How to specify Exchange Server to collect Administrator Audit Log

Active Directory
6.5 and older
Copy Article URL Copied

If for some reason you cannot configure IIS (steps 5-8 from Procedure 16 of the Installation and Configuration Guide attached to this article) on all Exchange Servers in your organization, it is enough to configure it on just one Exchange Server.   You can specify the Exchange Server with configured IIS to be used by Netwrix products to avoid the Administrator Audit Log error appearing in reports.

In order to specify properly configured servers to the product, perform the following steps:

  1. On computer where Netwrix host resides, navigate to the C:ProgramDataNetWrixAD Change ReporterOmitlists%Managed object name% folder.
  2. Add the properly configured server’s FQDN to the aal_serverlist.txt file. (Each server’s FQDN in a separate line).
  3. Click Start -> Run and type regedit to open Registry Editor.
  4. Navigate to the following folder depending on your operating system:
    • 32-bit OS: HKLMSOFTWARENodeNetWrixAD Change ReporterAALCollectionVersion
    • 64-bit OS: HKLMSOFTWAREWow6432NodeNetWrixAD Change ReporterAALCollectionVersion
  5. Check that the AALCollectionVersion key value is set to 1.

Explanation: In this scenario the first server where the product will try to get the Administrator Audit Log will be the first server from the aal_serverlist.txt. If all servers from aal_serverlist.txt fail to provide the Administrator Audit Log, the product will try to collect the Administrator Audit Log from other Exchange Servers in your organization, and the Administrator Audit Log error can appear in the report.

Go Up