How to Automatically Enable Mailbox Audit Logging in Exchange Server

If your organization uses mailbox audit logging you will probably find it useful to automatically enable it when new mailboxes are created. This avoids the potential problem of mailboxes not being enabled manually when they are created by your help desk, and avoids you having to run regular scheduled scripts to enable auditing for new mailboxes.

This is achieved using the Scripting Agent, one of the cmdlet extension agents in Exchange Server 2013 and 2010.

If you have not already enabled the Scripting Agent you can find steps here. Don’t forget to distribute a ScriptingAgentConfig.xml file to all Exchange servers first.

To enable audit logging for new mailboxes create and distribute a ScriptingAgentConfig.xml file containing the following:

scriptingagentconfig

The important part is these lines, that will fire if the New-Mailbox or Enable-Mailbox cmdlet completes successfully. You can see that all it is really doing is running Set-Mailbox to enable auditing, just as you would manually in the Exchange management shell.

  If ($succeeded)
  {
  	$Alias= $provisioningHandler.UserSpecifiedParameters["Alias"]
	$mailbox = Get-Mailbox $Alias
	Set-Mailbox $mailbox -AuditEnabled:$true
  }

This config uses the Alias attribute of the mailbox, which is populated when a new mailbox is created.

exchange-2013-mailbox-audit-logging-01

When the mailbox creation process has completed you can verify that auditing has been enabled.

[PS] C:\>Get-Mailbox Alannah.Shaw | fl auditenabled

AuditEnabled : True

And that is basically it. As you can see using the Scripting Agent to automate this task is quite simple, yet powerful, and saves you a lot of administrative burden.

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Find Paul on Twitter, LinkedIn or Google+, or get in touch for consulting/support engagements.

Comments

  1. Hasan Rahman says:

    Hi Paul, great post. Is it necessary to specify a dc in the script? I have made a script which sets mapiblockoutlookrpchttp each time enable-mailbox is used. This works great on 2 servers but on 2 other servers I get an error saying alias not found on the dc. If I use start-sleep for something above 15 seconds it works on all servers. I guess it is because there is an ad latency somewhere?

  2. Hi Paul,
    I am trying to implement the ScriptingAgentConfig.xml and I get an error when I enable the cmdlet extension or change the send as properties of a mailbox. Would you mind advising please if you have a second?

    For what it’s worth XMLSpy errors on validation with: “Unable to locate a reference to a supported schema type (DTD, W3C Schema) within this document instance.”

    Exchange 2013 CU3:
    Name : SERVER1
    ServerRole : Mailbox, ClientAccess
    Edition : Enterprise
    AdminDisplayVersion : Version 15.0 (Build 775.38)

    Path: …\Exchange Server\V15\Bin\CmdletExtensionAgents\ScriptingAgentConfig.xml:

    If ($succeeded)
    {
    $Alias= $provisioningHandler.UserSpecifiedParameters ["Alias"]
    $mailbox = Get-Mailbox $Alias
    Set-Mailbox $mailbox -AuditEnabled:$true
    }

  3. shishir says:

    Hi Paul,
    I am trying to allow large items for all mailbox moves in a same domain through scripting agent.I am using the API “OnComplete” here. I am not sure whether I am right or I should be using different API.I am trying to use following script but it is not including the -allowlargeitems parameter on the completion of move.

    If($succeeded) {
    [string]$id = $provisioningHandler.UserSpecifiedParameters["Identity"]

    New-MoveRequest $id -AllowLargeItems $true
    }

    Kindly suggest how to make this possible.Please correct me if I am missing any parameter or if I am makingany mistake in the above script.
    Thank you.

  4. Hi Paul,

    I’m trying to enable automatic auditing of mailboxes upon creation and I read your other posts on scripting agent config.xml. In the install directory of one of my Exchange 2013 SP1 boxes, I found the “scriptingagentconfig.xml.sample” file and renamed it to “scriptingagentconfig.xml”. I see that there is a section for auditing – “cmdlets=”new-mailbox””:

    #parameter list:
    #param([ProvisioningHandler]$provisioningHandler, [IConfigurable]$readOnlyIConfigurable)

    $newObjectGuid = $readOnlyIConfigurable.Guid.ToString();

    #parameter list:
    #param([ProvisioningHandler]$provisioningHandler, [bool]$succeeded, [Exception]$exception)

    if($succeeded)
    {
    WriteToSQL($newObjectGuid);
    }

    Does this mean I just need to push this “xml” file to all my Exchange 2013 SP1 boxes and run “Enable-cmdletextensionagent”

  5. Hi Paul,

    I left out the actual line from the sample xml file:

    #parameter list:
    #param([ProvisioningHandler]$provisioningHandler, [IConfigurable]$readOnlyIConfigurable)

    $newObjectGuid = $readOnlyIConfigurable.Guid.ToString();

    #parameter list:
    #param([ProvisioningHandler]$provisioningHandler, [bool]$succeeded, [Exception]$exception)

    if($succeeded)
    {
    WriteToSQL($newObjectGuid);
    }

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.