How does Get-ExchangeServer command internally working? Is It first try to login?

Krish Kamani 1 Reputation point
2021-11-22T11:58:01.41+00:00

I am trying to run a PowerShell script. In that, I am using many commands like Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer.
So I need to know that every time When these commands trigger it will generate logon events and EventCode=4624 or EventCode=4672?

Can I find out the internal working of Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer commands? It will first try to log in?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,229 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Andy David - MVP 138.6K Reputation points MVP
    2021-11-22T13:33:35.57+00:00

    Since you are already logged on to AD when these commands are run ( and would need to be whether connecting remotely or logging on directly to Exchange) , you wont see logon events each time the commands are run.

    1 person found this answer helpful.
    0 comments No comments

  2. Andy David - MVP 138.6K Reputation points MVP
    2021-11-28T17:20:39.797+00:00

    Ok, that didnt answer my question :) Please post the full and complete events you are seeing - block out anything personal.

    Get-ClusteredMailboxServerStatus is not an Exchange 2019 command.

    1 person found this answer helpful.
    0 comments No comments

  3. Kael Yao-MSFT 36,836 Reputation points Microsoft Vendor
    2021-11-23T02:05:09.277+00:00

    Hi @Krish Kamani

    To run these commands, you may either need to use Exchange Management Shell/Exchange management tools or remote powershell to connect to Exchange server.

    If you are using Exchange Management Shell/Exchange management tools, the device you are using to run the commands should be domain-joined.
    Only when you logon the device will a logon event be generated.

    If you are using remote powershell to connect to Exchange server, it would first prompt for credentials and then create a session for you to run the commands.
    Running the commands won't trigger logon events as long as the session is not expired or closed manually and you don't start a new session.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  4. Krish Kamani 1 Reputation point
    2021-11-27T04:52:04.983+00:00

    Thanks for the update. I am using remote PowerShell to connect Exchange server.
    I have some PowerShell script that contains some exchange commands Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer.

    This script runs a particular time period(Example: 5 minutes). After implementing this script we have observed an excessive amount of EventCode 4624 and 4672 generated.

    Is there any way to find out that the PowerShell script is generating EventCode 4624 and 4672 or another source?