Is there anyway to find out which of my team disabled a students account?
Using windows 2000 server.
AD Users and Computers just date stamps last modified - but not who did it.
cheers.
Printable View
Is there anyway to find out which of my team disabled a students account?
Using windows 2000 server.
AD Users and Computers just date stamps last modified - but not who did it.
cheers.
You need to set up auditing but that doesnt help you after the fact I am afraid.
would you care to expand on that please.Quote:
Originally Posted by ChrisH
thanks.
Look for "Account Management" event types in the Security event log on the server's Event Viewer.
You can setup auditing to record certain events in AD. Its the same with files and folders. You have to enable it in group policy then set what you want to record elsewhere. Dont go to mad with selecting what you want to record though as you will end up with a full log. A quick google should supply you with a good guide :)
Just a thought, It may not have even been one of your team who deleted it, your security policies may have disabled it due to excessive invalid logins.
IndeedQuote:
Originally Posted by SYNACK
@OP was the account showing a little red X on the object (disabled) or was it just locked out?
OK.
I've edited the default domain policy:
computer config: windows settings : security settings : local policies : audit policy.
I've set to:
account logon events : Failure
account management : Success, Failure
logon events : Success
Audit system events : Success, Failure
I wondered if this look OK? Will I need to do anything to action this new logging on the DC?
Oh and yes the account was showing "disabled"....and no one seems to knlw who did it....quite worrying....got all the techie's to change their passwords.
Just Audit Account Management, set to Success and Failure should do the trick. Of course the only thing you must do is regularly check the Event Logs themselves!
Do you use the Account Expires function in Active Directory? It's under the Account tab.
I wouldn't audit successful logons! Say an average of 200 clients in use for 5 periods a day... 1000 events!!!
Hey heres and idea, how about you ask your team who did it and then beat them?
Ben