This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 19%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
I am trying to run a PowerShell script. In that, I am using many commands like Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer.
So I need to know that every time When these commands trigger it will generate logon events and EventCode=4624 or EventCode=4672?
Can I find out the internal working of Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer commands? It will first try to log in?
Since you are already logged on to AD when these commands are run ( and would need to be whether connecting remotely or logging on directly to Exchange) , you wont see logon events each time the commands are run.
Ok, that didnt answer my question :) Please post the full and complete events you are seeing - block out anything personal.
Get-ClusteredMailboxServerStatus is not an Exchange 2019 command.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
To run these commands, you may either need to use Exchange Management Shell/Exchange management tools or remote powershell to connect to Exchange server.
If you are using Exchange Management Shell/Exchange management tools, the device you are using to run the commands should be domain-joined.
Only when you logon the device will a logon event be generated.
If you are using remote powershell to connect to Exchange server, it would first prompt for credentials and then create a session for you to run the commands.
Running the commands won't trigger logon events as long as the session is not expired or closed manually and you don't start a new session.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Just checking in to see if above information was helpful. Please let us know if you would like further assistance.
If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.
Thanks for the update. I am using remote PowerShell to connect Exchange server.
I have some PowerShell script that contains some exchange commands Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer.
This script runs a particular time period(Example: 5 minutes). After implementing this script we have observed an excessive amount of EventCode 4624 and 4672 generated.
Is there any way to find out that the PowerShell script is generating EventCode 4624 and 4672 or another source?
Please post the exact event code and details you are seeing - removing any personal information
Get-ClusteredMailboxServerStatus? Isnt that Exchange 2007?!!!
Thats way out of support
Event Code is 4624 and 4672
I am using Exchange Server 2019.