Hi
If auditing is enable you can track the same by checking the event log.In order to find out changes, creation or deletion events, you must keep the Account Management auditing enabled..You cal also use repadmin
/showobjmeta to trace the same.
http://blogs.technet.com/b/ad/archive/2006/06/12/435501.aspx
http://technet.microsoft.com/en-us/library/cc742104%28WS.10%29.aspx
Tracing down user and computer account deletion in Active Directory
http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx
Auditing directory changes
http://blogs.dirteam.com/blogs/tomek/archive/2006/09/21/Auditing-directory-changes-aka-_2600_quot_3B00_Who-deleted-this-object_3F002600_quot_3B00_.aspx
Apart from the auditing, you can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships.
Please mark this as answer if it helps you
If auditing was enabled then yes. You can track the events in event viewer as long as they were not removed.
Tracking changes in AD is usually a difficult task if you do not using third party Tools to monitor changes. The one I usually recommend is Lepide Auditor Suite for Active Directory: http://www.lepide.com/lepideauditor/active-directory.html
Thanks for sharing your thoughts guys.
I will appreciate your contribution, this very helpful plateform as well.
@ Mr X, I have tested your recommended tool and it's works very cool, especially live-feed feature impressed me.
This topic is archived. No further replies will be accepted.
Other recent topics
