I need to specify the service account permission to read AAL(Administrator audit logging), what cmdlets are being used to collect AAL data?
Also you may see the following error in the daily summary report:
Connection with the Exchange server was interrupted: The term ‘Search-AdminAuditLog’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included verify that the path is correct and try again.
In order to collect AAL events the product uses the following cmdlets:
In order to run these cmdlets the service account should have permission (“Audit Logs” role assignment).
In order to check the Audit logs role assignment please use the following cmdlet:
- Get-ManagementRoleAssignment -Role “Audit Logs”
In order to provide Audit logs role assignment to the service account please run the following cmdlet: