No announcement yet.

Moved AD Objects

  • Filter
  • Time
  • Show
Clear All
new posts

  • Moved AD Objects


    I was wondering if there is a way to see who is responsible for moving objects in Active Directory Users and Computers?

    We have a few different admins and we are wondering who has been moving AD objects into the inappropriate OU's. Is there a way to monitor this?


  • #2
    Re: Moved AD Objects

    I'm not sure about ways to monitor this, however this really sounds like a policy issue that needs technology to back it up. When dealing with human behaviour, you need to educate people first before putting restrictions in place, rather than just giving them a restriction to try to work around. Train your admins, and if there is someone who can't be trusted to carry out their job correctly then remove their administrative privilieges.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.


    • #3
      Re: Moved AD Objects

      you would need to have pretty extensive levels of auditing enabled. This can only be done before the issue, not in retrospect.

      And even if you audited absolutely everything every admin did, you'd need to have an entire security team whose sole task was sorting through those logs.
      Please do show your appreciation to those who assist you by leaving Rep Point


      • #4
        Re: Moved AD Objects

        Server 2008 will audit DS changes

        Works regardless of domain functional level provided the change is made on a 2008 DC
        Not turned on by default
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **


        • #5
          Re: Moved AD Objects

          <insert shameless plug>

          You may want to take a look at the free version that we give away on the site:

          Record RDP sessions, Monitor Citrix,Terminal,RDP,VPN and Monitor SSL

          </insert shameless plug>

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT


          • #6
            Re: Moved AD Objects


            Does it also monitor AD changes?
            Technical Consultant

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"