Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


AD Account Deletion

Posted on 2009-12-16
Medium Priority
Last Modified: 2012-05-08
Hey all  --  Is there a way to figure out who deleted an AD Account?  An account magically went missing this morning.  Thanks
Question by:nyceuser
LVL 11

Accepted Solution

Batuhan Cetin earned 2000 total points
ID: 26062931
You can look at the event viewer security logs on the domain controller. Here is an example log for account deletion. Look for event id 630. Target account is the deleted account (TestAcc), caller user name is the account who deleted the account (administrator) :

Event Type:      Success Audit
Event Source:      Security
Event Category:      Account Management
Event ID:      630
Date:            12/16/2009
Time:            4:47:13 PM
User:            DM1\administrator
Computer:      DM1DC
User Account Deleted:
       Target Account Name:      TestAcc
       Target Domain:      DM1
       Target Account ID:      TestAcc
       Caller User Name:      administrator
       Caller Domain:      DM1
       Caller Logon ID:      
       Privileges:      -
LVL 57

Expert Comment

by:Mike Kline
ID: 26062932
Duplicate question....select "request attention" and ask the mods to delete this one so you don't get charged twice for your points

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question