Someone has meddled with Active Directory users (has set email forwarding to external account)- how can I tell who? - Urgent!

swilliams_at_cromwells.co.uk
Date: 12/29/04

  • Next message: Lanwench [MVP - Exchange]: "Re: ThorConnWndClass Issue" 
    Date: 29 Dec 2004 05:07:18 -0800

    We recently had what appears to be someone logging onto the Exchange
    2000 server and setting any mail sent to two domain users to be also
    forwarded to an external recipient (Contact) that I had set up
    previously. This is the second time this has happened in 6 months, and
    meant the user whose Contact address this was, was getting mail
    destined for these 2 users- obviously a big security risk. Is there ANY
    way of finding out which domain user might have made the changes to the
    Active Directory objects for these users? Neither previously had any
    forwarding set up in Delivery Options.

    There doesn't seem to be anything in Event Viewer for this kind of
    change, and I can't see any way at all how Active Directory would
    choose to set up forwarding to an external recipient in this way.
    Furthermore this is the second time this has occurred and there appear
    to be patterns (personnel-wise) linking the two events. I'm almost
    completely certain that this is deliberate. I have been tasked with
    finding out who has done this as quickly as possible.

    This is extremely urgent, so any help anyone can give me would be much
    appreciated! Please reply to the thread or email me
    (swilli...@cromwells.co.uk). Thanks for your assistance.

  • Next message: Lanwench [MVP - Exchange]: "Re: ThorConnWndClass Issue"

    Relevant Pages