asked on Is there a way to see which user made changes to AD integrated Zone in DNS?
Someone removed all of the A records from an AD Integrated zone in our DNS. Active directory is running in Windows 2003 mode. Is there any way to see which user account did this?
DNSActive DirectoryWindows Server 2003
Last Comment
GusGallows
This can only be accomplished if auditing is enabled. So if while changes were being made auditing was not enabled then there is no way to find out who deleted the entries.
For now you can use psexec and run
"net stop netlogon & net start netlogon"
"ipconfig /registerdns"
on remote computers so that they register themselves to the DNS.
For now you can use psexec and run
"net stop netlogon & net start netlogon"
"ipconfig /registerdns"
on remote computers so that they register themselves to the DNS.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks guys. I have verified that audit was not enabled, so there really is nothing I can do now but cleanup. In the case of this zone, it was only used for web sites, so reregistering the machines would not have helped as their are in a different zone. The problem we face is that we have way to many domain admins, some of them using shared accounts. We are fixing that this week. No more shared accounts for domain admins and rights will now be delegated fore everyone but a few of us.
Sandeshdubey, I am awarding you the points as that is very good information on how to enabled auditting and the possible side effects. Thanks guys.
Sandeshdubey, I am awarding you the points as that is very good information on how to enabled auditting and the possible side effects. Thanks guys.
More imporantly, unless you made changes, only administrators can typically access the DNS and remove items.
Have you verified you did not have some sort of DNS database crash or corruption?