none
Programatically looging transport rule creation/change event RRS feed

  • Question

  • Hi,
     
    We are setting some transport rules on exchange server 2010, is there any way to programatically log these rule creation or change events? In short can I hook to something which will give me events of creation or modification of rule?
     
    Regards,
     
    Abhagwat

     

    Friday, January 11, 2013 6:41 AM

Answers

All replies

  • You can enable Administrative Audit logging http://technet.microsoft.com/en-us/library/dd335109(v=exchg.141).aspx which will log when particular EMS cmdlets are used directly or via ECP. There are not events for these log so you need to either poll them of watch the log files.

    Cheers
    Glen

    Friday, January 11, 2013 10:35 AM
  • Hi Glen,

    Thanks for the reply, regarding audit logs I came to know through my same post on exchange server forum, but I was not aware of ECP thanks for that.

    You mentioned that I need  to poll them could you please elaborate?

    I have used EWS for reading the mailboxes, so some what familiar with exchnage programming but not so much.

    Can I put some windows hook to capture transport rule creation or modifcation?

    Regards,

    ABhagwat

    Monday, January 14, 2013 12:28 PM
  • EWS won't be helpfull in this instance as it's an API for accessing Mailboxes. You need to use the EMS cmdlets eg Search-AdminAuditLog http://technet.microsoft.com/en-us/library/ff459250(v=exchg.141).aspx also see http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/25/use-powershell-to-audit-changes-made-to-exchange-server-2010.aspx . So you could export the Log every 5 minutes and check for changes etc. You can use the EMS Cmdlets from managed code using http://msdn.microsoft.com/en-us/library/exchange/ff326158(v=exchg.140).aspx

    One other suggestion if you do want something event based is Transport Rules are held in Active Directory under CN=Rules, CN=Transport Settings, CN=You Org Name, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC= container. So you could use change notifications in Active Directory http://msdn.microsoft.com/en-us/library/aa772153%28VS.85%29.aspx to monitor when a change is made.

    Cheers
    Glen

    • Marked as answer by ABBhagwat Tuesday, January 22, 2013 6:57 AM
    Tuesday, January 15, 2013 5:41 AM
  • Hi Glen,

    I was able to receive an event when I edited the object trhough ADSI(CN=Transport,CN=Rules,CN=Transport Settings,CN=exchtest,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myorg,DC=com)

    I have referred code from http://social.technet.microsoft.com/Forums/en/exchangesvrdevelopmentlegacy/thread/37575b5c-7a3e-4bc3-9329-d0b8d8b7b036

    Now I am trying to track changes when I will edit the transport rule throhg EMC or through powershell.             Regards,                                                                                                                                         Abhagwat

    Monday, January 21, 2013 2:16 PM
  • Well the Rules will always end up in Active Directory you need to allow for Replication convergence if you have a multi DC environment or watch for changes on every DC.

    Cheers
    Glen

    Tuesday, January 22, 2013 6:01 AM
  • HiGlen,

    Its observered that if I give below path


    CN=Rule1,CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=myorg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myorg,DC=com

    and do changes in Rule1 through EMC or powershell the code detects the changes but if I keep waiting on
    path CN=Rules,CN=Transport Settings,CN=myorg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myrog,DC=com
    also tried path CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=myorg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myorg,DC=com

    code dosen't detect the changes.

    I would like to get notified when rule is created or modified and cann't hard code the rule in path like Rule1 was hardcoded in successful scenario(above).
    I am right now on my own setup and have only one AD machine.
    Any idea what am I missing?

    Regards,
    Abhagwat

    Tuesday, January 22, 2013 6:20 AM
  • Hi Glen,

    I was giving wrong search it should be

    SearchScope.Onlever and not base and path will be

    "CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=MyOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyOrg,DC=com"

    Thanks for the help
    Regards,
    Abhagwat

    • Marked as answer by ABBhagwat Tuesday, January 22, 2013 11:40 AM
    Tuesday, January 22, 2013 6:57 AM