RE: [ActiveDir] Object Auditing

[Grillenmeier, Guido]

I'd have to check out myself if an OU move is possible to audit with the built-in auditing events - I'm pretty sure though it is possbile with AD specific auditing software such as NetPro's ChangeAuditor AD and Quest's Intrust for AD.   you may also want to disable drag & drop in your forest, simply by configuring the following (works for Win2003 SP1 - a pre-SP1 fix should be available as well): use ADSIEDIT, LDP or equivalent tool locate "flags" attribute of DisplaySpecifiers container in config. NC set bit 0 to 1 drag and drop now disabled /Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin (ITS) Sent: Donnerstag, 13. Juli 2006 20:25 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Object Auditing Is it possible to audit the creation/deletion and more importantly, the movement of OUs? One of our admins dragged and dropped an entire OU into another OU that had a desktop lockdown GPO linked to it, thereby locking down the PCs of a bunch of important people, and making them very upset.   I have Account Management and Object Access auditing on, but I don’t see anything on any of our DCs that show anything about the OU or any of its objects moving. Is there something else I need to enable to audit these types of events? Is it even possible?   Thanks,   Justin Clay ITS Enterprise Services Metropolitan Government of Nashville and Davidson County Howard School Building Phone: (615) 880-2573   ITS ENTERPRISE SERVICES EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.