Who created/deleted an account/object in Active Directory
Posted on 2006-03-23
Our domain is still running AD 2000 with all 2000 servers. One of my administrators trusted to administer user accounts in AD accidentally deleted an important account. The deletion was discovered when we noticed that the account did not have the correct group membership and a three day old creation date. For some unknown reason no one wants to claim responsibility which is forcing us to find out who did it. We had auditing set to log Account Management success but for some reason nothing was logged on any server. If the person connected from their workstation via MMC it would not be logged their. Does anyone know of a way to find out who created or deleted an account/object in AD if Audit logging is not set or functioning properly? Currently we are using ldp.exe to trying and get some info but we are not developers who know serious AD internals. We also tried using repadmin with the /showobjmeta and found that showobjmeta is not available in 2K - only 2003. Any help would be welcome......