Programatically looging transport rule creation/change event RRS feed

  • Question

  • Hi,
    We are setting some transport rules on exchange server 2010, is there any way to programatically log these rule creation or change events? In short can I hook to something which will give me events of creation or modification of rule?


    Friday, January 11, 2013 6:41 AM


All replies

  • You can enable Administrative Audit logging which will log when particular EMS cmdlets are used directly or via ECP. There are not events for these log so you need to either poll them of watch the log files.


    Friday, January 11, 2013 10:35 AM
  • Hi Glen,

    Thanks for the reply, regarding audit logs I came to know through my same post on exchange server forum, but I was not aware of ECP thanks for that.

    You mentioned that I need  to poll them could you please elaborate?

    I have used EWS for reading the mailboxes, so some what familiar with exchnage programming but not so much.

    Can I put some windows hook to capture transport rule creation or modifcation?



    Monday, January 14, 2013 12:28 PM
  • EWS won't be helpfull in this instance as it's an API for accessing Mailboxes. You need to use the EMS cmdlets eg Search-AdminAuditLog also see . So you could export the Log every 5 minutes and check for changes etc. You can use the EMS Cmdlets from managed code using

    One other suggestion if you do want something event based is Transport Rules are held in Active Directory under CN=Rules, CN=Transport Settings, CN=You Org Name, CN=Microsoft Exchange, CN=Services, CN=Configuration, DC= container. So you could use change notifications in Active Directory to monitor when a change is made.


    • Marked as answer by ABBhagwat Tuesday, January 22, 2013 6:57 AM
    Tuesday, January 15, 2013 5:41 AM
  • Hi Glen,

    I was able to receive an event when I edited the object trhough ADSI(CN=Transport,CN=Rules,CN=Transport Settings,CN=exchtest,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myorg,DC=com)

    I have referred code from

    Now I am trying to track changes when I will edit the transport rule throhg EMC or through powershell.             Regards,                                                                                                                                         Abhagwat

    Monday, January 21, 2013 2:16 PM
  • Well the Rules will always end up in Active Directory you need to allow for Replication convergence if you have a multi DC environment or watch for changes on every DC.


    Tuesday, January 22, 2013 6:01 AM
  • HiGlen,

    Its observered that if I give below path

    CN=Rule1,CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=myorg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myorg,DC=com

    and do changes in Rule1 through EMC or powershell the code detects the changes but if I keep waiting on
    path CN=Rules,CN=Transport Settings,CN=myorg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myrog,DC=com
    also tried path CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=myorg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myorg,DC=com

    code dosen't detect the changes.

    I would like to get notified when rule is created or modified and cann't hard code the rule in path like Rule1 was hardcoded in successful scenario(above).
    I am right now on my own setup and have only one AD machine.
    Any idea what am I missing?


    Tuesday, January 22, 2013 6:20 AM
  • Hi Glen,

    I was giving wrong search it should be

    SearchScope.Onlever and not base and path will be

    "CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=MyOrg,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=MyOrg,DC=com"

    Thanks for the help

    • Marked as answer by ABBhagwat Tuesday, January 22, 2013 11:40 AM
    Tuesday, January 22, 2013 6:57 AM