Re: Last to Modify
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 03/05/05
- Next message: Joe Richards [MVP]: "Re: Needing advice for administrative rights...."
- Previous message: Cheryl: "Needing advice for administrative rights...."
- In reply to: Will Schneider: "Re: Last to Modify"
- Next in thread: Will Schneider: "Re: Last to Modify"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 05 Mar 2005 11:16:04 -0500
No that attribute doesn't exist.
As for the specific time, look at the replication metadata, it will tell you at
what time the change was made and what DC it was made on. (repadmin /showmeta
objectdn)
There is also a specific last modified time, it is called whenChanged or
modifyTimeStamp. Note though that that is DC specific and not replicated, it
will tell you when a change hit a specific DC but doesn't tell you when it was
actually made. If you check the DC that was actually modified, it will tell you
the exact time the mod occurred, otherwise it is the time the mod replicated
into the DC you query.
The audit log question is moot though unless you have AD changes being logged
and most people don't do that due to overhead.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Will Schneider wrote: > What I'm hoping for also is a "last modified by" attribute on the user > object. Does that exist in AD, or is there any attribute that would at > least point the audit log to a specific time? A "last modifed time" would be > great as well. > > Thanks for the great info! > > Will > > "Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message > news:%23T4fuINIFHA.3332@TK2MSFTNGP14.phx.gbl... > >>Hello, >>To track changes within Active Directory you have to enable auditing. >>There are two rights for manage password. Rest Password and Change >>Password, By default only the user it self can Change the Password. If >>some one has rest the password for the particular account the security >>context (account) it was made as must have this right delegated as well. >> >>The links below may can be helpful to enable auditing. >> >> >>Audit Policy >>This module describes how to set different settings that apply to >>auditing. >>It also provides an example of audit events created by several common >>tasks. >>http://www.microsoft.com/technet/security/guidance/secmod50.mspx >> >>Microsoft Security: Threats and Countermeasures Guide - Audit Policy >>An audit log records an entry whenever users perform certain actions that >>you specify. For example, the modification of a file or a policy can >>trigger >>an audit entry. >>http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch03.mspx >> >>Microsoft Windows XP - Audit Policy >>This section covers:... >>http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/aptopnode.mspx >> >>814595 - HOW TO: Audit Active Directory Objects in Windows Server 2003 >>This step-by-step article describes how to use Windows Server 2003 >>auditing >>to track user activities and system-wide events in Active Directory. When >>you use Windows Server 2003 auditing, you can track both user activities >>and >>Windows Server 2003... >>http://support.microsoft.com/default.aspx?scid=kb;en-us;814595 >> >>314955 - HOW TO: Audit Active Directory Objects in Windows 2000 >>This step-by-step article describes how to use Windows 2000 auditing to >>track user activities and system-wide events in Active Directory. When you >>use Windows 2000 auditing, you can track both user activities and Windows >>2000 activities, which are... >>http://support.microsoft.com/default.aspx?scid=kb;en-us;314955 >> >>HOW TO: Enable Local Security Auditing in Windows 2000: >>http://support.microsoft.com/default.aspx?scid=kb;en-us;248260 >> >>HOWTO: Enabling Local Auditing Policies on Windows 2000: >>http://support.microsoft.com/default.aspx?scid=kb;en-us;252412 >> >> >>-- >>Regards >>Christoffer Andersson >>Microsoft MVP - Directory Services >> >>No email replies please - reply in the newsgroup >>------------------------------------------------ >>http://www.chrisse.se - Active Directory Tips >> >>"Will Schneider" <william.c.schneiderTAKETHISOUT@uth.tmc.edu> skrev i >>meddelandet news:%23jhswDNIFHA.1476@TK2MSFTNGP09.phx.gbl... >> >>>How can I tell who the last person was to modify an account in Active >>>Directory? >>>Specifically, I need to figure out when a password is changed, if the >>>user changed it at the logon prompt, or if an administrator changed it >>>via the MMC, and who that administrator was. >>> >>>Thanks in advance!!! >>> >>>Will >>> >> >> > >
- Next message: Joe Richards [MVP]: "Re: Needing advice for administrative rights...."
- Previous message: Cheryl: "Needing advice for administrative rights...."
- In reply to: Will Schneider: "Re: Last to Modify"
- Next in thread: Will Schneider: "Re: Last to Modify"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
