Solved

I would like to know if there is a way to determine who deleted an OU?

Posted on 2006-07-06
2
237 Views
Last Modified: 2013-12-04
I know a similar question was asked, but I did not find those answers useful. Some logging is turned on. What logging needs to be tunred on to find this information? This morning an OU just dissappeared. We were able to catch it before it replicated to another site, and do an active directory authoritative restore from that DC. But I need to find out how that DC just dissappeared.
0
Comment
Question by:mspolter
2 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
Comment Utility
You need to be auditing success events for "Audit directory service access" to catch it, and of course the person deleting the OU needs to have used a personal user account.

For more info about auditing have a look at the Threats and countermeasures guide, chapter 3:

http://www.microsoft.com/technet/security/topics/Serversecurity/tcg/tcgch00.mspx
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now