Run an Administrator Role Group Report
Applies to: Exchange Online, Exchange Server 2013
Topic Last Modified: 2012-10-13
When an administrator changes a role group, Microsoft Exchange logs information about this action in the administrator audit log. When you run the administrator role group report, entries from this log are displayed as search results and include the role groups that have been changed, who changed them and when, and what changes were made. Use this report to monitor changes to the administrative permissions assigned to users in your organization.
Administrator role groups are used to assign administrative permissions to users. These permissions allow users to perform administrative tasks in your organization, such as resetting passwords, creating or modifying mailboxes, and assigning administrative permissions to other users.
The administrator role group report logs the following types of changes:
Creating, copying, and deleting a role group
Adding and removing members
Estimated time to complete: 2 minutes.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "View-only administrator audit logging" entry in the Exchange and Shell infrastructure permissions topic.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
In the EAC, navigate to Compliance Management > Auditing.
Click Run an administrator role group report.
Microsoft Exchange runs the report for changes made to administrator role groups in the past two weeks.
To view the changes for a specific role group, in the search results pane, select the role group. View the search results in the details pane.
|Want to narrow the search results? Select the start date, end date, or both, and select specific role groups to search. Click Search to re-run the report.|
When members are added to or removed from a role group, the search results displayed in the details pane indicate that the role group membership was updated and lists the current members. The results don't explicitly state which user was added or removed.
To determine if a user was added or removed, you have to compare two separate entries in the report. For example, let's look at the following log entries for the Discovery Management role group:
4/27/2010 4:43 PM
5/06/2010 10:09 AM
5/19/2010 2:12 PM
In this example, the Administrator user account made the following changes:
On 5/06/2010, it added the user tonip.
On 5/19/2010, it removed the user pilarp.
If you’ve successfully run an administrator role group report, role groups that have been changed within the date range are displayed in the search results pane. If there are no results, then no changes to role groups have taken place within the specified date range. If you think there should be results, change the date range and then re-run the report.