- Provider
- MSExchange CmdletLogs
- Channel
- MSExchange Management
- Level
- 2
- Samples
- 1
Example Event
system:
provider: MSExchange CmdletLogs
guid: ''
event_source_name: ''
event_id: 6
version: 0
level: 2
task: 1
opcode: 0
keywords: 36028797018963968
time_created: '2021-06-04T08:43:08.546589+00:00'
event_record_id: 7187
correlation: {}
execution:
process_id: 0
thread_id: 0
channel: MSExchange Management
computer: exchange01.offsec.lan
security:
user_id: ''
event_data:
Data:
- Enable-TransportAgent
- -Identity "hack"
- offsec.lan/OFFSEC-COMPANY/Administrators/admmig
- S-1-5-21-4230534742-2542757381-3142984815-1111
- S-1-5-21-4230534742-2542757381-3142984815-1111
- Remote-ManagementShell-Unknown
- 8372 w3wp#MSExchangePowerShellAppPool
- ''
- '54'
- '00:00:00.0700039'
- 'View Entire Forest: ''False'', Default Scope: ''offsec.lan'', Configuration Domain
Controller: ''rootdc1.offsec.lan'', Preferred Global Catalog: ''rootdc1.offsec.lan'',
Preferred Domain Controllers: ''{ rootdc1.offsec.lan }'''
- "System.ArgumentException: Transport agent \"hack\" isn't found.\r\nParameter
name: Identity\r\n at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception
exception, ErrorCategory errorCategory, Object target, String helpUrl)\r\n at
Microsoft.Exchange.Management.AgentTasks.AgentBaseTask.SetAgentEnabled(String
identity, Boolean enabled)\r\n at Microsoft.Exchange.Management.AgentTasks.EnableTransportAgent.InternalProcessRecord()\r\n
\ at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()\r\n
\ at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName,
Action func, Boolean terminatePipelineIfFailed)"
- '5'
- ''
- NonLocalizedException
- ''
- ''
- 'False'
- ''
- 0 objects execution has been proxied to remote server.
- ''
- ''
- '0'
- 'ActivityId: 51b67026-685e-41b9-ad71-bc1e46db849b'
- ServicePlan:;IsAdmin:True;
- ''
- en-US
message: ''