[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1001
  • Last Modified:

find out who deleted a group in AD (2008)

I have the basic auditing on our Domain Controller running server 2008. Someone deleted a couple of groups and I need to find out who.

How can I find out who removed those groups in Active Directory?
0
willlandymore
Asked:
willlandymore
  • 5
  • 2
2 Solutions
 
athomsfereCommented:
You have to have the auditing enabled when the object is changed, do you know if you have done this?

http://technet.microsoft.com/en-us/library/cc731607%28WS.10%29.aspx
0
 
willlandymoreAuthor Commented:
they're all listed as 'not defined' so I guess they haven't been turned on.

Is the one for "Audit directory service access" the one that will show deletions and where does it show up in then event logs?
0
 
willlandymoreAuthor Commented:
okay, I think I found it.

I think it's the "Audit Account Management" one but it says the default is to log success on Domain Controllers so that means if someone deleted the account I should have a success audit saying so
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Mike KlineCommented:
Yes if you have auditing configured then you will see that event telling you the group was deleted.  More info on the events here:

http://technet.microsoft.com/en-us/library/cc737542(WS.10).aspx

I can take a screenshot later this weekend from my lab if that helps

thanks

Mike
0
 
willlandymoreAuthor Commented:
yeah, if I knew which part of the tree it's showing up in that would be good so a picture might help. :)
0
 
Mike KlineCommented:
It would be in the security log on the DC.
0
 
willlandymoreAuthor Commented:
okay, that's the one I'm looking through now
0
 
willlandymoreAuthor Commented:
thanks for the help
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now