Exchange Mailbox Audit Log Event ID 25010
25010: Operation SoftDelete - Delete Exchange mailbox item from Deleted Items folder
This is an event from
Exchange
audit event from
LOGbinder EX
generated by
.
On this page
Exchange SoftDelete action.
Free Security Log Resources by Randy
| Field |
Description |
| Occurred |
Date and time when Exchange registered the cmdlet. |
| Operation |
Operation performed on the mailbox. |
| Result |
Result of the operation:
- Failed
- PartiallySucceeded
- Succeeded
|
| Originating server |
The host name of the server. |
| Mailbox GUID |
Destination of move or copy (if applicable) - Mailbox's Globally Unique Identifier. |
| Mailbox owner |
Mailbox user resolved name in the format DOMAIN\SamAccountName. |
| Mailbox owner UPN |
Destination of move or copy (if applicable) - Mailbox owner's User Principal Name. |
| Mailbox owner SID |
Destination of move or copy (if applicable) - Mailbox owner's SID (Security Identifier). |
| Folder ID |
ID of affected folder (if applicable). |
| Folder name |
Name of affected folder (if applicable). |
| Performed user name |
Display name of the user who performed the operation. |
| Performed user SID |
SID of the user who performed the operation. |
| Performed logon type |
Logon type of the user who performed the operation. Logon types include:
|
| Client info |
Details that identify which client or Exchange component performed the operation. |
| Client IP address |
IP address of the client (e.g. Outlook). |
| Client process name |
Process name of the client application as reported by the client |
| Client version |
Version of the client application as reported by the client. |
| Items |
Item(s) affected by operation. |
| Additional information |
Additional information, if any (otherwise "n/a"). |
Supercharger Free Edition
Your entire Windows Event Collection environment on a single pane of glass.
Free.
This Event Is Produced By
Which Integrates with Your SIEM
Delete Exchange mailbox item from Deleted Items folder
Occurred: 1/20/2013 4:30:46 AM
Operation: SoftDelete
Result: Succeeded
Originating server: SP2010-EX1 (14.02.0328.009)
Mailbox
GUID: 9db94f90-97cb-425d-b6c8-48200020026f
Owner: n/a
Owner UPN: Administrator@sp2010.com
Owner SID: S-1-5-21-2141518605-3280587107-2299868870-500
Folder
ID: LgAAAACU/6drttwpRpk7rpQBqwiWAQB2IQyARlr2Rb5WUIG
WRjQaAAAAbBp2AAAB
Folder: \Deleted Items
Performed By
User name: Administrator
User SID: S-1-5-21-2141518605-3280587107-2299868870-500
Logon type: Owner
Client
Info: Client=WebServices;UserAgent=OwaProxy
IP address: 10.42.1.36
Process name: n/a
Version: n/a
Items:
Additional information: Owner= [Administrator]; LastAccessed= [2013-01-20T04:30:46.7329475-05:00]; LogonType= [Owner]; CrossMailboxOperation= [false]; SourceItems/Item/Id= [ RgAAAACU/6drttwpRpk7rpQBqwiWBwB2IQyARlr2Rb5WUIG
WRjQaAAAAbBp2AAB2IQyARlr2Rb5WUIGWRjQaAAAjvQG8AAAJ]; SourceItems/Item/Subject= [ testing]; SourceItems/Item/FolderPathName= [ \Deleted Items]
For more information, see http://logbinder.com/support
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection