RE: How do I find out who disabled an account in AD?
From: Ed02862 (Ed02862_at_discussions.microsoft.com)
Date: 07/21/05
- Next message: Lance: "Avast AV critical vulnerability (FrSIRT)"
- Previous message: bryan: "Re: What is 2nd-thought.com?"
- In reply to: Wong Tuck Wah: "RE: How do I find out who disabled an account in AD?"
- Next in thread: Wong Tuck Wah: "RE: How do I find out who disabled an account in AD?"
- Reply: Wong Tuck Wah: "RE: How do I find out who disabled an account in AD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Jul 2005 08:06:03 -0700
We have "Audit account management" set to "success,failure. I don't see
"audit directory service object" in our AD group policy.
My question is what do I search for in the security log? Do I search for
the word "disabled"? I'm just looking in a TXT version of the exported
security event log, is there somewhere else within AD that I can look? Sorry
for all the questions, I'm really out of my league with this task.
Thanks
"Wong Tuck Wah" wrote:
> If you have enabled the "audit directory service object" policy, all access
> to AD objects will log in security log.
>
> Search for this disabled object and look at the details inform. Pay
> emphasize on the time, date, user and computer attributes. It will tell you
> the object is disabled by which user on which computer.
>
> HTH.
>
- Next message: Lance: "Avast AV critical vulnerability (FrSIRT)"
- Previous message: bryan: "Re: What is 2nd-thought.com?"
- In reply to: Wong Tuck Wah: "RE: How do I find out who disabled an account in AD?"
- Next in thread: Wong Tuck Wah: "RE: How do I find out who disabled an account in AD?"
- Reply: Wong Tuck Wah: "RE: How do I find out who disabled an account in AD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
