Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/ESI-ExchangeAdminAuditLogs-...

453 строки
60 KiB
JSON
Исходник Ответственный История

[
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:03:19.865 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"MyCompany.de/Configuration/Services\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>20</Param><Param>00:00:00.0269965</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:03:20.8657036+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"MyCompany.de/Configuration/Services\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>20</Data><Data>00:00:00.0269965</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"MyCompany.de/Configuration/Services\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\". ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:03:19.764 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"2016-DB4\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"Receive-As\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>131</Param><Param>00:00:00.0289955</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: f59eff87-a1ea-40ab-917f-67d0d4a555af</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:03:19.7647160+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"2016-DB4\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"Receive-As\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>131</Data><Data>00:00:00.0289955</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: f59eff87-a1ea-40ab-917f-67d0d4a555af</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"2016-DB4\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"Receive-As\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:03:19.671 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>151</Param><Param>00:00:00.0379915</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:03:19.6717281+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>151</Data><Data>00:00:00.0379915</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:03:19.564 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"2016DB3-User1\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>20</Param><Param>00:00:00.0269960</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:03:19.5647417+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"2016DB3-User1\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>20</Data><Data>00:00:00.0269960</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"2016DB3-User1\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:03:19.451 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"2016DB4-User5\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>131</Param><Param>00:00:00.0499925</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: f59eff87-a1ea-40ab-917f-67d0d4a555af</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:03:19.4517570+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"2016DB4-User5\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>131</Data><Data>00:00:00.0499925</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: f59eff87-a1ea-40ab-917f-67d0d4a555af</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"2016DB4-User5\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:00:29.847 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"MyCompany.de/Configuration/Services\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>151</Param><Param>00:00:00.0480422</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:00:29.8473018+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"MyCompany.de/Configuration/Services\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>151</Data><Data>00:00:00.0480422</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"MyCompany.de/Configuration/Services\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\". ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:00:29.684 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"2016-DB4\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"Receive-As\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>20</Param><Param>00:00:00.0676950</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:00:29.6842904+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"2016-DB4\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"Receive-As\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>20</Data><Data>00:00:00.0676950</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"2016-DB4\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"Receive-As\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:00:29.419 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>20</Param><Param>00:00:00.1689879</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:00:29.4190916+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>20</Data><Data>00:00:00.1689879</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:00:29.152 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"2016DB3-User1\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"send as\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>151</Param><Param>00:00:00.0519967</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:00:29.1521100+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"2016DB3-User1\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"send as\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>151</Data><Data>00:00:00.0519967</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"2016DB3-User1\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"send as\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 7:00:28.339 PM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"2016DB4-User5\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"send as\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>151</Param><Param>00:00:00.3678994</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T20:00:28.3391559+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"2016DB4-User5\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"send as\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>151</Data><Data>00:00:00.3678994</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 746e1625-17f0-4803-94bb-6a812b9ba5e9</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"2016DB4-User5\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"send as\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:03:43.461 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"MyCompany.de/Configuration/Services\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>20</Param><Param>00:00:00.0329978</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:03:43.4610554+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"MyCompany.de/Configuration/Services\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>20</Data><Data>00:00:00.0329978</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"MyCompany.de/Configuration/Services\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\". ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:03:43.291 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"2016-DB4\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"Receive-As\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>118</Param><Param>00:00:00.0681455</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:03:43.2910633+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"2016-DB4\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"Receive-As\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>118</Data><Data>00:00:00.0681455</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"2016-DB4\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"Receive-As\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:03:43.152 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>118</Param><Param>00:00:00.0460019</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:03:43.1520739+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>118</Data><Data>00:00:00.0460019</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:03:43.019 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"2016DB3-User1\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>20</Param><Param>00:00:00.0409980</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:03:43.0190753+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"2016DB3-User1\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>20</Data><Data>00:00:00.0409980</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 16b1f27e-41d0-4400-b050-7ab19c5ebeaf</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"2016DB3-User1\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:03:42.902 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Remove-ADPermission</Param><Param>-Identity \"2016DB4-User5\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>131</Param><Param>00:00:00.0449945</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: f59eff87-a1ea-40ab-917f-67d0d4a555af</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:03:42.9020788+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Remove-ADPermission</Data><Data>-Identity \"2016DB4-User5\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>131</Data><Data>00:00:00.0449945</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: f59eff87-a1ea-40ab-917f-67d0d4a555af</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Remove-ADPermission, parameters -Identity \"2016DB4-User5\" -Confirm \"False\" -User \"2016DB4-User1\" -ExtendedRights (\"send as\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:00:22.461 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"MyCompany.de/Configuration/Services\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>118</Param><Param>00:00:00.0449988</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:00:22.4616988+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"MyCompany.de/Configuration/Services\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\"</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>118</Data><Data>00:00:00.0449988</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"MyCompany.de/Configuration/Services\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-Store-Admin\") -InheritanceType \"All\". ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:00:22.306 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"2016-DB4\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"Receive-As\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>118</Param><Param>00:00:00.0449988</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:00:22.3067060+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"2016-DB4\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"Receive-As\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>118</Data><Data>00:00:00.0449988</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"2016-DB4\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"Receive-As\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
},
{
"TenantId": "74ea6a49-7ec1-489b-941b-7bdb61aef216",
"SourceSystem": "OpsManager",
"TimeGenerated [UTC]": "11/15/2022, 11:00:22.065 AM",
"Source": "MSExchange CmdletLogs",
"EventLog": "MSExchange Management",
"Computer": "IT-X2016-04.MyCompany.de",
"EventCategory": "1",
"EventLevel": "4",
"EventLevelName": "Information",
"UserName": "N/A",
"Message": "",
"ParameterXml": "<Param>Add-ADPermission</Param><Param>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Param><Param>MyCompany.de/MyCompany/Admin/Jean-adm</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>S-1-5-21-666558943-2796267414-309129817-4228</Param><Param>Remote-PowerShell-Unknown</Param><Param>9952 w3wp#MSExchangePowerShellAppPool</Param><Param></Param><Param>118</Param><Param>00:00:00.0359975</Param><Param>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param></Param><Param>False</Param><Param></Param><Param>0 objects execution has been proxied to remote server.</Param><Param></Param><Param></Param><Param>0</Param><Param>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Param><Param>ServicePlan:;IsAdmin:True;</Param><Param></Param><Param>en-US</Param>",
"EventData": "<DataItem type=\"System.XmlData\" time=\"2022-11-15T12:00:22.0657163+01:00\" sourceHealthServiceId=\"8FA13E77-2880-C2BD-2048-0050C25A4755\"><EventData xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\"><Data>Add-ADPermission</Data><Data>-Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\")</Data><Data>MyCompany.de/MyCompany/Admin/Jean-adm</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>S-1-5-21-666558943-2796267414-309129817-4228</Data><Data>Remote-PowerShell-Unknown</Data><Data>9952 w3wp#MSExchangePowerShellAppPool</Data><Data></Data><Data>118</Data><Data>00:00:00.0359975</Data><Data>View Entire Forest: 'False', Default Scope: 'MyCompany.de', Configuration Domain Controller: 'IT-DC-02.MyCompany.de', Preferred Global Catalog: 'IT-DC-02.MyCompany.de', Preferred Domain Controllers: '{ IT-DC-02.MyCompany.de }'</Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data></Data><Data>False</Data><Data></Data><Data>0 objects execution has been proxied to remote server.</Data><Data></Data><Data></Data><Data>0</Data><Data>ActivityId: 22dc357b-6f56-433f-9f6e-836243eabf41</Data><Data>ServicePlan:;IsAdmin:True;</Data><Data></Data><Data>en-US</Data></EventData></DataItem>",
"EventID": "1",
"RenderedDescription": "Cmdlet suceeded. Cmdlet Add-ADPermission, parameters -Identity \"MyCompany.de/Exchange Servers/it-x2016-04\" -User \"2016DB4-User1\" -AccessRights (\"ExtendedRight\") -ExtendedRights (\"ms-Exch-EPI-May-Impersonate\"). ",
"MG": "00000000-0000-0000-0000-000000000001",
"ManagementGroupName": "AOI-74ea6a49-7ec1-489b-941b-7bdb61aef216",
"AzureDeploymentID": "",
"Role": "",
"ServiceNewState_CF": "",
"WindowsService_CF": "",
"Type": "Event",
"_ResourceId": ""
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку