How does Get-ExchangeServer command internally working? Is It first try to login?

asked 2021-11-22T11:58:01.41+00:00
Krish Kamani 1 Reputation point

I am trying to run a PowerShell script. In that, I am using many commands like Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer.
So I need to know that every time When these commands trigger it will generate logon events and EventCode=4624 or EventCode=4672?

Can I find out the internal working of Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer commands? It will first try to log in?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,070 questions
No comments
{count} votes

4 answers

Sort by: Most helpful
  1. answered 2021-11-22T13:33:35.57+00:00
    Andy David - MVP 108.8K Reputation points Microsoft MVP

    Since you are already logged on to AD when these commands are run ( and would need to be whether connecting remotely or logging on directly to Exchange) , you wont see logon events each time the commands are run.

    No comments

  2. answered 2021-11-28T17:20:39.797+00:00
    Andy David - MVP 108.8K Reputation points Microsoft MVP

    Ok, that didnt answer my question :) Please post the full and complete events you are seeing - block out anything personal.

    Get-ClusteredMailboxServerStatus is not an Exchange 2019 command.

    No comments

  3. answered 2021-11-23T02:05:09.277+00:00
    Kael Yao-MSFT 21,501 Reputation points Microsoft Employee

    Hi @Krish Kamani

    To run these commands, you may either need to use Exchange Management Shell/Exchange management tools or remote powershell to connect to Exchange server.

    If you are using Exchange Management Shell/Exchange management tools, the device you are using to run the commands should be domain-joined.
    Only when you logon the device will a logon event be generated.

    If you are using remote powershell to connect to Exchange server, it would first prompt for credentials and then create a session for you to run the commands.
    Running the commands won't trigger logon events as long as the session is not expired or closed manually and you don't start a new session.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  4. answered 2021-11-27T04:52:04.983+00:00
    Krish Kamani 1 Reputation point

    Thanks for the update. I am using remote PowerShell to connect Exchange server.
    I have some PowerShell script that contains some exchange commands Get-ExchangeServer, Get-ClusteredMailboxServerStatus, Get-MailboxServer.

    This script runs a particular time period(Example: 5 minutes). After implementing this script we have observed an excessive amount of EventCode 4624 and 4672 generated.

    Is there any way to find out that the PowerShell script is generating EventCode 4624 and 4672 or another source?