| Event Id | 1013 |
| Source | MSExchangeIS Private |
| Description | DOMAIN\User1 was validated as /o=ORG/ou=SITE/cn=Recipients/cn=User1 and logged on to /o=ORG/ou=SITE/cn=Recipients/cn=User2. |
| Event Information | According to Microsoft: To view this information, follow these steps: 1. Start the Microsoft Exchange Administrator program. 2. In the console tree, double-click Servers, right-click the server object, and then click Properties. 3. Click the Diagnostic Logging tab, and then in Services, click MSExchangeIS - Private. 4. In Categories, click Logons and Access Control, and then set the logging level to Maximum. 5. Click OK to apply the settings. You do not have to restart any of the services for event messages to be logged. |
| Reference Links | XADM: How to View Windows NT Accounts that Access Mailboxes in Exchange Server |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.