Indie101
asked on
Without auditing enabled want to check who renamed an OU in AD
i would like the exact time in which to see the last change on an object name was changed and from which DC it orginated (there was a renaming of an OU without auditing enabled)
Michelangelo mentioned it was possible to do this and check the kerberos tickets as well an outline of this would be great
Michelangelo mentioned it was possible to do this and check the kerberos tickets as well an outline of this would be great
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships. Please checkout
https://www.netwrix.com/how_to_detect_changes_to_organizational_units_and_groups_in_active_directory.html
NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html
Quest: http://www.quest.com/changeauditor-for-active-directory/
https://www.netwrix.com/how_to_detect_changes_to_organizational_units_and_groups_in_active_directory.html
NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html
Quest: http://www.quest.com/changeauditor-for-active-directory/
@Sara,
That is very true, but you must have auditing enabled for those tools to function.
That is very true, but you must have auditing enabled for those tools to function.
If auditing is enable you can check the event log on DC to track the same.
https://www.lepide.com/how-to/audit-organizational-units-changes-in-active-directory.html
https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/
Active Directory Auditing Solution:
https://www.lepide.com/lepideauditor/active-directory-auditing.html
https://www.lepide.com/how-to/audit-organizational-units-changes-in-active-directory.html
https://blogs.technet.microsoft.com/askpfeplat/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn/
Active Directory Auditing Solution:
https://www.lepide.com/lepideauditor/active-directory-auditing.html
ASKER