Re: Users missing Exchange mailbox still there
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Wed, 3 Aug 2005 17:35:53 -0400
That would be the first time I've ever seen it where a machine arbitrarily
and with no outside assistance deletes user accounts. I have seen scripts,
programs, etc do this and the illusion was that the telephone did it :)
Strange that the audit logs didn't capture anything. Unless they wrapped
prior to being looked at of course.
Al
"sheltonm1977" <sheltonm1977@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D86D5F82-4722-4211-ACD1-B842EC1FDA7F@xxxxxxxxxxxxxxxx
>I have personally questioned all users that have enough access to AD to be
> able to delete and like most of them i agree it is almost to random to be
> a
> person doing it. Some containers had half the users gone some had one.
> Yes
> to the audit level does catch deletes. There was nothing in them to point
> to
> what went on.
> --
> Shelton
>
>
> "Al Mulnick" wrote:
>
>> Pretty much, if it's not in the event logs it's really tough to spot how
>> or
>> who. Have you considered questioning everyone who has enough access to
>> have
>> caused that? Were you auditing enough information to have found the
>> deletes
>> in the security logs?
>> Could it have been an application that did it? I have seen applications
>> have
>> adverse affects on user accounts, but I've never seen user accounts go
>> unaccountably missing. There's always a reason.
>>
>> Al
>>
>>
>> "sheltonm1977" <sheltonm1977@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:C9672653-0420-4C34-B13B-57ED971B9716@xxxxxxxxxxxxxxxx
>> > We started getting calls from users sunday saying they could not log in
>> > or
>> > other users saying they could not find a person in the Global Address
>> > Book.
>> > We started looking into it and right around 100 users inside our active
>> > directory were gone. There seems to be no pattern, no order. I have
>> > been
>> > through the event logs, syslogs, firewall syslogs, as well as our
>> > tipping
>> > point logs. Nothing seems to have gotten through enough to cause the
>> > damage
>> > that was done. We have already recreated the users, reattached them to
>> > thier
>> > mailbox, and recreated profiles on the PC's. I am out of resources to
>> > figure
>> > out why this happened, just for the fact we would really rather not
>> > have
>> > it
>> > happen again. Has anyone seen this before or does anyone know the
>> > correct
>> > direction i should be looking in.
>> >
>> > Thanks
>> > --
>> > Shelton
>>
>>
>>
.
- References:
- Users missing Exchange mailbox still there
- From: sheltonm1977
- Re: Users missing Exchange mailbox still there
- From: Al Mulnick
- Re: Users missing Exchange mailbox still there
- From: sheltonm1977
- Users missing Exchange mailbox still there
- Prev by Date: Re: Users missing Exchange mailbox still there
- Next by Date: Re: add a new 2003 server to domain as DC
- Previous by thread: Re: Users missing Exchange mailbox still there
- Next by thread: Assign a GPO to a single subnet
- Index(es):
Relevant Pages
|
