Update: Exchange 2007 audit script

In an attempt to resolve some issues with regards to the event logs, I have made a few updates to the Exchange 2007 audit script:

* I now use [System.Diagnostics.EventLog]::GetEventLogs() to collect the remote event logs and entries instead of WMI
* The output to the host displays exactly which event log it is busy reading.
* The date range seems more accurate now when the event log contains a large amount of data.
* The physical memory on the basic server information is now displayed as GB and is neatly rounded.
* The Mailbox stores are sorted in alphabetical order by Store Name.
* Added more verbose output to the console while the script runs, to give a better indication of what the script is busy with.

      I hope this resolves most of the problems for now, comments / suggestions are always welcome. The script can be downloaded from here:

      This script has been replaced by a later version, please check the following link, or download the updated version below:

      7 thoughts on “Update: Exchange 2007 audit script”

      1. Very cool stuff, love the .net event reading rather than WMI. Might be worth doing a measure-object on each one to see if there is a speed increase ?

      2. Hey Alan,

        Thanks for the comment.

        I actually used measure-object this morning and sadly it ran slower 🙁

        I am not sure if it is because it collects more data, or because I made more changes to the script. I’ll test this in depth next week with a script which only extracts event log entries in the two different ways.

        I’ll post the results of the test.


      3. Jean great HTML output.

        I have made some deletions and some additions that I believe other Exchange Admins would enjoy. Enterprise admins will love this all in one report.


        -Instead of an input file with the list of servers the you have the option to run against all v8 Exchange servers (2k7) just remove the # that you want to use.

        -all servers show on the same report instead of a single report per server. In my environment we have over 20+ Exchange servers so reviewing was rough. Now all servers are reported on the same report.

        -hide/unhide feature still being used but now you can view per server

        -General settings IP address field added- see PS2 for settings if you have multiple IPs

        -local disk size and free space (working on mountpoint reporting)

        -I split Mailbox stores into two different sections
        1. capacity – total mailboxes, edb size and whitespace
        2. backup status – isbkurunning, full and incremental

        -Eventlog. Pulling all events was too painful for me so I was just pulling certain events that I could tread (outside of SCOM)

        -Sizes all changed to GB

        -More detail/status during Host-Write..color coded for fun 🙂

        Warning on the whitespace as it can take a looong time if you have several SG and servers. First I look at the MBS name, then search in the eventlong for that name then output the whitespace. If there is a better way but this is the same way I did it with 2k3.

        If interested how can I get this file to you for review/share/post?


      4. Wow Joe!

        I missed this great comment somehow sorry.

        I would love to see this new improved version in action.

        Do you have a blog site where I could look at some sample output?

        If not, you can email me at jeanlouw – a t – gmail – dot – com.

        Thanks again for your great input!


      5. Hi Richard,

        Thanks for the comment; I always value and appreciate input and feedback.

        In our environment, we use a CCR cluster environment. We do however point the script to the virtual node instead of the individual cluster nodes as not all services and resources are available on the virtual nodes at all times.

        I used to do exactly the same for our Exchange 2003 cluster nodes (which would be similar to your SCC cluster) with the Exchange 2003 audit script, instead of auditing the individual cluster nodes; we let the script audit
        the virtual cluster node.

        I hope this answers your question, if there is something specific that you wish to audit on the cluster nodes, let me know, and I can gladly make an update to the script for you.
        I have not really done a lot of work on detecting clustered servers, and auditing the nodes for specific cluster related information. It might be useful to scan the nodes and check for cluster related event errors and errors in the cluster log, and it sounds like a fun project to take on.

        Thanks again for you feedback.


      6. Hi jean,

        I need a shell script that checks space volume mount point or audit script and check mount point of many servers and send e-mail, do you have this script?

        thank you for information.


      Comments are closed.