Exchange 2K forwarding to external- need to know who has set this up on AD users - V. urgent!!!

We recently had what appears to be someone logging onto the Exchange
2000 server and setting any mail sent to two domain users to be also
forwarded to an external recipient (Contact) that I had set up
previously. This is the second time this has happened in 6 months, and
meant the user whose Contact address this was, was getting mail
destined for these 2 users- obviously a big security risk. Is there ANY
way of finding out which domain user might have made the changes to the
Active Directory objects for these users? Neither previously had any
forwarding set up in Delivery Options.


There doesn't seem to be anything in Event Viewer for this kind of
change, and I can't see any way at all how Active Directory would
choose to set up forwarding to an external recipient in this way.
Furthermore this is the second time this has occurred and there appear
to be patterns (personnel-wise) linking the two events. I'm almost
completely certain that this is deliberate. I have been tasked with
finding out who has done this as quickly as possible.


This is extremely urgent, so any help anyone can give me would be much
appreciated! Please reply to the thread or email me
(swilli...@cromwells.co.uk). Thanks for your assistance.

0
12/29/2004 12:18:25 PM
exchange.admin 57650 articles. 2 followers. Follow

1 Replies
286 Views

Similar Articles

[PageSpeed] 37

If you don't already have the logging in place, there is nothing that will 
help you detect who did this in the past.  In the future, there are a couple 
of things you "might" be able to do.

First, you can configure auditing in Active Directory.  Second, I'd 
recommend looking at some 3rd part producst.  I think GFI makes a product, 
and NetIQ also does.  Microsoft's MOM will also do monitoring, and there are 
some downloadable feature packs.  Bottom line is that this type of 
monitoring won't be cheap.  Turning on auditing is the first step, and can 
be done via Group Policies.

-- 
Ben Winzenz
Exchange MVP


"Sw" <swilliams@cromwells.co.uk> wrote in message 
news:1104322705.005473.180970@f14g2000cwb.googlegroups.com...
> We recently had what appears to be someone logging onto the Exchange
> 2000 server and setting any mail sent to two domain users to be also
> forwarded to an external recipient (Contact) that I had set up
> previously. This is the second time this has happened in 6 months, and
> meant the user whose Contact address this was, was getting mail
> destined for these 2 users- obviously a big security risk. Is there ANY
> way of finding out which domain user might have made the changes to the
> Active Directory objects for these users? Neither previously had any
> forwarding set up in Delivery Options.
>
>
> There doesn't seem to be anything in Event Viewer for this kind of
> change, and I can't see any way at all how Active Directory would
> choose to set up forwarding to an external recipient in this way.
> Furthermore this is the second time this has occurred and there appear
> to be patterns (personnel-wise) linking the two events. I'm almost
> completely certain that this is deliberate. I have been tasked with
> finding out who has done this as quickly as possible.
>
>
> This is extremely urgent, so any help anyone can give me would be much
> appreciated! Please reply to the thread or email me
> (swilli...@cromwells.co.uk). Thanks for your assistance.
> 


0
Ben
12/29/2004 6:55:02 PM
Reply:

Similar Artilces:

Need help for an Excel formula
I am creating a P+L and need a formula for this instance. I am reasonably profficient on this software but have never had to generate a spreadsheet like this. Could someone advise a formula for this instance: I have a units sold column which generates the rest of the P+L, but there are some variable fields. 40,000 units are ordered no matter what, and then any amount over this would require a reorder, but this can only be done in multiples of 2,500. so if I enter 51,000 in the units sold field, i need the order costs to calculate an order of 52,500 as it would not be possible to order...

NEED TO FIND FIRST " " FROM RIGHT
Help - I have a column in excel that contains names, such as: Joe Smith Joe E. Smith Joe Edward Smith, esq. etc I need to isolate the LAST WORD in the column, for example: Smith Smith esq. The only way I know how to do this is to search for the first " " - but I need to start the search from the RIGHT, not the LEFT. As far as I know, FIND function starts the search from the right... which isn't what I want. Can someone please tell me how to accomplish this task. THANK YOU =RIGHT(A1,LEN(A1)-FIND("^^",SUBSTITUTE(A1," ","^^",LEN(A1) -...

How do I change the %age view SETTING when opening files ?
When opening files/pages in Publisher 3000, how do I reset the settings (%ages on toolbar) so the pages open in the 100%, 150% or 200% as required ? The pages appear to open always in the 50% or 65% mode and I wish to automatically open in the 100% mode. Thanks. NFGLTD <NFGLTD@discussions.microsoft.com> was very recently heard to utter: > When opening files/pages in Publisher 3000, how do I reset the > settings (%ages on toolbar) so the pages open in the 100%, 150% or > 200% as required ? > > The pages appear to open always in the 50% or 65% mode and I wish to > aut...

Email forwarding routed to wrong mailbox
I have configured MS Exchange Server 2003 to route emails to individual mailboxes. We have just started forwarding emails from a new domain to our existing domain, these emails are all arriving in my mailbox rather than being routed to the correct mailboxes. Can anyone help? Is this SBS? Do you have the POP3 connector configured? Do you have journaling configured to route to your mailbox? Is your ISP sending the messages to your mailbox? What do the message tracking logs show? What do the SMTP protocol logs show? "Roger Morbey" <RogerMorbey@discussions.microsoft.com> wr...

Need info on scheduled meetings: time scheduled/who scheduled it
We have a situation where many people have access to the managers calendar and can scheule meetings. It would be very helpful to be able to identify not only who scheduled the original meeting (and the date/time) but also who modified meeting parameters after it was orignally scheuled. The current 'properties' tab only tells you the last time the file was modified, which is typically not very helpful. thanks "Joe Bruin" <Joe Bruin@discussions.microsoft.com> wrote in message news:126EFECB-58AF-4253-A53F-C629E4A354F7@microsoft.com... > We have a s...

Adding SMTP addresses to multiple users
Is there a way to add a new smtp address to a group of existing users (2000+) in an Exchange Organization / Active Directory Domain? Thanks. Why not create a Recipient Policy? Alternatively, check out admodify.net. http://www.gotdotnet.com/workspaces/workspace.aspx?id=f5cbbfa9-e46b-4a7a-8ed8-3e44523f32e2 -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- "bj" <bj@discussions.microsoft.com> wrote in message news:BE17E582-AA51-4FE1-859E-89CD6668770C@microsoft.com... > Is there a...

Adding drop down menus?
I am working in publisher to design a web site and we would like to add drop down menus off our navigation bar, is that possible and how? Amy wrote: > I am working in publisher to design a web site and we would like to add drop > down menus off our navigation bar, is that possible and how? Not without a whole world of pain and suffering. You don't want to go there. In fact, you don't really want to use Publisher for your website at all. Consider using a real website application like Expression Web (Microsoft product, costs money) or the free software Nvu (www.nvu.com). --...

Outlook 2003
Here's the problem: Every tiem I open Outlook it displays an error message that my Exchange server is unavailable. What I know: I know the Exchange server is up & running without any problems. The desktop computer is on the network and can browse and ping different devices. DNS is resolving names properly. Does anyone know what I can do to fix this? ...

Exchange 5.5 Store.exe Event ID 4097
The following Dr Watson error has occurred 3 times over the last 3 weeks - I cannot determine any pattern or trend: The application, store.exe, generated an application error The error occurred on 04/30/2004 @ 13:26:29.025 The exception generated was c0000005 at address 0042466B (<nosymbols>) ========================================================== Any assistance will be appreciated. I have the "Recovey Tab" set to restart on all failures, and it has been restarting OK... ======================================================== Here is the entire entry from the drWts...

CCSRCH tool on Exchange Mailboxes
CCSRCH tool on Exchange Mailboxes. This tool is suppose to go though files to see if there is credit card information in mailboxes. Has anyone had to run a tool like this? ...

adding subject line to e-mail template
I have depts in my company who weekly send me a spreadsheet of companys to receive a standard e-mail sent using Outlook 98. I created a DOT file in Word for the e- mail body. I set the mail format to Word and the template to the DOT file. Since the subject is the same for each e- mail, is there a way to add the subject line to the template? ...

Help with Exchange 5.5 Queue problem
Okay, first off, I inherited this Exchange server. It has been over 5 years since I last touched one of these. Client noticed that no e-mails were being sent out. I checked the IMC queues and they were packed full of email going to .tw, .fr, .de, etc. Disconnected the ethernet cable from the back of the box. Ran the much needed virus check and got rid of 225 Netsky and Beagle viruses. Reran a few times just to be on the safe side - server is clean (latest norton updates). And made sure that relaying was also turned off - just for fun. Cleaned out the queues (deleted the contents of the ...

Creating users with ADC / Exchange 5.5 #2
I installed the ADC on my DC and created all connection agreements. Now I can go into ADUC and create new users, but I don't see a mailbox being created for a user. Should that happen? If so, how long should it take? I tried sending an email to the user I created and the mailbox isn't found. Also, there are no Exchange tabs for the users name. ...

Open and Close external window
I am trying to open a help window, keep a handle on the window, so I can navigate to certain topics, then close it again later. I have the following code sitting behind a menu option: if (!m_wndHelp) { m_wndHelp = ::HtmlHelp(GetSafeHwnd(), cHelpFile, HH_DISPLAY_TOC , NULL); } else { if (IsWindow(m_wndHelp)) // make sure window is still valid { BOOL answer = ::DestroyWindow(m_wndHelp); DWORD words = GetLastError(); ::CloseWindow(m_wndHelp); m_wndHelp = NULL; } } The help window opens just fine, but the DestroyWindow call returns error code 5 - access denied. Is there an easier ...

Maximum users in Outlook Distribution List?
Hi, We're running Exchange Server 2003 with Outlook 2003 client. One user only has about 100 contacts in a distribution list he created in his contacts in Outlook locally, and now when he tries to add more users he gets the following message: "The distribution list has reached the maximum size for your network e-mail server. The new member could not be added." I have not set any distribution list limits anywhere that I'm aware of. Did I miss something? Is there an inherent limit to the number of users you can put in a local DL in Outlook 2003? I couldn't find any ...

Can we set the UI color scheme via VB[A} or XML?
Does anyone know a way to set the color scheme for the UI, using VB[A} or XML? Can this even be done? Thanks -- Garry Free usenet access at http://www.eternal-september.org ClassicVB Users Regroup! comp.lang.basic.visual.misc Sorry for not qualifying the Excel version. It's v12 or higher. -- Garry Free usenet access at http://www.eternal-september.org ClassicVB Users Regroup! comp.lang.basic.visual.misc ...

ads
adsf ...

French CAL on English Exchange?
Does any one know if it is possible to install French or Spanish CAL's on an English exchange server? Thank you ...

slow outlook after changed adress of exchange server
after we have migrated accounts from one to another mailserver the outlook2000 clients (after changing te settings) are very slow and sometimes they even hang. I supose there are some cached settings....but can's find them. Who can helpme out. P.S. deleting the profile and making a new one works, but there must be another way.... ...

Public Folder Nightmare-Exchange 2003 (Long)
I sure hope some one can help with this.. Part one of my issue I recently added a new Exchange 2003 server to our Ex2k native eniviroment. The Public folder hierarchy would not replicate properly until I sent the hierarchy manually through the ESM. Then, I tried to replicate a folder from the old Ex2k server. The folder showed up immediately on the 2k3 server in 'Public Folder Instances' but with 0 items and 0kb. No data would ever replicate; although new items being posted would go there fine. I built a test lab to try and replicate this behavior. I found that replication work...

how to permit the acces to an external program by default
Greetings to everybody I'm using Outlook 2003 and the external program PC Suite to sincronize my Sony Ericsson P910i cellular phone with Outlook. Everytime I start the sincronization appears an Outlook warning windows that tells me that an external program is trying to access the Outlook data. If I want the sincronization to work I have to confirm the permission for a restricted period of time (maximum 10 minutes). Is there a way to enable by defualt the permission to access the Outlook data without the window? Thank you for your attention Andrea -- Andrea "The DragonLord" Ago...

Moving Mailboxes from Exchange 2000 to 2003
Which is better to use, if any, to move mailboxes; admin tools (ADUC) for windows 2000 or the ADUC for windows 2003 when moving mailboxes from exchange 2000 to 2003? Just curious if they is any differance. I've noticed there are more events logged while moving under the 2003 version in my test enviorment which I like. Thanks John When i've done migrations i've always used the 2k3 version. Figured since that's where i was going i might as well use it. Functionally i don't think there is much difference other than perhaps the logging you pointed out. "John&quo...

Adding Lines Onto Charts #2
Hi, Thanks for the reply, Unfortunatley, this technique wont work with the way I have the graph laid out. It wipes out the layout of the bottom axis. Does anyone have any other idea's please? Thanks in advance Darrell... -- q582gmzh ----------------------------------------------------------------------- q582gmzhi's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=1136 View this thread: http://www.excelforum.com/showthread.php?threadid=26950 Hi, You can use an additional data series with error bars to draw the dividers. Using you example workbook put t...

Exchange 2000 Migration
We're looking to migrate the mailboxes and public folder data from an Exchange 2000 Server to a new installation of Exchange 2003. The current Exchange server has been running for several years, and we'd like to start fresh. Would performing an upgrade to the 2000 server then adding another 2003 server be the best course, or is there a better way to move the mailboxes over? I haven't seen much info on anything but a straight upgrade from 2000 to 2003... Any thoughts or suggestions would be appreciated. Thank you. Michael "Michael LaFayette" <lafayette@c...

Outlook 2K3, 1 SMTP acct, 1 Exchange Acct
So, I would like to configure outlook on my home pc to check my personal SMTP account as well as my work Exchange account. I can set them up in tandum fine but they all get dumped to the same inbox, and what's worse it it's not leaving my work emails on the exhange server as I would like. I could setup a filter based on To: to put emails into different folders but that doesn't really work across the board (BCC:, etc.). I would have thought the default behavior would be to have two Inbox folders under the different "Mailbox" expandable navigation menus in Outlook and p...