You can use administrator audit logging in Microsoft Exchange Server to record actions taken by a user or administrator that make changes in your organization. By keeping a log of the changes, you can trace a change to the person who made it. You can also augment your change logs with detailed records of the change as it was implemented, use the records to comply with regulatory requirements and requests for discovery, and so on…. [source].
Yes, yes, the auditing is very useful. But I wanted to show you how could look a cmdlet statistic for a month:
PS C:\> Search-AdminAuditLog -StartDate $(get-date).addMonths(-1) -ResultSize 100000 -IsSuccess $true|select CmdletName| group CmdletName|sort count -Descending|ft count,name -a Count Name ----- ---- 12318 Set-MailboxFolderPermission 12307 Set-CalendarProcessing 8752 Set-MailboxAutoReplyConfiguration 5860 Set-Mailbox 678 Add-MailboxFolderPermission 645 Set-User 174 Add-DistributionGroupMember 163 Add-MailboxPermission 126 Remove-DistributionGroupMember 98 Remove-MailboxFolderPermission 89 Add-ADPermission 84 Remove-MailboxPermission 71 Enable-Mailbox 26 Set-InboxRule 24 Set-DistributionGroup 18 Clean-MailboxDatabase 16 Remove-ADPermission 16 Remove-Mailbox 16 Set-CASMailbox 8 New-MailContact 6 Remove-ActiveSyncDevice 6 Disable-Mailbox 5 Remove-MailContact 4 New-DistributionGroup 3 New-InboxRule 2 Remove-AcceptedDomain 2 Enable-DistributionGroup 2 Set-SendConnector 1 Update-Recipient 1 New-MoveRequest 1 Update-MovedMailbox 1 Add-PublicFolderClientPermission 1 New-SendConnector 1 Remove-DistributionGroup 1 New-MailboxSearch 1 Disable-InboxRule 1 Remove-InboxRule
Note: Cmdlets that begin with the verb Test, Get and Search aren’t logged by default.
