Dmitriy Shpilko - Fotolia

How can I delete Exchange audit logs?

Admins don't have to sidestep the default settings for deleting logs, but if needed, these PowerShell cmdlets will get the job done.

In general, removing audit logs is something you often don't need to do, and in most normal circumstances, have no valid reason to do so either. The benefit of the administrator audit logs is that as an Exchange admin, they provide you logs to prove what really happened in your environment. If for some reason your team is accused of doing something wrong, the admin audit logs will help prove your innocence. Likewise, if you have done something wrong, the logs will prove that this is the case and quite rightly serve as your downfall.

Equally a freshly cleaned out set of logs will prove suspicious in either situation and even if the original action cannot be proved, consciously going out of your way to find a solution to empty logs does not look good.

Fear not if you simply want to keep things tidy -- Exchange will do this for you. Logs older than the default of 90 days will automatically be removed from the Arbitration Mailbox, where the logs are stored.

To see your organization's current setting, use the Get-AdminAuditLogConfig cmdlet and examine the AdminAuditLogAgeLimit attribute.

If you really do want to empty the Exchange audit logs, you'll have to set the Age Limit to 0 days using the following cmdlet:

Set-AdminAuditLogConfig -AdminAuditLogAgeLimit 00.00:00:00

This will warn you of the implications before the log deletion continues; it states it will effectively delete all logs after approximately 60 minutes. After you have cleared the logs, you can revert back to the default setting using the following cmdlet:

Set-AdminAuditLogConfig -AdminAuditLogAgeLimit 90.00:00:00

However, you really don't need to do this. Unless you've got a really good reason for deleting Exchange audit logs, it's fine to just leave them as is.

Dig Deeper on Microsoft messaging and collaboration

Cloud Computing
Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Virtual Desktop