Who made a change to a domain acounts privileges?
hi
a domain account sabotaged in environment , have been tasked to discover did it.
i have 60 dc's in geographically dispersed private cloud running win2k3. admins granted high level of trust pretty much all of them have domain admin rights.
it appears high level admin rights has modified users group memberships.
i have attempted search through logs on 1 of dc's without success.
thousands of security logs , search users name returns nothing.
it perfect if there tool similar lockoutstatus.exe
i have tried using eventcombmt, after long search no useful information returned (i don’t know how use it)
any appreciated
doug
hi
a domain account sabotaged in environment , have been tasked to discover did it.
i have 60 dc's in geographically dispersed private cloud running win2k3. admins granted high level of trust pretty much all of them have domain admin rights.
it appears high level admin rights has modified users group memberships.
i have attempted search through logs on 1 of dc's without success.
thousands of security logs , search users name returns nothing.
it perfect if there tool similar lockoutstatus.exe
i have tried using eventcombmt, after long search no useful information returned (i don’t know how use it)
you can find out when/where/what time using repadmin /showobjmeta, can found if auditing enabled prior change taken place. using repadmin /showobjmeta shows on dc changes has been made, can search dc's logs changes, else i'm not aware there method find out w/o dc's security logs.
awinish vishwakarma - mvp
my blog: awinish.wordpress.com
disclaimer posting provided as-is no warranties/guarantees , confers no rights.
Windows Server > Directory Services
Comments
Post a Comment