean

The AdminAuditLogEnabled parameter specifies whether administrator audit logging is enabled. The default value is $false. The valid values are $true and $false. You must specify an administrator audit log mailbox before you enable logging.

AdminAuditLogMailbox

Optional

Microsoft.Exchange.Data.SmtpAddress

The AdminAuditLogMailbox parameter specifies which mailbox should be used to store the administrator audit logs. You must specify a value before you enable audit logging; there's no default value. Specify the SMTP address of the mailbox where you want audit logs to be stored.

AdminAuditLogParameters

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The AdminAuditLogParameters parameter specifies which parameters should be audited on the cmdlets you specified using the AdminAuditLogCmdlets parameter. You can specify one or more parameters, separated by commas. You can also use the wildcard character (*) to match multiple parameters in one or more of the entries in the parameters list. To audit all parameters, specify only the wildcard character (*).

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

Identity

Optional

Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter

The Identity parameter is reserved for internal Microsoft use.

Name

Optional

System.String

The Name parameter specifies the name of the AdminAuditLogConfig object.

Dd298169.note(en-us,EXCHG.140).gifNote:
You don't need to specify this parameter when configuring administrator audit logging. It doesn't impact your configuration or how administrator audit logging works.

TestCmdletLoggingEnabled

Optional

System.Boolean

The TestCmdletLoggingEnabled parameter specifies whether the execution of test cmdlets should be logged. Test cmdlets begin with the verb Test. Valid values are $True and $False. The default value is $False.

Dd298169.important(en-us,EXCHG.140).gifImportant:
Test cmdlets can produce a large amount of information. As such, you should only enable logging of test cmdlets for a short period of time.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. For more information about administrator audit logging, see Administrator Audit Logging.

Dd298169.important(en-us,EXCHG.140).gifImportant:
Administrator audit logging relies on Active Directory replication to replicate the configuration settings you specify to the domain controllers in your organization. Depending on your replication settings, the changes you make may not be immediately applied to all computers running Microsoft Exchange Server 2010 in your organization.
Changes to the audit log configuration are refreshed every 60 minutes on computers that have the Exchange Management Shell open at the time a configuration change is made. If you want to apply the changes immediately, close and reopen the Shell on each computer.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Administrator audit logging" entry in the Exchange and Shell Infrastructure Permissions topic.

Error Description

 

This example enables administrator audit logging for every cmdlet and every parameter in the organization. Every time a cmdlet is run, with the exception of Get cmdlets, a log is sent to the mailbox with the SMTP address david@contoso.com.

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * -AdminAuditLogParameters * -AdminAuditLogMailbox david@contoso.com

This example enables administrator audit logging for specific cmdlets run in the organization. Any parameter used on the specified cmdlets is logged. Every time a specified cmdlet is run, a log is sent to the mailbox with the SMTP address david@contoso.com.

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox, *Management*, *TransportRule* -AdminAuditLogParameters * -AdminAuditLogMailbox david@contoso.com

This example enables administrator audit logging only for specific parameters that are specified when running specific cmdlets. The parameter name and the cmdlet name must match the strings specified with the AdminAuditLogCmdlets and AdminAuditLogParameters parameters. For example, a log entry is generated only when a parameter with the string Address in the name is run on a cmdlet with the string Mailbox in its name.

Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox*, -AdminAuditLogParameters *Address* -AdminAuditLogMailbox david@contoso.com
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft