willlandymore
asked on
find out who deleted a group in AD (2008)
I have the basic auditing on our Domain Controller running server 2008. Someone deleted a couple of groups and I need to find out who.
How can I find out who removed those groups in Active Directory?
How can I find out who removed those groups in Active Directory?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
okay, I think I found it.
I think it's the "Audit Account Management" one but it says the default is to log success on Domain Controllers so that means if someone deleted the account I should have a success audit saying so
I think it's the "Audit Account Management" one but it says the default is to log success on Domain Controllers so that means if someone deleted the account I should have a success audit saying so
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yeah, if I knew which part of the tree it's showing up in that would be good so a picture might help. :)
It would be in the security log on the DC.
ASKER
okay, that's the one I'm looking through now
ASKER
thanks for the help
ASKER
Is the one for "Audit directory service access" the one that will show deletions and where does it show up in then event logs?