Solved

Active Directory Event Logs

Posted on 2010-11-10
3
236 Views
Last Modified: 2012-05-10
Hi

One of our System engineers moved a computer into another container in AD, which effected the user rights on aclients machine.

I need to prove that he moved the computer into this container,would  there be a log of this in events logs?

Thanks
0
Comment
Question by:Dan560
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 500 total points
ID: 34100993
AD Auditing would have to be enabled and you can comb through the event logs. You can use eventcomb to go through them



http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=5139
http://support.microsoft.com/kb/814595
http://support.microsoft.com/kb/308471
0
 
LVL 2

Author Comment

by:Dan560
ID: 34101004
Thanks, Would there still be a log of this?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34101940
It would all depend if you have logging enabled, how large your security logs are, and fast they roll over. You can use eventcomb to go through.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now