Event ID - 1013

Event Id1013
SourceMSExchangeIS Private
DescriptionDOMAIN\User1 was validated as /o=ORG/ou=SITE/cn=Recipients/cn=User1 and logged on to /o=ORG/ou=SITE/cn=Recipients/cn=User2.
Event InformationAccording to Microsoft:
To view this information, follow these steps:
1. Start the Microsoft Exchange Administrator program.
2. In the console tree, double-click Servers, right-click the server object, and then click Properties.
3. Click the Diagnostic Logging tab, and then in Services, click MSExchangeIS - Private.
4. In Categories, click Logons and Access Control, and then set the logging level to Maximum.
5. Click OK to apply the settings. You do not have to restart any of the services for event messages to be logged.
Reference LinksXADM: How to View Windows NT Accounts that Access Mailboxes in Exchange Server

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.