Re: [ActiveDir] OT: DNS entry

[Paul Williams]

If you've got the necessary auditing enabled in your domain, and you had auditing ACEs configured on the DNS zone (location depends, generally you'd set it on CN=MicrosoftDNS folder) then yes, you can.  But you'll have to search each DCs security event log for this info.   Otherwise, you can't get this info.  You can check the whenChanged attribute on the tombstoned record for a rough idea of when the deletion occurred and try and move from there by looking at logon events, again if you have auditing enabled.   If you're not using AD-Integrated DNS, then none of the above will really help.     --Paul ----- Original Message ----- From: James Carter To: ActiveDir@mail.activedir.org Sent: Friday, August 04, 2006 12:09 PM Subject: [ActiveDir] OT: DNS entry   We had a static Server DNS entry deleted over the weekend.   Is there anyway to find out who deleted this entry? This is a Windows 2003 R2 server/domain   thanks   JAmes Do you Yahoo!? Next-gen email? Have it all with the all-new Yahoo! Mail Beta.