Start Free Trial

asked on

Without auditing enabled want to check who renamed an OU in AD

i would like the exact time in which to see the last change on an object name was changed and from which DC it orginated (there was a renaming of an OU without auditing enabled)

Michelangelo mentioned it was possible to do this and check the kerberos tickets as well an outline of this would be great

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

I have the time of the change from a 3rd party tool does that help it narrowing it down

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

You can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships. Please checkout

https://www.netwrix.com/how_to_detect_changes_to_organizational_units_and_groups_in_active_directory.html

NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html

Quest: http://www.quest.com/changeauditor-for-active-directory/

@Sara,

That is very true, but you must have auditing enabled for those tools to function.

If auditing is enable you can check the event log on DC to track the same.

https://www.lepide.com/how-to/audit-organizational-units-changes-in-active-directory.html

https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/

Active Directory Auditing Solution:
https://www.lepide.com/lepideauditor/active-directory-auditing.html