[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1000
  • Last Modified:

find out who deleted a group in AD (2008)

I have the basic auditing on our Domain Controller running server 2008. Someone deleted a couple of groups and I need to find out who.

How can I find out who removed those groups in Active Directory?
0
willlandymore
Asked:
willlandymore
  • 5
  • 2
2 Solutions
 
athomsfereCommented:
You have to have the auditing enabled when the object is changed, do you know if you have done this?

http://technet.microsoft.com/en-us/library/cc731607%28WS.10%29.aspx
0
 
willlandymoreAuthor Commented:
they're all listed as 'not defined' so I guess they haven't been turned on.

Is the one for "Audit directory service access" the one that will show deletions and where does it show up in then event logs?
0
 
willlandymoreAuthor Commented:
okay, I think I found it.

I think it's the "Audit Account Management" one but it says the default is to log success on Domain Controllers so that means if someone deleted the account I should have a success audit saying so
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Mike KlineCommented:
Yes if you have auditing configured then you will see that event telling you the group was deleted.  More info on the events here:

http://technet.microsoft.com/en-us/library/cc737542(WS.10).aspx

I can take a screenshot later this weekend from my lab if that helps

thanks

Mike
0
 
willlandymoreAuthor Commented:
yeah, if I knew which part of the tree it's showing up in that would be good so a picture might help. :)
0
 
Mike KlineCommented:
It would be in the security log on the DC.
0
 
willlandymoreAuthor Commented:
okay, that's the one I'm looking through now
0
 
willlandymoreAuthor Commented:
thanks for the help
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now