jyoung127
asked on
Windows 2012 Conputer account Deleted
Is there a way to find out what user account deleted a computer Account in AD?
Windows 2012 R2, Domain function level is at windows 2008.
Windows 2012 R2, Domain function level is at windows 2008.
Cliff Galiher
Auditing is not turned on by default, so unless you had previously configured it, no. That information is not logged or tracked. And since you are asking, it is usually a safe conclusion that auditing was never configured.
Have you enabled 2012 Ad Recycle Bin? If not, do so for future issues.
Plenty of articles on how to do this, for example:
http://blogs.technet.com/b/canitpro/archive/2013/04/10/step-by-step-enabling-active-directory-recycle-bin-in-windows-server-2012.aspx
Plenty of articles on how to do this, for example:
http://blogs.technet.com/b/canitpro/archive/2013/04/10/step-by-step-enabling-active-directory-recycle-bin-in-windows-server-2012.aspx
ASKER
Let me understand other than using windows Audit there is not other way of tracking who deletes a computer in AD? EX PowerShell?
I had auditing for users turn on but did not for computers.
I plan on Moving the function level of the domain to windows 2008 R2 soon so I can turn on Recycle bIn for AD.
I had auditing for users turn on but did not for computers.
I plan on Moving the function level of the domain to windows 2008 R2 soon so I can turn on Recycle bIn for AD.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.