I'd have to check out myself if an OU move is possible to
audit with the built-in auditing events - I'm pretty sure though it is possbile
with AD specific auditing software such as NetPro's ChangeAuditor AD and Quest's
Intrust for AD.
you may also want to disable drag & drop in your
forest, simply by configuring the following (works for Win2003 SP1 - a pre-SP1
fix should be available as well):
/Guido From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Clay, Justin (ITS) Sent: Donnerstag, 13. Juli 2006 20:25 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Object Auditing Is it possible to audit the creation/deletion and more importantly, the movement of OUs? One of our admins dragged and dropped an entire OU into another OU that had a desktop lockdown GPO linked to it, thereby locking down the PCs of a bunch of important people, and making them very upset.
I have Account Management and Object Access auditing on, but I don’t see anything on any of our DCs that show anything about the OU or any of its objects moving. Is there something else I need to enable to audit these types of events? Is it even possible?
Thanks,
Justin
Clay
|
- [ActiveDir] Object Auditing Clay, Justin \(ITS\)
- RE: [ActiveDir] Object Auditing Grillenmeier, Guido
- RE: [ActiveDir] Object Auditing Myrick, Todd \(NIH/CC/DCRI\) [E]
- Re: [ActiveDir] Object Audit... Matt Hargraves
- Re: [ActiveDir] Object A... Kamlesh Parmar
- RE: [ActiveDir] Object A... joe
- Re: [ActiveDir] Obj... Matt Hargraves
- RE: [ActiveDir]... joe
- Re: [Active... Matt Hargraves