Exchange Admin Audit Log Event ID 25198
25198: New-DynamicDistributionGroup Exchange cmdlet issued
This is an event from
Exchange
audit event from
LOGbinder EX
generated by
.
On this page
See also the TechNet article on the cmdlet New-DynamicDistributionGroup
Free Security Log Resources by Randy
| Field | Description |
|---|
| Occurred | Date and time when Exchange registered the cmdlet. |
| Cmdlet | The cmdlet that was issued. |
| Performed by | The user who issued the cmdlet. |
| Succeeded | "Yes", if succeeded, "No", otherwise. |
| Error | "None", if the cmdlet resulted in no error, the error message otherwise. |
| Originating server | The host name of the server. |
| Object modified | The object that was modified by the cmdlet. |
| Parameters | The list of parameters, listing them by the parameter's Name and Value. |
| Modified properties | Modified properties, if any (otherwise "n/a"). |
| Additional information | Additional information, if any (otherwise "n/a"). |
Supercharger Enterprise
This Event Is Produced By
Which Integrates with Your SIEM
New-DynamicDistributionGroup Exchange cmdlet issued
Occurred: 12/23/2012 3:21:18 PM
Cmdlet: New-DynamicDistributionGroup
Performed by: sp2010.com/Users/Joe Taylor
Succeeded: Yes
Error: None
Originating server: SP2010-EX1 (14.02.0328.009)
Object modified: sp2010.com/Users/DynamicDistributionGroup
Parameters
Name: Name, Value: [DynamicDistributionGroup]
Name: IncludedRecipients, Value: [MailboxUsers]
Modified Properties
Name: Id, Old Value: [], New Value: [sp2010.com/Users/DynamicDistributionGroup]
Name: OriginalWindowsEmailAddress, Old Value: [], New Value: [DynamicDistributionGroup@sp2010.com]
Name: PrimarySmtpAddress, Old Value: [], New Value: [DynamicDistributionGroup@sp2010.com]
Name: RecipientDisplayType, Old Value: [], New Value: [DynamicDistributionGroup]
Name: LdapRecipientFilter, Old Value: [], New Value: [(&(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608)))]
Name: AddressListMembership, Old Value: [], New Value: [\Default Global Address List;\All Recipients(VLV)]
Name: ObjectCategory, Old Value: [], New Value: [sp2010.com/Configuration/Schema/ms-Exch-Dynamic-Distribution-List]
Name: RecipientFilterMetadata, Old Value: [], New Value: [Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:IncludedRecipients=1;Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:RecipientFilterType=2]
Name: DisplayName, Old Value: [], New Value: [DynamicDistributionGroup]
Name: PoliciesIncluded, Old Value: [], New Value: [{26491cfc-9e50-4857-861b-0cb8df22b5d7};9f175e9c-5823-48e5-8b05-e8c6abd6caa5]
Name: RecipientFilter, Old Value: [], New Value: [((RecipientType -eq 'UserMailbox') -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))]
Name: OrganizationId, Old Value: [], New Value: []
Name: WindowsEmailAddress, Old Value: [], New Value: [DynamicDistributionGroup@sp2010.com]
Name: Alias, Old Value: [], New Value: [DynamicDistributionGroup]
Name: RawName, Old Value: [], New Value: [DynamicDistributionGroup]
Name: EmailAddresses, Old Value: [], New Value: [SMTP:DynamicDistributionGroup@sp2010.com]
Name: RecipientContainer, Old Value: [], New Value: [sp2010.com/Users]
Name: LegacyExchangeDN, Old Value: [], New Value: [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=DynamicDistributionGroup5c2]
Name: OriginalPrimarySmtpAddress, Old Value: [], New Value: [DynamicDistributionGroup@sp2010.com]
Additional information: CmdletParameters/Parameter/Name= [Name]; CmdletParameters/Parameter/Value= [DynamicDistributionGroup]; CmdletParameters/Parameter/Name= [IncludedRecipients]; CmdletParameters/Parameter/Value= [MailboxUsers]; ModifiedProperties/Property/Name= [Id]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users/DynamicDistributionGroup]; ModifiedProperties/Property/Name= [OriginalWindowsEmailAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [PrimarySmtpAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [RecipientDisplayType]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup]; ModifiedProperties/Property/Name= [LdapRecipientFilter]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [(&(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(!(name=SystemMailbox{*))(!(name=CAS_{*))(!(msExchRecipientTypeDetails=16777216))(!(msExchRecipientTypeDetails=536870912))(!(msExchRecipientTypeDetails=8388608)))]; ModifiedProperties/Property/Name= [AddressListMembership]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [\Default Global Address List;\All Recipients(VLV)]; ModifiedProperties/Property/Name= [ObjectCategory]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Configuration/Schema/ms-Exch-Dynamic-Distribution-List]; ModifiedProperties/Property/Name= [RecipientFilterMetadata]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:IncludedRecipients=1;Microsoft.Exchange12.8f91d340bc0c47e4b4058a479602f94c:RecipientFilterType=2]; ModifiedProperties/Property/Name= [DisplayName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup]; ModifiedProperties/Property/Name= [PoliciesIncluded]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [{26491cfc-9e50-4857-861b-0cb8df22b5d7};9f175e9c-5823-48e5-8b05-e8c6abd6caa5]; ModifiedProperties/Property/Name= [RecipientFilter]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [((RecipientType -eq 'UserMailbox') -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))]; ModifiedProperties/Property/Name= [OrganizationId]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= []; ModifiedProperties/Property/Name= [WindowsEmailAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [Alias]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup]; ModifiedProperties/Property/Name= [RawName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup]; ModifiedProperties/Property/Name= [EmailAddresses]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [SMTP:DynamicDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [RecipientContainer]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users]; ModifiedProperties/Property/Name= [LegacyExchangeDN]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=DynamicDistributionGroup5c2]; ModifiedProperties/Property/Name= [OriginalPrimarySmtpAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DynamicDistributionGroup@sp2010.com]
For more information, see http://logbinder.com/support
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection