Solved

Can i see who changed a user account

Posted on 2011-09-06
9
324 Views
Last Modified: 2012-08-14
I have a user account in my AD that was changed 5 days ago - can I somehow see who made the change?
0
Comment
Question by:happyhenrik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Accepted Solution

by:
CWCertus1 earned 200 total points
ID: 36487041
If you have auditing enabled, it would be in the security log of the DC that it was changed on. Otherwise I'm afraid not.
0
 
LVL 9

Assisted Solution

by:jeff_01
jeff_01 earned 100 total points
ID: 36487059
Agree with CWCertus1, you need to have set active directory auditing to be able to see that.



0
 
LVL 11

Assisted Solution

by:Sanjay Santoki
Sanjay Santoki earned 100 total points
ID: 36487087
Hello,

To log account management event in event viewer, account management audit should be enabled from the audit policy. Once it is enabled you will have an even in security event log with category of Account Management.

Thanks,
Sanjay Santoki
Byte Technosys
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 100 total points
ID: 36487122
Hi,

you can use the audit log for the changes done in AD.

Other suggestion,
You can go for the third party tool
Quest Change Auditor.

This the tool we use for audit purpose... it works good for changes made in the object.

Regards,
Prem


0
 

Author Comment

by:happyhenrik
ID: 36487151
Auditing is enabled but the security log does only go back 5 minutes... Might need to look into that :)
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36487396
Ouch!
0
 

Author Comment

by:happyhenrik
ID: 36487449
Yeah... we have a consultant coming on friday who will help adjusting the logging :-)
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36488806
You can start preparing for the consultants visit

look at the settings for your event logs  

\Computer Configuration\Windows Settings\Security Settings\Event Log\

http://technet.microsoft.com/en-us/library/cc778402(WS.10).aspx

I'm guessing it is a combination of having too much logging and the log filling up too fast.  Let us know how it goes.


Thanks

Mike
0
 

Author Comment

by:happyhenrik
ID: 36521056
My consultant changed the logging friday morning, and now my security log goes back to friday \o/.

Later today we will adjust our SCOM monitoring to alert me when a user is changed.

Thx for your feedback - I will try to split the points :-)
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question