Avatar of jyoung127
jyoung127
 asked on

Windows 2012 Conputer account Deleted

Is there a way to find out what user account deleted a computer Account in AD?

Windows 2012 R2, Domain  function level is  at windows 2008.
Windows Server 2012

Avatar of undefined
Last Comment
Cliff Galiher

8/22/2022 - Mon
Cliff Galiher

Auditing is not turned on by default, so unless you had previously configured it, no. That information is not logged or tracked. And since you are asking, it is usually a safe conclusion that auditing was never configured.
pjam

Have you enabled 2012 Ad Recycle Bin?  If not, do so for future issues.
Plenty of articles on how to do this, for example:
http://blogs.technet.com/b/canitpro/archive/2013/04/10/step-by-step-enabling-active-directory-recycle-bin-in-windows-server-2012.aspx
jyoung127

ASKER
Let me understand other than using windows Audit there is not other way of tracking who deletes a computer in AD?  EX PowerShell?

I had auditing for users turn on but did not for computers.

I plan on Moving the  function level  of the domain to windows 2008 R2 soon so I can turn on Recycle bIn for AD.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Cliff Galiher

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question