SOLVED

PowerShell 2 - Need commandlet Search-UnifiedAuditLog

%3CLINGO-SUB%20id%3D%22lingo-sub-78501%22%20slang%3D%22en-US%22%3EPowerShell%202%20-%20Need%20commandlet%20Search-UnifiedAuditLog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-78501%22%20slang%3D%22en-US%22%3E%3CP%3EDisclaimer%20-%20Limited%26nbsp%3BPowershell%20experience%20and%20new%20to%20the%20community%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe've%20developed%20a%20script%20that%20runs%20on%20our%20local%20machines%20that%20pull%20O365%20audit%20logs%20using%20the%20commandlet%20Search-UnifiedAuditLog%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20local%20machines%20have%3A%3C%2FP%3E%3CP%3EWindows%2010%2064%20bit%20with%20Powershell%205%26nbsp%3Band%26nbsp%3B%3CSPAN%3E.NET%20Framework%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E4.6%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%26nbsp%3Bnow%20need%20to%20get%20the%20script%20to%20run%20on%20an%20older%20production%20server.%3C%2FP%3E%3CP%3EThe%20server%20is%20running%26nbsp%3BWindows%207%20SP1%2064%20bit%20with%20Powershell%202%20and%20.NET%20Framework%26nbsp%3B4.5.2%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20to%20provide%20precise%20instructions%20on%20what%20steps%20need%20to%20be%20taken%20in%20order%20to%20make%20this%20possible%20since%20this%20commandlet%20%3CSPAN%3ESearch-UnifiedAuditLog%20%3C%2FSPAN%3Eis%20not%20currently%20available%20on%20the%20server.%20%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunately%20the%20documentation%20I%20can%20find%20on%20this%20commandlet%20does%20not%20tell%20me%20exactly%20what%20I%20would%20need%20to%20do%20to%20make%20this%20happen.%20%26nbsp%3BIs%20it%20as%20simple%20as%20upgrading%20to%20a%20newer%20version%20of%20Powershell%3F%20%26nbsp%3BIs%20there%20a%20specific%20module%20I%20can%20add%20that%20would%20work%20in%20PS%202%3F%20%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fmt238501(v%3Dexchg.160).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fmt238501(v%3Dexchg.160).aspx%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20researching%20but%20any%20advice%20%2F%20suggestions%26nbsp%3Bare%20welcome%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-78501%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESearch-UnifiedAuditLog%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-84211%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%202%20-%20Need%20commandlet%20Search-UnifiedAuditLog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-84211%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20comment%3A%20PLEASE%20do%20not%20run%20a%20desktop%20OS%20(Win%207)%20on%20a%20Server!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInstall%20Posh%204.0%20(WMF%204.0%20and%20.Net%204.5%20or%20higher)%3C%2FP%3E%3CP%3EPosh%204.0%20is%20a%20prereq%20for%205.0.%3C%2FP%3E%3CP%3EThen%20upgrade%20to%20Posh%205.0%2C%20you%20will%20not%20regret%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EMarty%20Wiedmeyer%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-78921%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%202%20-%20Need%20commandlet%20Search-UnifiedAuditLog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-78921%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20information.%20%26nbsp%3BWhat%20I%20was%20failing%20to%20realize%20is%20that%20it%20was%20actually%20doing%20a%26nbsp%3BRemote%20PowerShell%20connection.%20%26nbsp%3BBased%20on%20the%20requriements%20we%20should%20only%20need%20to%20upgrade%20to%20minimum%20version%20of%20PowerShell%203%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-78526%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%202%20-%20Need%20commandlet%20Search-UnifiedAuditLog%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-78526%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20cmdlet%20is%20loaded%20via%20Remote%20PowerShell%2C%20so%20nothing%20specific%20is%20needed%20on%20the%20machine.%20Are%20you%20actually%20able%20to%20connect%20to%20SCC%20PowerShell%20on%20said%20machine%3F%20Can%20you%20use%20other%20SCC%20cmdlets%3F%20Or%20are%20you%20using%20it%20via%20ExO%20remote%20PowerShell%3F%20In%20any%20case%2C%20the%20requirements%20are%20listed%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fjj984289(v%3Dexchg.160).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fjj984289(v%3Dexchg.160).aspx%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Disclaimer - Limited Powershell experience and new to the community

 

We've developed a script that runs on our local machines that pull O365 audit logs using the commandlet Search-UnifiedAuditLog 

Our local machines have:

Windows 10 64 bit with Powershell 5 and .NET Framework 4.6

 

We now need to get the script to run on an older production server.

The server is running Windows 7 SP1 64 bit with Powershell 2 and .NET Framework 4.5.2

 

I need to provide precise instructions on what steps need to be taken in order to make this possible since this commandlet Search-UnifiedAuditLog is not currently available on the server.  

Unfortunately the documentation I can find on this commandlet does not tell me exactly what I would need to do to make this happen.  Is it as simple as upgrading to a newer version of Powershell?  Is there a specific module I can add that would work in PS 2?  

https://technet.microsoft.com/en-us/library/mt238501(v=exchg.160).aspx

 

I'm researching but any advice / suggestions are welcome

 

3 Replies
Highlighted
Solution

The cmdlet is loaded via Remote PowerShell, so nothing specific is needed on the machine. Are you actually able to connect to SCC PowerShell on said machine? Can you use other SCC cmdlets? Or are you using it via ExO remote PowerShell? In any case, the requirements are listed here: https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx

Highlighted

Thanks for the information.  What I was failing to realize is that it was actually doing a Remote PowerShell connection.  Based on the requriements we should only need to upgrade to minimum version of PowerShell 3

Highlighted

First comment: PLEASE do not run a desktop OS (Win 7) on a Server!

 

Install Posh 4.0 (WMF 4.0 and .Net 4.5 or higher)

Posh 4.0 is a prereq for 5.0.

Then upgrade to Posh 5.0, you will not regret it.

 

Regards,

Marty Wiedmeyer