Solved

I would like to know if there is a way to determine who deleted an OU?

Posted on 2006-07-06
2
246 Views
Last Modified: 2013-12-04
I know a similar question was asked, but I did not find those answers useful. Some logging is turned on. What logging needs to be tunred on to find this information? This morning an OU just dissappeared. We were able to catch it before it replicated to another site, and do an active directory authoritative restore from that DC. But I need to find out how that DC just dissappeared.
0
Comment
Question by:mspolter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
ID: 17057462
You need to be auditing success events for "Audit directory service access" to catch it, and of course the person deleting the OU needs to have used a personal user account.

For more info about auditing have a look at the Threats and countermeasures guide, chapter 3:

http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.mspx
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question