?
Solved

I would like to know if there is a way to determine who deleted an OU?

Posted on 2006-07-06
2
Medium Priority
?
250 Views
Last Modified: 2013-12-04
I know a similar question was asked, but I did not find those answers useful. Some logging is turned on. What logging needs to be tunred on to find this information? This morning an OU just dissappeared. We were able to catch it before it replicated to another site, and do an active directory authoritative restore from that DC. But I need to find out how that DC just dissappeared.
0
Comment
Question by:mspolter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 1500 total points
ID: 17057462
You need to be auditing success events for "Audit directory service access" to catch it, and of course the person deleting the OU needs to have used a personal user account.

For more info about auditing have a look at the Threats and countermeasures guide, chapter 3:

http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.mspx
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question