Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-11-19
Use the Set-AdminAuditLogConfig cmdlet to configure the administrator audit logging configuration settings.
Syntax
Set-AdminAuditLogConfig [-Identity
<OrganizationIdParameter>] [-AdminAuditLogAgeLimit
<EnhancedTimeSpan>] [-AdminAuditLogCmdlets
<MultiValuedProperty>] [-AdminAuditLogEnabled <$true |
$false>] [-AdminAuditLogExcludedCmdlets
<MultiValuedProperty>] [-AdminAuditLogParameters
<MultiValuedProperty>] [-Confirm [<SwitchParameter>]]
[-DomainController <Fqdn>] [-Force <SwitchParameter>]
[-Name <String>] [-TestCmdletLoggingEnabled <$true |
$false>] [-WhatIf [<SwitchParameter>]]
|
Detailed Description
When audit logging is enabled, a log entry is created for each cmdlet that's run, excluding Get cmdlets. In the release to manufacturing (RTM) version of Microsoft Exchange Server 2010, log entries are stored in the audit log mailbox you specified and viewed using an e-mail client or Microsoft Office Outlook Web App. With Exchange 2010 Service Pack 1 (SP1), log entries are stored in a hidden mailbox and accessed using the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets. For more information about administrator audit logging, see Overview of Administrator Audit Logging.
Important: |
---|
The Set-AdminAuditLogConfig,
Enable-CmdletExtensionAgent, and
Disable-CmdletExtensionAgent cmdlets are logged when they're
run regardless of whether administrator audit logging is enabled or
disabled. Administrator audit logging relies on Active Directory replication to replicate the configuration settings you specify to the domain controllers in your organization. Depending on your replication settings, the changes you make may not be immediately applied to all computers running Exchange 2010 in your organization. Changes to the audit log configuration may take up to 60 minutes to be applied on computers that have the Exchange Management Shell open at the time a configuration change is made. If you want to apply the changes immediately, close and reopen the Shell on each computer. |
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Administrator audit logging" entry in the Exchange and Shell Infrastructure Permissions topic.
Parameters
Parameter | Required | Type | Description | ||
---|---|---|---|---|---|
AdminAuditLogAgeLimit |
Optional |
Microsoft.Exchange.Data.EnhancedTimeSpan |
The AdminAuditLogAgeLimit parameter specifies how long each log entry should be kept before it's deleted. The default age limit is one year. To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds. To clear the age limit, specify a value of
|
||
AdminAuditLogCmdlets |
Optional |
Microsoft.Exchange.Data.MultiValuedProperty |
The AdminAuditLogCmdlets parameter specifies which cmdlets should be audited. You can specify one or more cmdlets, separated by commas. You can also use the wildcard character (*) to match multiple cmdlets in one or more of the entries in the cmdlet list. To audit all cmdlets, specify only the wildcard character (*). |
||
AdminAuditLogEnabled |
Optional |
System.Boolean |
The AdminAuditLogEnabled parameter specifies whether
administrator audit logging is enabled. The default value is
|
||
AdminAuditLogExcludedCmdlets |
Optional |
Microsoft.Exchange.Data.MultiValuedProperty |
The AdminAuditLogExcludedCmdlets parameter specifies which cmdlets should be excluded from auditing. Use this parameter if you want to exclude specific cmdlets you don't want to audit even if they match a wildcard string specified in the AdminAuditLogCmdlets parameter. You can specify one or more cmdlets, separated by commas. You can also use the wildcard character (*) to match multiple cmdlets in one or more of the entries in the cmdlet list. You can't specify only the wildcard character (*). If you want to clear the list, specify a value of
|
||
AdminAuditLogParameters |
Optional |
Microsoft.Exchange.Data.MultiValuedProperty |
The AdminAuditLogParameters parameter specifies which parameters should be audited on the cmdlets you specified using the AdminAuditLogCmdlets parameter. You can specify one or more parameters, separated by commas. You can also use the wildcard character (*) to match multiple parameters in one or more of the entries in the parameters list. To audit all parameters, specify only the wildcard character (*). |
||
Confirm |
Optional |
System.Management.Automation.SwitchParameter |
The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch. |
||
DomainController |
Optional |
Microsoft.Exchange.Data.Fqdn |
The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory. |
||
Force |
Optional |
System.Management.Automation.SwitchParameter |
The Force switch specifies whether to suppress warning or confirmation messages. This switch can be used when the task is run programmatically and prompting for administrative input is inappropriate. If the Force switch isn't provided in the command, you're prompted for administrative input. You don't have to specify a value with this parameter. |
||
Identity |
Optional |
Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter |
This parameter is available for multi-tenant deployments. It isn't available for on-premises deployments. For more information about multi-tenant deployments, see Multi-Tenant Support. The Identity parameter specifies the identity of the tenant organization. |
||
Name |
Optional |
System.String |
The Name parameter specifies the name of the AdminAuditLogConfig object.
|
||
TestCmdletLoggingEnabled |
Optional |
System.Boolean |
The TestCmdletLoggingEnabled parameter specifies whether
the execution of test cmdlets should be logged. Test cmdlets begin
with the verb Test. Valid values are Test cmdlets can produce a large amount of information. As such, you should only enable logging of test cmdlets for a short period of time. |
||
WhatIf |
Optional |
System.Management.Automation.SwitchParameter |
The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch. |
Input Types
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.
Return Types
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.
Examples
EXAMPLE 1
This example enables administrator audit logging for every cmdlet and every parameter in the organization, with the exception of Get cmdlets.
Copy Code | |
---|---|
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets * -AdminAuditLogParameters * |
EXAMPLE 2
This example enables administrator audit logging for specific cmdlets run in the organization. Any parameter used on the specified cmdlets is logged. Every time a specified cmdlet is run, a log entry is added to the audit log.
Copy Code | |
---|---|
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox, *Management*, *TransportRule* -AdminAuditLogParameters * |
EXAMPLE 3
This example enables administrator audit logging only for specific parameters that are specified when running specific cmdlets. The parameter name and the cmdlet name must match the strings specified with the AdminAuditLogCmdlets and AdminAuditLogParameters parameters. For example, a log entry is generated only when a parameter with the string "Address" in the name is run on a cmdlet with the string "Mailbox" in its name.
Copy Code | |
---|---|
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogCmdlets *Mailbox* -AdminAuditLogParameters *Address* |