|Subject:||Re: Determining who modified and AD User account|
|Posted by:||Herb Martin (ne…@LearnQuick.com)|
|Date:||Wed, 24 Jan 2007|
"Phillip McIntosh" <PhillipMcInto…@discussions.microsoft.com> wrote in
> Is there a way to determine who modified an AD user object?
> I can find scripts to determine when it was created and when it was
> but I would like to know who modified it.
Maybe for creating the object since the owner will be the one
who created it but may just say "Administrators".
For everything else or if the above isn't detailed then you will
need to enable either: "Account Management Auditing" OR
Directory Service OBJECT auditing.
Neither of these is retroactive -- won't do you any good for
changes that have already occurred.
Technically "Account Management Auditing" will only tell you
about certain types of objects and certain types of changes but
these are the most commonly useful or needed items.
For DS Object auditing you will also have to SET ACLs on the
individual objects (or trees) which works almost exactly like
doing this for Files and Directories in NTFS.
Herb Martin, MCSE, MVP
(phone on web site)
Determining who modified and AD User account posted by Phillip McIntosh on Tue, 23 Jan 2007