|Subject:||Re: Tracking "lost" Object In Active Directory|
|Posted by:||Florian Frommherz [MVP] (flori…@frickelsoft.DELETETHIS.net)|
|Date:||Mon, 17 Nov 2008|
> Somehow a computer (server) account was removed from active directory which
> meant that the server could no longer log in, although when we re-attached
> the server everything was OK I would like to learn from this so....
> I can see the computer in the deleted containter when I examine the domain
> controller :
> 1. Can I find out if the server was manually deleted and if so by who from
> where etc..
You need to turn on auditing in order to be able to track who and when
did delete accounts and objects in AD. It isn't enabled by default. The
information isn't kept with the object.
> 2. Can I see if the server was deleted due it being tombstoned (?)
You can - there are tools out there. Even tools that let you reanimate
deleted/tombstoned objects. Deleted objects are however hidden by default.
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
Tracking "lost" Object In Active Directory posted by newbie007 on Mon, 17 Nov 2008