Only way I know of getting this information is via audit logs. I know that Quests makes som enice tools that will track and capture directory access issues, etc etc and log them, alert on them, etc so you can track who is doing what in AD. MY best advice, Delegation of control wizard, deny what is not specifically needed for job function and audit those folks on what they shouldnt be doing, and maybe the logs will be less up for you. Logging everything and doing nothing with the info, is about as good as doing nothing at all. EZ
Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I,M.E,CCA,Network+, Security + email:[EMAIL PROTECTED] cell:401-639-3505 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mattingly, Garrett Sent: Friday, January 05, 2007 11:18 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD Auditing and Change Control Hi All, I was asked if there was a way to find out all changes performed in AD by a particular user account. The personal was wondering if there is a AD attribute to query on to do this. Natively I believe that event log auditing is about the only way you can track this information natively which is almost useless because the security log overwrites after a day or so. As far as I know in AD you have a creation and modified date on objects in AD but there is no "created by" or "modified by" attribute that I am aware of. I thought maybe object owner might be and attribute but I did not see this listed in ADSIEdit. This is basically a "How can we find out what this guy is doing or did?" problem. Questions: Is this even possible with native tools? Are there recommended 3rd party tools that could do this? I've heard of something call ECORA Auditor Pro, anybody use this? Thanks, Garrett