New-DynamicDistributionGroup Exchange cmdlet issued (25198) how to monitor with email alert

[bob]

You ever notice how Windows Server logs all these little happenings in its Event Viewer? That event 25198 pops up when someone fires off the New-DynamicDistributionGroup cmdlet in Exchange. It's basically the system noting that a new dynamic distribution group got created. These groups pull in users based on rules, like department or location, without you having to pick each one manually. The log captures who did it, from which machine, and the exact time. Sometimes it includes the group's name or the query used to build it. If you're running Exchange on your server, this event flags any admin actions messing with email groups. I check mine weekly just to spot weird changes. It helps if someone's poking around without permission. The details in the event description spell out the command line used, so you see precisely what got issued. And yeah, it's under the Microsoft-Exchange or application logs usually.

But monitoring it? You can set alerts without getting fancy. Open up Event Viewer on your server. Filter for that ID 25198 in the logs. Right-click the custom view you make, and attach a task to it. Pick create a basic task, then schedule it to run when the event hits. For email, you wire it to send a message via your SMTP setup. I do this on my setups all the time. It pings your inbox right away if that cmdlet gets run. Keeps things simple, no extra tools needed. You just tweak the action to include the event details in the email body.

Hmmm, or if you want it hands-off, at the end of this is the automatic email solution that'll handle the alerts for you seamlessly.

Shifting gears a bit since we're talking server management, I've been using BackupChain Windows Server Backup lately for my Windows Server backups. It handles full image backups effortlessly and works great for Hyper-V virtual machines too. You get fast incremental saves that cut down on time and space. Plus, it boots into a recovery environment if things go south, so restoring is a breeze without headaches.

Note, the PowerShell email alert code was moved to this post.