Democratic presidential candidate Hillary Clinton violated federal records rules through her use of a private email server while she was secretary of state, a State Department audit has concluded.
"At a minimum, Secretary Clinton should have surrendered all emails dealing with Department issues before leaving government service," says an audit by the State Department Inspector General, obtained by NBC News.
"Because she did not do so, she did not comply with the [State] Department's policies that were implemented in accordance with the Federal Records Act."
The audit found that the non-compliance over personal email went beyond Clinton, and that former Secretary of State Colin Powell, a Republican, also failed to preserve government-related emails when he was secretary of state.
The State Department asked Powell to try to receive relevant emails from his internet provider, but "as of May 2016 the Department has not received a response" from Powell, the audit said.
Indeed, the report's conclusion cites "longstanding, systemic weaknesses" in electronic record-keeping "that go well beyond the tenure of any one secretary of state."
But the findings on Clinton are sure to reverberate through the 2016 presidential campaign, as her spokesman, Brian Fallon, noted in a statement.
"While political opponents of Hillary Clinton are sure to misrepresent this report for their own partisan purposes, in reality, the Inspector General documents just how consistent her email practices were with those of other Secretaries and senior officials at the State Department who also used personal email," Fallon said.
The State Department's auditors challenge some of the fundamental assertions Clinton has been making about why her use of personal email for government business was not improper.
A federal law requires the preservation of government records, and Clinton has said that since most of her emails were sent to people on the State Department system, she was complying.
But the audit says that "sending emails from a personal account to other employees at their Department accounts is not an appropriate method of preserving any such emails that would constitute a federal record."
Clinton has also said her use of a personal email server did not violate the rules at the time.
The audit says that none of the senior State Department officials in charge of information security were asked to approve Clinton's email arrangement. They would not have done so if asked, they said, according to the audit.
"It is clear that the Department could have done a better job preserving emails and records of Secretaries of State and their senior staff going back several administrations," the State Department said in a statement. "We also acknowledge the report's finding that compliance with email and records management guidance has been inconsistent across several administrations."
The report shows that Clinton was concerned about her personal emails messages becoming part of the public record.
In November 2010, Clinton aide Huma Abedin said they should "talk about putting you on state email," because her private server emails were not always being received.
Clinton replied: "Let's get separate address or device but I don't want any risk of the personal being accessible."
The audit says that some State Department officials tried to offer different solutions to Clinton's email situation but were rebuffed.
At one point, an official suggested Clinton carry two devices, but that suggestion was rejected.
Two information technology officials who support the secretary raised concerns about Clinton's use of personal email in late 2010 and raised the issue with their boss, the audit says.
The director of the unit that supported the secretary's information technology "instructed the staff never to speak of the Secretary's personal email system again."
This story first appeared on NBCNews.com.