Start Free Trial
Come for the solution, stay for everything else.
Start Free Trial
How to check in system if somone delete one of the ID in Active Directory?
Microsoft Legacy OS
8/22/2022 - Mon
Start with looking at the Security logs in Event Viewer. If logging is not on then you maybe able to find the deleted object but not who deleted it. Refer to link below for more information. Also note that recovery could be different depending on OS version, which version of OS are you running?
if you have not had auditing enabled it would be difficult but trolling through event viewer will give you a rough idea.
Security logs only keep 1 day data. Is there any file that can can be referred.? Our AD is on Windows 2003.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
What I would suggest is to implement a log management solution and for that I suggest you implement Splunk. With Splunk, all logs (or desired logs) will be indexed and kept on the Splunk server. You could create dashboards, alerts, reports, etc. For example your could enable a daily report of all items deleted objects or enable an alert which will send out an email anytime an object is deleted.
If your logs are keeping only day of data, you might want to check and see if you could increase the log file size or if it is set to keep 1 day's data then increase it.
Is there any other place such as system folder/log to check who is deleted the ID? My management want to trace who is the once to delete the ID.
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today
7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Is there any software that can trace/scan on the use of domain admin id in services, scheduler inside server.
to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
See the below url to find the deleted object details by running LDAP query,
hope this will help.
You are correct that with LDP you could search deleted items but it is a cumbersome and not very user friendly tool.
Plans and Pricing
Certified Expert Program
© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent