Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Active Directory object modified

Posted on 2011-09-02
2
Medium Priority
?
244 Views
Last Modified: 2012-06-27
Hello,

I have an issue which someone might know how to deal with. Yesterday morning a user was able to connect with no problems.. This morning they try to log in to the domain and they are not being allowed. Checked the computer in the AD it looks like it was modified yesterday in the morning. Checked the security logs nothing out of an ordinary.

When I click information about that particular machine it says its Win 7 but in reality its Win XP. Any ideas of what happened? Can the account be reset? if so any way to check who reset the account?

I know removing it from the domain and puttting it back would fix this, but is there a way to find out what happened before doing this?

Many thanks
0
Comment
Question by:morlauskas
2 Comments
 
LVL 14

Expert Comment

by:Vinchenzo-the-Second
ID: 36472540
Have a look in the event viewer on the client, their might be something logged.
0
 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 36480835
The only way you can find anything is if auditing has been enabled else there is no other way.
http://awinish.wordpress.com/2011/06/15/auditing-only-auditing/
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question