[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

I would like to know if there is a way to determine who deleted an OU?

Posted on 2006-07-06
2
Medium Priority
?
251 Views
Last Modified: 2013-12-04
I know a similar question was asked, but I did not find those answers useful. Some logging is turned on. What logging needs to be tunred on to find this information? This morning an OU just dissappeared. We were able to catch it before it replicated to another site, and do an active directory authoritative restore from that DC. But I need to find out how that DC just dissappeared.
0
Comment
Question by:mspolter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 1500 total points
ID: 17057462
You need to be auditing success events for "Audit directory service access" to catch it, and of course the person deleting the OU needs to have used a personal user account.

For more info about auditing have a look at the Threats and countermeasures guide, chapter 3:

http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.mspx
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question