Many log entries are generated in Exchange Server 2007 if you turn on the Exchange log to audit the logons that do not use the primary account for shared resource mailboxes

In Microsoft Exchange Server 2007, you can turn on the Exchange log to audit the logons that use an account that is not the primary account for mailboxes. However, this feature logs all types of logons. Therefore, many log entries are generated if you turn on this feature. There is currently no efficient way for users to audit the logons to the shared resource mailboxes.

Note An example of this event is as follows:

Event ID 1016
Event Source MSExchangeIS Mailbox Store
Event Type Success Audit
Event Category Logons
Description Windows 2000 User <domain\user> logged on to <mailbox address> mailbox, and is not the primary Windows 2000 account on this mailbox.

To resolve this problem, install Update Rollup 8 for Exchange 2007 Service Pack 1.

For more information about Update Rollup 8 for Exchange 2007 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:

You can run the set-eventloglevel command in Exchange Management Shell to turn on the logging against the logon that resembles the following command: After you install this hotfix, Exchange 2007 server may audit successful access to a user folder in a mailbox. The details of the auditing event are as follows:

Event ID 10100
Event Source MSExchangeIS Auditing
Description The folder <folder name> in Mailbox '<mailbox name>' was opened by user <domain\user>
Display Name: <folder name>
Accessing User: <legacyExchangeDN of the mailbox user>
Mailbox: <legacyExchangeDN of the mailbox user>
Administrative Rights: xx
Client Information (if Available):
Machine Name: <machine>
Process Name: xx
Process Id: xx
Application Id: xx

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.