Run an Administrator Role Group Report

 

Applies to: Exchange Online, Exchange Server 2013

When an administrator changes a role group, Microsoft Exchange logs information about this action in the administrator audit log. When you run the administrator role group report, entries from this log are displayed as search results and include the role groups that have been changed, who changed them and when, and what changes were made. Use this report to monitor changes to the administrative permissions assigned to users in your organization.

Administrator role groups are used to assign administrative permissions to users. These permissions allow users to perform administrative tasks in your organization, such as resetting passwords, creating or modifying mailboxes, and assigning administrative permissions to other users.

The administrator role group report logs the following types of changes:

  • Creating, copying, and deleting a role group

  • Adding and removing members

What do you need to know before you begin?

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server, Exchange Online, or Exchange Online Protection..

What do you want to do?

Run an administrator role group report

  1. In the EAC, navigate to Compliance Management > Auditing.

  2. Click Run an administrator role group report.

    Microsoft Exchange runs the report for changes made to administrator role groups in the past two weeks.

  3. To view the changes for a specific role group, in the search results pane, select the role group. View the search results in the details pane.

Tip

Want to narrow the search results? Select the start date, end date, or both, and select specific role groups to search. Click Search to re-run the report.

Monitor changes to role group membership

When members are added to or removed from a role group, the search results displayed in the details pane indicate that the role group membership was updated and lists the current members. The results don't explicitly state which user was added or removed.

To determine if a user was added or removed, you have to compare two separate entries in the report. For example, let's look at the following log entries for the Discovery Management role group:

4/27/2010 4:43 PM

Administrator

Updated members:

Administrator;annb,florencef;pilarp

5/06/2010 10:09 AM

Administrator

Updated members:

Administrator;annb;florencef;pilarp;tonip

5/19/2010 2:12 PM

Administrator

Updated members:

Administrator;annb;florencef;tonip

In this example, the Administrator user account made the following changes:

  • On 5/06/2010, it added the user tonip.

  • On 5/19/2010, it removed the user pilarp.

How do you know this worked?

If you’ve successfully run an administrator role group report, role groups that have been changed within the date range are displayed in the search results pane. If there are no results, then no changes to role groups have taken place within the specified date range. If you think there should be results, change the date range and then re-run the report.