Exchange - Enabling Mailbox Auditing By Mailbox Type - Part 1

I enable mailbox auditing on all mailboxes in every Exchange environment I work on. Why? Because WHO MOVED MY CHEESE?!.
Actually it makes the exchange admin's life so much easier when dealing with users who come crying that "all my emails are gone!" Another reason, is 90% of the time the messages can be found in Recover Deleted Items, and my personal policy is to never restore Single Items from a backup; you deleted it...tough luck :)

In this 3 part series, I'll show you how to enable Mailbox Auditing by mailbox type; how much storage auditing actually consumes; and how to create a scheduled task to automagically set auditing when new mailboxes are created.

To enable auditing by mailbox type run the one or all of the following cmdlets:

User Mailboxes

Get-Mailbox -ResultSize Unlimited -Filter{RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled$true -AuditOwner SoftDelete,HardDelete

Linked Mailboxes

Get-Mailbox -ResultSize Unlimited -Filter{RecipientTypeDetails -eq "LinkedMailbox"} | Set-Mailbox -AuditEnabled$true -AuditOwner SoftDelete,HardDelete

Shared Mailboxes

Get-Mailbox -ResultSize Unlimited -Filter{RecipientTypeDetails -eq "SharedMailbox"} | Set-Mailbox -AuditEnabled$true -AuditOwner SoftDelete,HardDelete

Room Mailboxes

Get-Mailbox -ResultSize Unlimited -Filter{RecipientTypeDetails -eq "RoomMailbox"} | Set-Mailbox -AuditEnabled$true -AuditOwner SoftDelete,HardDelete

Equipment Mailboxes

Get-Mailbox -ResultSize Unlimited -Filter{RecipientTypeDetails -eq "EquipmentMailbox"} | Set-Mailbox -AuditEnabled$true -AuditOwner SoftDelete,HardDelete

**Note** We only specifically set the -AuditOwner options, because the following settings for AuditAdmin and AuditDelegate are already set by default:
Create, Folder Access, Hard/Soft Delete, Move/Move to Deleted, Send on Behalf, and Update

The auditing options can be found here so you can see what you want to set.

To enable auditing on all mailboxes in the environment, run:

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditEnabled $true

**Note** This cmdlet will take quite a while depending on how many mailboxes you have. Which is why I usually use the cmdlets above to apply by mailbox type.

Now, you have auditing enabled on all mailboxes or the types you want. In the next post I'll show examples of the storage used by auditing...teaser: it's not as much as you think ;)