You are on page 1of 6

Module 2: Exchange Server Management Tools

Microsoft | Services

© 2008 Microsoft Corporation Microsoft Confidential

2

Module 2: Exchange Server Management Tools

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. These materials are intended for distribution to and use only by Microsoft Premier Customers. Use or distribution of these materials by any other persons is prohibited without the express written permission of Microsoft Corporation. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2010 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft | Services

© 2008 Microsoft Corporation Microsoft Confidential

Lab 2A: Configuring RBAC for Auditing
Introduction
In this lab, you will configure role based access control (RBAC) for auditing. You will create a new user account for auditing purposes. Next, you will create a new mailbox and a user to receive the audit notifications.

Objectives
After completing this lab, you will be able to: • Configure RBAC for auditing.

Prerequisites (if applicable)
Ensure that the AD1DCMCLNT, AD1HC1, and, AD1HC2 virtual machines are running.

Estimated time to complete this lab
15 minutes

Microsoft | Services

© 2008 Microsoft Corporation Microsoft Confidential

4

Module 2: Exchange Server Management Tools

Exercise: Configuring RBAC for Auditing
In this exercise, you will: • • Enable auditing. Assign the RBAC permissions required to view the audit log within the Exchange Control Panel.

Scenario
Auditing is now required for all Microsoft® Exchange Server-related tasks being executed in your organization. Management wants to know who is executing the tasks within Exchange Server 2010 and needs to be able to track as much information as possible.

Enable auditing
1. On AD1DCMCLNTNT, log on as Contoso\Administrator with password Password1. 2. Access Active Directory Users and Computers, and then create a new user account named Audit Account that uses the password Password1. 3. Click Start, click All Programs, click Microsoft Exchange Server 2010, and then click Exchange Management Console. 4. In the console tree, click Recipient Configuration, right-click Mailbox, and then click New Mailbox. 5. In the Introduction page of the wizard, select User Mailbox, and then click Next. 6. Select Existing Users, add the previously created “Audit Account,” and then click Next. 7. Click Start, click All Programs, click Microsoft Exchange Server 2010, and then click Exchange Management Shell. 8. Execute the following cmdlet:
Get-AdminAuditLogConfig | fl

Question A:

Is auditing enabled in the environment? ____________________________________________________ ____________________________________________________

9. Execute the following cmdlet to enable auditing:
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true

Question B:

Is this cmdlet required to enable audit logging in Exchange Server 2010 SP1?
© 2008 Microsoft Corporation Microsoft Confidential

Microsoft | Services

____________________________________________________ ____________________________________________________ 10. Execute the following cmdlet to modify the environment and check the audit log:
Set-TransportConfig –MaxReceiveSize 100MB

11. Open a Windows® Internet Explorer® session, and then navigate to https://ad1hc1/owa. 12. Log on to the Microsoft® Outlook® Web App mailbox for the audit account with username Contoso\auditaccount and password Password1. 13. In Outlook Web App, click Options, and then click See All Options. Question C: In the Exchange Control Panel, do you see the options to manage the organization to view audit logs? ____________________________________________________ ____________________________________________________

14. Close all web browsers on AD1DCMCLNT.

Assign the RBAC permissions required to view the audit log within the Exchange Control Panel
1. Open Active Directory Users and Computers, and then browse to the Exchange Security Groups organizational unit (OU). 2. In the Exchange Security Groups OU, add Audit Account to the Organization Management role group and the Records Management role group. 3. Open an Internet Explorer session, navigate to https://ad1hc1/owa, and then log on to the Outlook Web App mailbox for the audit account with username Contoso\auditaccount and password Password1. 4. In Outlook Web App, click Options, and then click See All Options. 5. In the Select what to manage dropdown list box, select My Organization. 6. Click Roles & Auditing, select Auditing, and then select Export the administrator audit log. 7. In the Start Date text box, specify a start date, and then in the End Date text box, specify an end date. 8. Select the audit account that will receive the auditing reports, and then click OK. 9. Run your report, and, after a while, check the Audit Account inbox. Question D: What information does the .xml file contain? ____________________________________________________ ____________________________________________________ ____________________________________________________
© 2008 Microsoft Corporation Microsoft Confidential

Microsoft | Services

6

Module 2: Exchange Server Management Tools

Note: The audit log can take up to 30 minutes to generate. Alternatively, you can run the Search-AdminAuditlog | Sort-Object RunDate cmdlet. This displays the audit log within the Exchange Management Shell, sorted by date.

Microsoft | Services

© 2008 Microsoft Corporation Microsoft Confidential