![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 72%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Microsoft Exchange Online
A Microsoft email and calendaring hosted service.
1,934 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 20%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Hi,
Welcome to Microsoft Q&A community!
Here’s a revised version of your PowerShell script:
$date = (Get-Date).AddDays(-30)
$Today = Get-Date
Search-UnifiedAuditLog -StartDate $date -EndDate $Today -RecordType ExchangeAdmin -Operations Add-DistributionGroupMember,Remove-DistributionGroupMember,Update-DistributionGroupMember -ObjectIds dl1@contoso.com -ResultSize 5000 | Export-CSV C:\temp\output.csv -NoTypeInformation -Encoding UTF8
Key Changes:
Date Variables: Use Get-Date directly without converting to a string.
RecordType: Specify ExchangeAdmin to focus on administrative changes.
Operations: Ensure the cmdlets are correctly specified.
ResultSize: Increase the result size to ensure you capture all relevant logs.
Any updates please be free to contact us!