+ Post New Thread
Results 1 to 8 of 8
Windows Thread, Who done it! in Technical; One of the OU's in active directory has been renamed. It can only be one of 3 people, Iím one ...
  1. #1
    ozydave's Avatar
    Join Date
    Jun 2007
    Posts
    245
    Thank Post
    70
    Thanked 34 Times in 23 Posts
    Rep Power
    31

    Who done it!

    One of the OU's in active directory has been renamed. It can only be one of 3 people, Iím one and its not me. The other are denying it? Is there a way to find out who done it Script or something?

    I would like to be humane about this so thumb screws are out, for the moment........

    The server is 2003 standard

    Cheers

  2. #2
    ahuxham's Avatar
    Join Date
    Apr 2008
    Posts
    1,122
    Thank Post
    76
    Thanked 138 Times in 109 Posts
    Rep Power
    30
    As far as I'm aware you can't as this happened to us a few weeks back.

    Four of us with Domain Admin accounts, 3 of which would never do it, as we wouldn't and we trust that fact and 1 that said it wasn't her, but it __HAD__ to be.

    Wasn't that bad apart from the fact Serco and ePortal died, and wouldn't revive. Took around 2 days with support from Serco to get it all going again.

    (Apparently if you change the OU's as registered in its configuration it won't start properly)

  3. #3
    ozydave's Avatar
    Join Date
    Jun 2007
    Posts
    245
    Thank Post
    70
    Thanked 34 Times in 23 Posts
    Rep Power
    31
    Not much of a deal really, would just like to know.

    I have the modified date which was 21st Friday
    Just need modified by..........

    Cheers

  4. #4

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    I don't think you can tell unless you had previously switched on auditing.

  5. #5
    ozydave's Avatar
    Join Date
    Jun 2007
    Posts
    245
    Thank Post
    70
    Thanked 34 Times in 23 Posts
    Rep Power
    31
    Any idea how to turn on auditing. too late this time but i'll get them next time?

    cheers

  6. #6

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    55
    Group Policy Management -> edit Domain Controllers policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policy -> Audit Policy -> Audit policy change

    Should show up in your DC security logs. Filter for event 566.

  7. #7

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,702
    Thank Post
    1,784
    Thanked 2,169 Times in 1,604 Posts
    Rep Power
    769
    Troubler with auditing is ... all you may find out it was renamed by Administrator unless you have that password firmly tucked away

  8. #8
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    Quote Originally Posted by elsiegee40 View Post
    Troubler with auditing is ... all you may find out it was renamed by Administrator unless you have that password firmly tucked away
    .. which is exactly why nobody should use the Administrator account. Best to create special 'ADM...' accounts specific to users that require extra access. Once you do this, then auditing can be configured to catch config changes.

SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •