Exchange Admin Audit Log Event ID 25209

SourceExchange (LOGbinder EX)
LogAdmin Audit
Windows Security Log
Category
 • Subcategory		Object Access
 • Application Generated
Type Success
Failure

25209: New-Mailbox Exchange cmdlet issued

This is an event from Exchange audit event from LOGbinder EX generated by Log  Admin Audit.

On this page

See also the TechNet article on the cmdlet New-Mailbox

Free Security Log Resources by Randy

Description Fields in 25209

FieldDescription
OccurredDate and time when Exchange registered the cmdlet.
CmdletThe cmdlet that was issued.
Performed byThe user who issued the cmdlet.
Succeeded"Yes", if succeeded, "No", otherwise.
Error"None", if the cmdlet resulted in no error, the error message otherwise.
Originating serverThe host name of the server.
Object modifiedThe object that was modified by the cmdlet.
ParametersThe list of parameters, listing them by the parameter's Name and Value.
Modified propertiesModified properties, if any (otherwise "n/a").
Additional informationAdditional information, if any (otherwise "n/a").

Supercharger Free Edition

 

Where Does This Event Come From?

This Event Is Produced By

Which Integrates with Your SIEM

Examples of 25209

New-Mailbox Exchange cmdlet issued
Occurred: 12/23/2012 4:16:33 PM
Cmdlet: New-Mailbox
Performed by: sp2010.com/Users/Joe Taylor
Succeeded: Yes
Error: None
Originating server: SP2010-EX1 (14.02.0328.009)
Object modified: sp2010.com/Users/TestUser
Parameters
  Name: UserPrincipalName, Value: [testuser@sp2010.com]
Name: Alias, Value: [TestUser]
Name: Name, Value: [TestUser]
Name: Password, Value: []
Modified Properties
  Name: ExchangeSecurityDescriptor, Old Value: [], New Value: [System.Security.AccessControl.RawSecurityDescriptor]
Name: RemotePowerShellEnabled, Old Value: [True], New Value: [True]
Name: ExchangeGuid, Old Value: [00000000-0000-0000-0000-000000000000], New Value: [e2a65f97-e0f2-46e0-9256-1911be08f957]
Name: HomeMTA, Old Value: [], New Value: [Microsoft MTA]
Name: RecipientTypeDetailsValue, Old Value: [None], New Value: [UserMailbox]
Name: WhenMailboxCreated, Old Value: [], New Value: [12/23/2012 9:16:29 PM]
Name: RecipientDisplayType, Old Value: [], New Value: [ACLableMailboxUser]
Name: AddressListMembership, Old Value: [], New Value: [\All Users;\Default Global Address List;\All Recipients(VLV);\All Mailboxes(VLV);\Mailboxes(VLV)]
Name: IndexedPhoneNumbers, Old Value: [], New Value: []
Name: ProtocolSettings, Old Value: [], New Value: [RemotePowerShell§1]
Name: DisplayName, Old Value: [], New Value: [TestUser]
Name: PoliciesIncluded, Old Value: [], New Value: [{26491cfc-9e50-4857-861b-0cb8df22b5d7};9f175e9c-5823-48e5-8b05-e8c6abd6caa5]
Name: UserPrincipalName, Old Value: [], New Value: [testuser@sp2010.com]
Name: OrganizationId, Old Value: [], New Value: []
Name: WindowsEmailAddress, Old Value: [], New Value: [TestUser@sp2010.com]
Name: Alias, Old Value: [], New Value: [TestUser]
Name: SamAccountName, Old Value: [], New Value: [testuser]
Name: PrimarySmtpAddress, Old Value: [], New Value: [TestUser@sp2010.com]
Name: EmailAddresses, Old Value: [], New Value: [SMTP:TestUser@sp2010.com]
Name: RecipientTypeDetails, Old Value: [None], New Value: [UserMailbox]
Name: OriginalWindowsEmailAddress, Old Value: [], New Value: [TestUser@sp2010.com]
Name: RawName, Old Value: [], New Value: [TestUser]
Name: ServerLegacyDN, Old Value: [], New Value: [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SP2010-EX1]
Name: Id, Old Value: [], New Value: [sp2010.com/Users/TestUser]
Name: LegacyExchangeDN, Old Value: [], New Value: [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TestUserf30]
Name: ObjectCategory, Old Value: [], New Value: [sp2010.com/Configuration/Schema/person]
Name: OriginalPrimarySmtpAddress, Old Value: [], New Value: [TestUser@sp2010.com]
Name: RoleAssignmentPolicy, Old Value: [], New Value: [Default Role Assignment Policy]
Name: UMDtmfMap, Old Value: [], New Value: [firstNameLastName:83788737;lastNameFirstName:83788737;emailAddress:83788737]
Name: ExchangeVersion, Old Value: [1.0 (14.0.0.0)], New Value: [0.10 (14.0.100.0)]
Additional information: CmdletParameters/Parameter/Name= [UserPrincipalName]; CmdletParameters/Parameter/Value= [testuser@sp2010.com]; CmdletParameters/Parameter/Name= [Alias]; CmdletParameters/Parameter/Value= [TestUser]; CmdletParameters/Parameter/Name= [Name]; CmdletParameters/Parameter/Value= [TestUser]; CmdletParameters/Parameter/Name= [Password]; CmdletParameters/Parameter/Value= []; ModifiedProperties/Property/Name= [ExchangeSecurityDescriptor]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [System.Security.AccessControl.RawSecurityDescriptor]; ModifiedProperties/Property/Name= [RemotePowerShellEnabled]; ModifiedProperties/Property/OldValue= [True]; ModifiedProperties/Property/NewValue= [True]; ModifiedProperties/Property/Name= [ExchangeGuid]; ModifiedProperties/Property/OldValue= [00000000-0000-0000-0000-000000000000]; ModifiedProperties/Property/NewValue= [e2a65f97-e0f2-46e0-9256-1911be08f957]; ModifiedProperties/Property/Name= [HomeMTA]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [Microsoft MTA]; ModifiedProperties/Property/Name= [RecipientTypeDetailsValue]; ModifiedProperties/Property/OldValue= [None]; ModifiedProperties/Property/NewValue= [UserMailbox]; ModifiedProperties/Property/Name= [WhenMailboxCreated]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [12/23/2012 9:16:29 PM]; ModifiedProperties/Property/Name= [RecipientDisplayType]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [ACLableMailboxUser]; ModifiedProperties/Property/Name= [AddressListMembership]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [\All Users;\Default Global Address List;\All Recipients(VLV);\All Mailboxes(VLV);\Mailboxes(VLV)]; ModifiedProperties/Property/Name= [IndexedPhoneNumbers]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= []; ModifiedProperties/Property/Name= [ProtocolSettings]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [RemotePowerShell§1]; ModifiedProperties/Property/Name= [DisplayName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser]; ModifiedProperties/Property/Name= [PoliciesIncluded]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [{26491cfc-9e50-4857-861b-0cb8df22b5d7};9f175e9c-5823-48e5-8b05-e8c6abd6caa5]; ModifiedProperties/Property/Name= [UserPrincipalName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [testuser@sp2010.com]; ModifiedProperties/Property/Name= [OrganizationId]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= []; ModifiedProperties/Property/Name= [WindowsEmailAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser@sp2010.com]; ModifiedProperties/Property/Name= [Alias]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser]; ModifiedProperties/Property/Name= [SamAccountName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [testuser]; ModifiedProperties/Property/Name= [PrimarySmtpAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser@sp2010.com]; ModifiedProperties/Property/Name= [EmailAddresses]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [SMTP:TestUser@sp2010.com]; ModifiedProperties/Property/Name= [RecipientTypeDetails]; ModifiedProperties/Property/OldValue= [None]; ModifiedProperties/Property/NewValue= [UserMailbox]; ModifiedProperties/Property/Name= [OriginalWindowsEmailAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser@sp2010.com]; ModifiedProperties/Property/Name= [RawName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser]; ModifiedProperties/Property/Name= [ServerLegacyDN]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=SP2010-EX1]; ModifiedProperties/Property/Name= [Id]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users/TestUser]; ModifiedProperties/Property/Name= [LegacyExchangeDN]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TestUserf30]; ModifiedProperties/Property/Name= [ObjectCategory]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Configuration/Schema/person]; ModifiedProperties/Property/Name= [OriginalPrimarySmtpAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestUser@sp2010.com]; ModifiedProperties/Property/Name= [RoleAssignmentPolicy]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [Default Role Assignment Policy]; ModifiedProperties/Property/Name= [UMDtmfMap]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [firstNameLastName:83788737;lastNameFirstName:83788737;emailAddress:83788737]; ModifiedProperties/Property/Name= [ExchangeVersion]; ModifiedProperties/Property/OldValue= [1.0 (14.0.0.0)]; ModifiedProperties/Property/NewValue= [0.10 (14.0.100.0)]

For more information, see http://logbinder.com/support

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!