Re: Log Information

---

• From: "Missy Koslosky [MVP]" <missy@xxxxxxxxxxxxxxxxxx>
• Date: Tue, 19 Aug 2008 14:52:54 -0700

---

"matheusbh" <matheusbh@xxxxxxxxx> wrote in message news:02665e46-9e91-4abb-bedd-55e7e95a76c1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 19 ago, 14:47, Jamestechman <jamestech...@xxxxxxxxx> wrote:

You might be able to look in your security log if your DCs if you had
account managment auditing enabled for sucesses.

Event ID: 630
Type: Success Audit
Description: User Account Deleted:
Target Account Name: %1 Target Domain: %2
Target Account ID: %3 Caller User Name: %4
Caller Domain: %5 Caller Logon ID: %6
Privileges: %7

Security Event Descriptionshttp://support.microsoft.com/kb/174074

Audit account managementhttp://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/g...

James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com

On Aug 19, 1:29 pm, matheusbh <matheu...@xxxxxxxxx> wrote:



> Hi Dears,

> Some users are missing from my Exchange 2007 Organization, and gone
> away from Active Directory too.
> Somebody know another way to find in logs what`s happen with them?
> My log level was in lowest (now, i`d put some services in medium log
> mode).
> Some file, some thing?

> Thanks a lot, again!

> Matheus Cavalieri- Ocultar texto entre aspas -

- Mostrar texto entre aspas -

haven`t a exchange log, outside eventvwr?
this is our problem.... somebody turn off the log audit policies, and
we need to know when or where these mailbox was deleted.

Tks!

Matheus Cavalieri
---
Exchange uses event viewer for most of its logging. Without those logs, you're unlikely to discover what happened. Time to lock down who has administrative access to your servers. :(

Missy

.

---

• References:
  • Log Information
    • From: matheusbh
  • Re: Log Information
    • From: Jamestechman
  • Re: Log Information
    • From: matheusbh

• Prev by Date: Re: Email problem
• Next by Date: Re: Exchange System Manangement Tools??
• Previous by thread: Re: Log Information
• Next by thread: Public Folder Instances
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Account management audit ... if you add or remove a user account object from ... > Target Account ID: ICB\ralfeus ... > Caller Domain: ICB ... (microsoft.public.win2000.active_directory) Re: user accounts are reappearing ... is a policy setting called "audit account management" that you can enable. ... (microsoft.public.win2000.active_directory) Re: Find who added an account to domain admins group ... "Audit Account Management" ... "Audit directory service access" ... is enable by default for successes and will audit several actions ... An account 'magically' appears in the domain admins group. ... (microsoft.public.windows.server.active_directory) Re: ADAM Security Logging ... so if you look at the effective local security policy on the ADAM ... "Audit account management". ... account "Generate security audits" right in User Rights Assignment ... (microsoft.public.windows.server.active_directory) RE: 2 SBS2003 Questions... ... It is important to us that we provide you with the best support possible ... you can use the Account locked out policy in Group Policy to reach ... I suggest you enable User logon audit to monitor the event log to see ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.admin  > 2008-08