JSI Tip 7846. When you set the 'Delete All Child Objects' auditing entry for an Active Directory object in Windows Server 2003, the event log does NOT record deletion of the object?

The subject behavior occurs because you must set the Delete auditing entry when you set the Delete All Child Objects auditing entry.

NOTE: With the only the Delete All Child Objects auditing entry, the event log only records that an object has been deleted from a container.

When you set the Delete auditing entry and the Delete All Child Objects auditing entry, the event log records which object has been deleted and the container it was deleted from.

NOTE: See HOW TO: Audit Active Directory objects in Windows Server 2003.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish