Re: "Who disabled the user" problem
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 29 Mar 2007 21:04:37 -0700
"Special Access" <nonyabidnezz@xxxxxxxxxxx> wrote in message
news:42ro03hf147fvv7u2bq5h5pb934uocsbi0@xxxxxxxxxx
On Thu, 29 Mar 2007 10:39:26 -0700, "Roger Abell [MVP]"
<mvpNoSpam@xxxxxxx> wrote:
"Special Access" <nonyabidnezz@xxxxxxxxxxx> wrote in message
news:r16m03hf1mlfbm4oq7di38dub3j5fu08la@xxxxxxxxxx
Although I have done several searches online and through the event
log...
Is there a way to tell who created a user, and who disabled a user in
Active Directory (2003 native mode). If not who did, how about what
do we need to set in order to tell who will (sometime in the future)
Mike
You should be getting audit events in the security logs provided
that Account Management auditing is enabled. You need to view
a consolidated event log from all DCs to really get the picture, as
these are logged on the DC where the action was taken.
Roger
I'll have to look and see if Account Mgt is audited. I know they have
auditing enabled, just not exactly what is being tracked as yet. I
really hate coming in on the tail end of a project, especially one
with little to no documentation on the setup.
Thanks again Roger. You have always tried to help me every time I
have posted a question. I appreciate it.
Mike
No problem, thanks.
Your comments reminded me of the sign in the auto shop,
Labor $50/hour I work on it first, $250/hour you work on it first.
Roger
.
- References:
- Re: "Who disabled the user" problem
- From: Roger Abell [MVP]
- Re: "Who disabled the user" problem
- Prev by Date: Re: IPsec Implementation
- Next by Date: Re: Password Filter Issue
- Previous by thread: Re: "Who disabled the user" problem
- Next by thread: IPsec Implementation
- Index(es):
Relevant Pages
|
