Start Free TrialLog in
Avatar of Panda 5888
Panda 5888

asked on 

Active Directory

How to check in system if somone delete one of the ID in Active Directory?
Microsoft Legacy OS
Avatar of undefined
Last Comment
Mohammed Khawaja
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image
Start with looking at the Security logs in Event Viewer.  If logging is not on then you maybe able to find the deleted object but not who deleted it.  Refer to link below for more information.  Also note that recovery could be different depending on OS version, which version of OS are you running?

http://www.petri.co.il/recovering-deleted-items-active-directory.htm
Avatar of Kash
Kash
Flag of United Kingdom of Great Britain and Northern Ireland image
if you have not had auditing enabled it would be difficult but trolling through event viewer will give you a rough idea.
Avatar of Panda 5888
Panda 5888

ASKER

Security logs only keep 1 day data. Is there any file that can can be referred.? Our AD is on Windows 2003.
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image
What I would suggest is to implement a log management solution and for that I suggest you implement Splunk.  With Splunk, all logs (or desired logs) will be indexed and kept on the Splunk server.  You could create dashboards, alerts, reports, etc.  For example your could enable a daily report of all items deleted objects or enable an alert which will send out an email anytime an object is deleted.

If your logs are keeping only day of data, you might want to check and see if you could increase the log file size or if it is set to keep 1 day's data then increase it.
Avatar of Panda 5888
Panda 5888

ASKER

Is there any other place such as system folder/log to check who is deleted the ID? My management want to trace who is the once to delete the ID.
ASKER CERTIFIED SOLUTION
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Panda 5888
Panda 5888

ASKER

Is there any software that can trace/scan on the use of domain admin id in services, scheduler inside server.
Avatar of Santosh Gupta
Santosh Gupta
Hi,

See the below url to find the deleted object details by running LDAP query,

http://support.microsoft.com/kb/258310

hope this will help.
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image
You are correct that with LDP you could search deleted items but it is a cumbersome and not very user friendly tool.
Microsoft Legacy OS
Microsoft Legacy OS

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

55K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent