If your Exchange organization has more than one administrators, and sometimes you need to know who did what, then you should use Exchange Administrator Audit Log.
When you enable Administrator Audit Log it will help you to keep a track of the changes made to any Exchange configuration like:
creating new mailbox, changing receive connectors, transport rules etc.
Those information are quite important during troubleshooting your Exchange environment.
In Microsoft Exchange 2010 RTM, Administrator Audit Log logged all operations to mailbox. When you enable audit log then you need to use parameter AdminAuditLogMailbox to specify mailbox to store all audit logs.
But with SP1 for Exchange 2010 you don’t need to use mailbox anymore.
Now all logs are stored in a hidden, dedicated arbitration mailbox.
To check if Administrator Audit Log is enabled we should use following command:
Get-AdminAuditLogConfig | FL
we will receive information about audit settings like below: