Netwrix Active Directory Change Reporter

Technorati Tags: Netwrix,Active Directory,Exchange,GPO,Report,Change auditing,Security auditing,Directory auditing,Systems Management,Compliance auditing,Configuration auditing

Auditing is one of the most complex activities of the Windows Active Directory. Monitoring the changes and reporting immediately makes it very challenging for administrators. I would say that Netwrix Active Directory Change Reporter is one of the best tools available in the market with comprehensive collection of features to audit changes in Active Directory and report on them. It has a very robust way of checking, if any modification/change was done to Active Directory objects. It uses both Active Directory event logs and also takes the Active Directory snapshot to compare the data and get a consolidated report on who made the changes, what was changed, when and where exactly. These changes are logged into a local database and are stored in the SQL server for reporting purposes. It is a unified solution for a complete Active Directory auditing, reporting and monitoring.

The Latest version of Netwrix Active Directory Change Reporter is 7.2.721 and it is available in two flavors, Freeware and the fully loaded Enterprise Edition. Free version has limited functionality features and can be used for an unlimited time period. Enterprise version has lots of auditing and reporting options which will make the life of an Active Directory administrator easier and allow him to get necessary data right in the finger tips. It can be evaluated free of charge for 20 days.

Netwrix Active Directory Change Reporter tool supports Active Directory starting from Windows 2000, Windows 2003, Windows 2008 and even the latest Windows 2012 Active Directory environment.

Requirements:

It has other basic technical requirements to function.

1. Intel or AMD Processor with Minimum of 2 GHz for 32 bit processor or 3 GHz for 64 bit    processor is recommended

2. Memory 2 GB and above

3. Minimum of 50 GB disk for installation and an addition space for user, event and other necessary logs.

4. Active Directory permission to query an Active Directory

5. SQL server – SQL server 2005 Express Edition or above with an advanced service of SQL server, SQL server reporting tool and permission to generate reports.

6. Group policy management console to audit Active Directory Group Policy.

Required details of the tool can be found below link.

http://www.Netwrix.com/download/QuickStart/Active_Directory_Change_Reporter_Quick_Start.pdf

Native Active Directory tools do not provide a great flexibility to audit Active Directory changes and to report immediately. Raw data generated by the Windows native tools are always difficult to understand, analyze and it is an extremely time consuming process to analyze tons of logs. Most the times it is too late to analyze the logs as they would be overwritten. Netwrix solution for Active Directory Auditing overcomes these problems by saving the data in the SQL server.

There are also agents available for installing on the domain controller and these agents are optional. It helps to compress the data across the network and it is necessary if a change reporting tool is collecting data over the slow network but it should not make much of a difference if you are on a high speed network. Definitely it would be recommended to have agents installed in order to make the best utilization of all available networks.

Netwrix Active Directory Change Reporter also has some supporting tools like Group Policy Change reporter and Exchange Change Reporter. These two go very well with the Active Directory Change Reporter. Group Policy changes are critical and must be executed very carefully. Any mistake in Group Policy changes can have a big impact and not everyone in the organization has permission to modify the Group Policy. Netwrix Group Policy Change Reporter comes in handy to get complete details of the GPO with the details like who made the change, when was it made and also has details about “before and after” values more modified settings.

Exchange Change Reporter is another additional great component. Exchange is one of the business critical application and any downtime will have a major impact on an organization. Exchange Change Reporter keeps track of any addition, deletion, modification of the exchange attributes and generates reports on the changes. It also provides details about “before and after” values. The tool supports the earlier version of an exchange like the Exchange 2003, 2007 and 2010. The latest version of the Exchange Change Reporter supports Microsoft Exchange Server 2013 environment, which is one of the latest promising product of Microsoft.

­­­­­­Let’s understand some of the features of Netwrix Active Directory Change Reporter and what it can do for us.

It provides in-depth change details about every Active Directory object, its attributes and also includes security changes. Changes can be addition, deletion or modification of Active Directory objects and It includes complete details like, who made the changed, what was changed and where.

It provides a real time reporting where an administrator or the security team can be notified with an email or SMS immediately after the change is detected. It also integrates with Microsoft SCOM using SCOM Management pack which captures Active Directory data and feeds into the SCOM for reporting and alerting. It also provides flexibility to integrate with other third party reporting tools available in your organization.

All reporting information is stored in SQL Server, where an administrator can manually query, generate custom and automated reports. Reporting is one of the key features and it can generate some predefined reports for the purpose of compliance regulations like SOX, HIPAA, GLBA, and FISMA. As these regulations require storing the data for later review the tool provides the long-term storage option. These long-term storages can be also at different servers other than the SQL server. By default, the long-term audit archiving is done for 24 months and these settings can be changed, if required. It can also generate daily reports with all the change details performed during the previous day. The product provides an administrator with a console view and gives a great flexibility to query and generate reports with ease.

Any kinds of accidental changes have to be rolled back immediately and this tool provides option to roll back all accidental or unwanted changes using roll back wizard. Performing this kind of roll back/restore operation using native windows tool is cumbersome and has many limitations. This tool performs a smooth, quick and an easy roll back from all kinds of accidental or unwanted changes. This overcomes any downtime, security risk or ill effects caused due to accidental changes.

It can be easily installed on any workstation with latest Windows OS like Windows 8 or on a server OS like windows 2012. It just has to be setup once and it runs forever. It can query and manage multiple domains from a single installed machine and can even manage multiple domains with its own unique settings. This gives lot of flexibility to manage and modify the settings based on the business requirement.

It provides an easy option to query and generate default and custom reports from the management console. It has got all necessary filters like timelines (from-date and to-date), types/kind of changes, where the changes were made and it also provides an option to specify an individual domain and individual forest. It has a great flexibility, which helps to get any data from any domain and any forest within no time. Finally, once you have all the data in the report then it can be easily exported into CSV, Excel, PDF, Word or even a Tiff format.

Reports come in an easy understandable format with color coding. Actions like adding, removing, modifying all highlighted with different colors. Most importantly, it gives clear information on who made these changes, when they were made and what was done. With this you can find all the necessary data/reports from one location and you really don’t have to depend on multiple logs or have in-depth knowledge to analyses and understand the logs from different locations.

Active Directory snapshot is one of the best features of this tool. It takes Active Directory snapshot at multiple points and keeps it in the database. It helps to look back at a specific AD object and what settings were in the past. These details can be viewed through reporting custom queries and these come under an advance reporting tool that requires some configuration before using it.

Real-time altering is one of the key components for any reporting tool to notify on any critical changes. By default Netwrix Active Directory Change Reporter provides the real-time alerts option for the below mentioned groups and you can also add more users or groups, if necessary.

· Changes to Admin Group

· Changes to Domain Configuration

· Changes to any Active Directory Object

These real-time alerts can be sent via email or a text message right to the mobile device.

Netwrix Active Directory Change Reporter is very easy to install and configure. It needs some necessary configurations to function as required and these configurations can be made easily using wizards. Supported by other tools like Group Policy Change Reporter and Exchange Change Reporter it provides a great management option for IT administrators and security team. It will save a lot of time and energy of the administrator helping to avoid writing custom scripts or manual/LDAP queries to get the data for auditing or management purposes.

With this, I would like to finish my article saying that “Netwrix Active Directory Change Reporter is a great tool which is helpful for IT administrators and security teams”.

Use this link download Netwrix Active Directory Change Reporter: http://www.netwrix.com/active_directory_change_reporting_freeware.html

Gal Sync between exchange 2003 and Exchange 2007 – Part 2

This article is continuation of part 1 to configure Gal Sync between Exchange 2003 and Exchange 2007.  Please refer this link before coming to part 2

3. Creating and Configure IIFP Management Agents

3.1. Creating and Configuring Red.com – GAL MA

1. Login to IIFP Server, open Identity Manager.

2. From the Tools menu, click Management Agents.

3. From the Actions menu, click Create.

4. In Management Agent Designer, in Management agent for, click Active Directory global address list (GAL) (from the pull down).

5. In Name, type “Red GAL MA” and click Next.

6. On the “Connect to an Active Directory forest” page, type the values for

7. Forest name = Red.com

8. User name = redgalsync

9. Password = xxxxx

10. Domain = Red.com

11. Click on options and clear the Sign and encrypt LDAP traffic check box and click Next

12. On the Configure Directory Partitions page, in Select directory partitions, select the only partition listed

13. Clear the Sign and encrypt LDAP traffic check box and select Containers

14. Clear the check box next to the directory partition to clear all organizational units under the directory partition

15. Select “Blue” and all other OU where users and DL accounts are based.

16. Click OK to and click Next

17. On the “Configure GAL” page click on Target container and select the “Contacts” OU which is under Blue OU and click on OK

18. Click on “Source” and select all the OUs where user’s mailbox and DLs are based and click on OK

19. Click on Edit under Exchange Configuration and add DNS suffix @blue.com and click on OK and click Next to continue

20. On the Select Object Types page, verify that the object types required for GAL synchronization are selected. Default settings are taken and Click Next.

21. On the Select Attributes page, verify that the attributes required for GAL synchronization are selected. Default settings are taken and Click Next.

22. On the Configure Connector Filter page, verify that the connector filters required for GAL synchronization are specified. Default settings are taken and Click Next.

23. On the Configure Join and Projection Rules page, verify that the four join and projection rules for GAL synchronization are specified. Default settings are taken and Next

24. In Configure Attribute Flow, verify that the five attribute flow mappings for GAL synchronization are specified. Default settings are taken and click Next

25. On the Configure Deprovisioning page, in Deprovisioning Options, verify that the Determine with a rules extension option is selected and click on Next

On the Configure Extensions page, in Assembly name, verify that the GALSync.dll file is specified and click on Finish

3.2. Creating and Configuring Blue.com – GAL MA

1. Login to IIFP Server, open Identity Manager.

2. From the Tools menu, click Management Agents.

3. From the Actions menu, click Create.

4. In Management Agent Designer, in Management agent for, click Active Directory global address list (GAL) (from the pull down).

5. In Name, type “Blue GAL MA” and click Next.

6. On the “Connect to an Active Directory forest” page, type the values for

7. Forest name = Blue.com

8. User name = bluegalsync

9. Password = xxxxx

10. Domain = blue.com

11. Click on options and clear the Sign and encrypt LDAP traffic check box and click Next

12. On the Configure Directory Partitions page, in Select directory partitions, select the only partition listed

13. Clear the Sign and encrypt LDAP traffic check box and select Containers

14. Clear the check box next to the directory partition to clear all organizational units under the directory partition

15. Select “Red” and all other OU where users and DL accounts are based.

16. Click OK to and click Next

17. On the “Configure GAL” page click on Target container and select “Contacts” OU which is under RED OU and click on OK

18. Click on “Source” and select all the OUs where red.com user’s mailbox and DLs are based and click on OK

19. Click on Edit under Exchange Configuration and add DNS suffix @red.com and click on OK and click Next to continue

20. On the Select Object Types page, verify that the object types required for GAL synchronization are selected. Default settings are taken and Click Next.

21. On the Select Attributes page, verify that the attributes required for GAL synchronization are selected. Default settings are taken and Click Next.

22. On the Configure Connector Filter page, verify that the connector filters required for GAL synchronization are specified. Default settings are taken and Click Next.

23. On the Configure Join and Projection Rules page, verify that the four join and projection rules for GAL synchronization are specified. Default settings are taken and Next

24. In Configure Attribute Flow, verify that the five attribute flow mappings for GAL synchronization are specified. Default settings are taken and click Next

25. On the Configure Deprovisioning page, in Deprovisioning Options, verify that the Determine with a rules extension option is selected and click on Next

On the Configure Extensions page, in Assembly name, verify that the GALSync.dll file is specified and click on Finish

4. Enable Provisioning

1. Open Identity Manager

2. From the Tools menu, click Options.

3. Under Metaverse Rules Extensions, ensure that the Enable metaverse rules extensions check box is selected.

4. In the box located next to Rules extension name, ensure GALSync.dll is present.

5. Select the check box next to Enable Provisioning Rules Extensions to enable provisioning rules extension to be used with the GAL synchronization management agent.

6. Click OK.

 

Hope you like the article 

Technorati Tags: GAl sync,IIPF,Exchange 2007,exchange 2003

Gal Sync between exchange 2003 and Exchange 2007 – Part 1

This document is to provide step by step instruction to GAL Sync between Red.com (Exchange 2003) and Blue.com (Exchange 2007 ) organization using IIFP SP2

This document is majorly divided into 4 parts

1. Installing and configuration IIFP

2. Preparing and configuring Active Directory on both Red.com and Blue.com

3. Creating and configuration MA Agents to create mail enabled contacts in both Active directory forest

4. Executing and scheduling MA profiles

Lets talk each of the parts in detail

1. Installing and Configuration IIFP

Follow these steps in order to build and setup IIFP on a Windows Server on any of the domain, either red.com or blue.com

1. Install Windows 2003 R2 enterprise edition and configure server as per best practice

2. Join the server to the domain

3. Install IIS, ASP.net 2.0

4. Install Microsoft SQL Server 2005 with SP1

5. Install Identity Integration Feature Pack SP2

6. Run Microsoft Updates to bring system up to latest patch levels.

2. Creating and Configuring Blue.com – GAL MA

2.1 Configuring Red.com Active Director

1. Login to Red.com domain controller

2. From Start, click Administrative Tools; click Active Directory Users and Computers.

3. Select View from the top drop down menu and select Advanced Features.

4. Create new user “RedGalsync” with password and ensure that password is set not to expire and not to change the password for next logon

5. Select RED.COM and right-click, select Delegate Control

6. On the Welcome to the Delegation of Control Wizard page click Next.

7. On the Users or Groups page click Add.

8. On the Select Users, Computers, or Groups dialog box type “RedGalsync” and click OK.

9. On the Users or Groups page click Next.

10. On the Tasks to Delegate page select create a custom task to delegate, and click Next.

11. On the Active Directory Object Type page except the defaults and click Next.

12. On the Permissions page select General, Property-specific, and Creation/deletion of specific child objects, under permissions select Replicate Directory Changes and Replication Synchronization, and click Next.

13. On the Completing to the Delegation of Control Wizard page click Finish.

14. Create new OU with the name “Blue” under root and create sub OU “Contacts”

15. Right-click the Contacts OU and select Properties.

16. On the Contacts Properties dialog box click Security.

17. On the Contacts Properties dialog box click Add.

18. On the Select Users, Computers, or Groups dialog box type “REDGalsync” and click OK.

19. On the Contacts Properties dialog box select Read, Write, Create All Child Objects, and Delete All Child Objects, and then click OK. Make sure to Apply to this child and all objects.

20. Open ADSIEdit and navigate to the container “Blue”

21. Right-click on OU “Contacts” and select Properties.

22. Click on the Security tab, and click Advanced.

23. Choose to Add an ACE.

24. Specify REDGalsync to apply the permissions to. This will display the permissions dialog.

25. Click on Properties.

26. Drop down the Apply Onto dropdown box and select Child Objects Only.

27. Scroll down and mark Write proxyAddresses – Allow.

28. Choose to save the properties. This permission will be applied to every child object whose Allow inheritable permissions from the parent to propagate to this object and all child objects option is selected. This is located in the user’s Advanced Security property sheet. Any user that does not have this selected will not have the permissions granted to it

 

2.2 Configuring Blue.com Active Director

1. Login to Blue.com domain controller

2. From Start, click Administrative Tools; click Active Directory Users and Computers.

3. Select View from the top drop down menu and select Advanced Features.

4. Create new user “BlueGalsync” with password and ensure that password is set not to expire and not to change the password for next logon

5. Select Blue.com and right-click, select Delegate Control

6. On the Welcome to the Delegation of Control Wizard page click Next.

7. On the Users or Groups page click Add.

8. On the Select Users, Computers, or Groups dialog box type “BlueGalsync” and click OK.

9. On the Users or Groups page click Next.

10. On the Tasks to Delegate page select create a custom task to delegate, and click Next.

11. On the Active Directory Object Type page except the defaults and click Next.

12. On the Permissions page select General, Property-specific, and Creation/deletion of specific child objects, under permissions select Replicate Directory Changes and Replication Synchronization, and click Next.

13. On the Completing to the Delegation of Control Wizard page click Finish.

14. Create new OU with the name “Red” under root and create sub OU “Contacts”

15. Right-click the Contacts OU and select Properties.

16. On the Contacts Properties dialog box click Security.

17. On the Contacts Properties dialog box click Add.

18. On the Select Users, Computers, or Groups dialog box type BlueGalsync and click OK.

19. On the Contacts Properties dialog box select Read, Write, Create All Child Objects, and Delete All Child Objects, and then click OK. Make sure to Apply to this child and all objects.

20. Open ADSIEdit and navigate to the container name “Red”

21. Right-click on OU “Contacts” and select Properties.

22. Click on the Security tab, and click Advanced.

23. Choose to Add an ACE.

24. Specify BlueGalsync to apply the permissions to. This will display the permissions dialog.

25. Click on Properties.

26. Drop down the Apply Onto dropdown box and select Child Objects Only.

27. Scroll down and mark Write proxyAddresses – Allow.

28. Choose to save the properties. This permission will be applied to every child object whose Allow inheritable permissions from the parent to propagate to this object and all child objects option is selected. This is located in the user’s Advanced Security property sheet. Any user that does not have this selected will not have the permissions granted to it

Exchange Autodiscover in a multi- forest environment

Most of the organization have Exchange multi-forest environment. Organization could be in multi forest environment because of the merger and acquisition or it could be because of security reason. Auto discover is the new feature introduced in Exchange 2007 and its been carried forward in all the subsequent version of exchange like Exchange 2010 and Exchange 2013.

Below link should give you good understanding on the information about

Exchange Autodiscover in a multi-forest environment  1

Exchange Autodiscover in a multi-forest environment 2

 

Hope you got some good understanding on Autodiscover in Exchange

Technorati Tags: autodiscover,multi forest,cross forest,scp,ldap

Exchange Jetstress – Determine maximum disk subsystem throughput

JetStress is a tool for Architects and administrator to test the storage if it can suites your requirement. Through understanding of the Jetstress is important. Proper desiging and right testing with Jetstress make your design a robust solution.

 

Link: Determine throughput of disk subsystem using Jetstress

Technorati Tags: Jetstress,throughput,disk,jbod,design,storage

How Outlook uses RPC and AB static ports to connect to Exchange

Technorati Tags: Exchange 2010,Outlook,RPC,AB,Static port,connection

Every one uses outlook and do you how outlook connect to the exchange server and how it access the emails from the server ?

Here is one of the article to give you a better understanding  on same.

Link : How outlook connects to Exchange server

 

Hope you like this article

Step by step Instructions for Subordinate CA Migration from Windows Server 2003 to Windows Server 2008 R2 – Part 1

Below are the step by step comprehensive Instructions for subroutine CA migration from Windows Server 2003 to Windows Server 2008 R2.
This article is published in three parts and in this part we will discuss more in details on about preparing of source and destination server for the migration

1. Preparing Source Server

Map network share in source server to copy backup files

Perform/Verify System state backup of Source CA

a. Verify and backup CA Template set

Open Command prompt

Type certutil.exe – catemplates > catemplates.txt

Verify the contents of catemplates.txt with the templates displayed in Certificate Authority snap-in

b. Verify and backup CA’s CSP and signature algorithm

Open Command prompt

Type certutil.exe –getreg ca\csp\* > csp.txt

Verify that the csp.txt contains CSP detaill

c. Publish CRL with extended validity period

Open Certificate Authority snap in

In the console tree right click “Revoked Certificates” and click Properties

Record the current CRL Publishing Parameters

Set the CRL Delta publishing interval to 2 days

Click on “Revoked Certificates” -> all task -> publish -> Delta CRL only

d. Backup CA DB and Private Key

Map shared network drive to take the backup

on Certificate authority snap-in right click point to All task and backup CA

On the Welcome page of the CA Backup wizard, click Next.

On the Items to Back Up page, select the Private key and CA certificate and Certificate database and certificate database log check boxes, specify the backup location, and then click Next.

On the Select a Password page, type a password to protect the CA private key, and click Next.

On the Completing the Backup Wizard page, click Finish.

After the backup completes, verify the following files in the location you specified CAName.p12 containing the CA certificate and private key Database folder containing files certbkxp.dat, edb#####.log, and CAName.edb

Open command prompt and type Net stop Certsvc to stop Certificate Service

e. Backup CA Registry

Click Start, point to Run, and type regedit to open the Registry Editor.

In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc, right-click Configuration, and then click Export.

Specify a location and file name, and then click Save. This creates a registry file containing CA configuration data from the source CA.

f. Remove source server

Launch Add or remove program

Click Add/Remove windows components and uncheck Certificate Services

Click next and finish

Remove source server from domain

Delete AD computer object

Rename source server to some temp name

2. Preparing Destination Server

Change destination server name to the initial source server name

Add destination server to domain

Map network share used in taking the backup on source server

a. Import the CA certificate

Start the Certificates snap-in for the local computer account.

In the console tree, double-click Certificates (Local Computer), and click Personal.

On the Action menu, click All Tasks, and then click Import to open the Certificate Import Wizard. Click Next.

Locate the <CAName>.p12 file created by the CA certificate and private key backup on the source CA, and click Open.

Type the password, and click OK.

Click Place all certificates in the following store.

Verify Personal is displayed in Certificate store. If it is not, click Browse, click Personal, and click OK.

b. Add CA and IIS roles on destination server

Log on to the destination server, and start Server Manager.

In the console tree, click Roles.

On the Action menu, click Add Roles.

If the Before you Begin page appears, click Next.

On the Select Server Roles page, select the Active Directory Certificate Services and Web Server (IIS) check box, and click Next.

On the Introduction to AD CS page, click Next.

On the Role Services page, click the Certification Authority check box, and Certification Authority Web Enrollment and click Next.

On the Specify Setup Type page, specify either Enterprise and click Next.

On the Specify CA Type page, select Subordinate CA, and click Next.

On the Set Up Private Key page, select Use existing private key and Select a certificate and use its associated private key.

In the Certificates list, click the imported CA certificate, and then click Next.

On the Configure Certificate Database page, specify the locations for the CA database and log files.

On the Confirm Installation Selections page, review the messages, and then click Install.

Hope you liked this article, please continue with the next part where we will discuss in details of the below

Part 2 – Restoring the Source from backups and Verifying the migration
Part 3 – Back Out procedure

Exchange tools for Every Exchange Engineers

I found a nice link which has all the necessary tool for exchange available. I am sure i will be using this in the futur

http://messagingschool.wordpress.com/2011/04/27/tools-for-exchange-server-200320072010/

Regards,

Krishna

Routing Group Connector configuration for Exchange 2003 to Exchange 2010 in Multi AD site environment

One of the common issue when you are transition from Exchange 2003 to Exchange 2010 in multi Ad site environment that there is no Routing group connector created for each of the AD site. Exchange 2010 would create one routing group connector in the Ad site during the installation of first Hub transport server in the environment. This might not happen in the subsequent installation of Hub servers in multiple AD sites where Exchange 2003 servers is also residing.

To avoid this scenario we need to create Routing group connector manually for each of the AD site. Below is the example to create new Routing Group connector for a particular AD site. We need to make sure we add multiple exchange 2010 hub server for the parameter SourceTransportServers and similarly multiple exchanges 2003 at parameter TargetTransportServers. These servers should be based on the particular AD site and it will not allow adding servers form multiple AD site. It’s also important to make sure Bidirectional is set to $true. This is because routing group connectors are unidirectional by default and it has to be enable bidirectional if it needs to route email both the side else we need create two routing group connector in each site and  swap the values of sourcetransportserver and Targettransportservers parameter. PublicFolderReferralsEnabled parameter would help public folder referrals to use routing group connectors. This is important if you want to replication public folder between exchange 2003 and exchange 2010

Below is the command to create new routing group connector for a specific AD site

New-RoutingGroupConnector -Name "connector name – AD site" -SourceTransportServers "Hub2010-01.contoso.com, Hub2010-02.contoso.com” -TargetTransportServers "Exch2003-01.contoso.com, Exch2003-02.contoso.com” -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true

As multiple routes exists in the organization between exchange 2003 and exchange 2010, this can cause looping. To avoid looping we need to suppress Link state updates. Below TechNet link has the registry update steps to suppress Link state updates

http://technet.microsoft.com/en-us/library/aa996728(v=exchg.141).aspx

Exchange Profile Analyzer for Exchange 2003 and 2007, what is there for Exchange 2010 ?

EPA is great tool to understand the current users profile and it’s fairly simple to run this tool and generate the result.

This tool cannot be used for Exchange 2010 as it uses WebDev to pull the data and Exchange 2010 does not support WebDev

Here is the PowerShell script from Rob Campbell which can get the similar stats from exchange 2010 servers as well. This will scan through all the transport servers’ logs from the previous day, and generate stats for each user, by primary smtp address, for

Total Messages and Bytes Sent
Unique Messages and Bytes Sent
Total Messages and Bytes Received
for both Internal and External emails.

http://gallery.technet.microsoft.com/scriptcenter/bb94b422-eb9e-4c53-a454-f7da6ddfb5d6#content