Re: Global Security Group members disappear
- From: Steve B <SteveB@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Sep 2007 04:10:01 -0700
Ensure Audit Account management is set to Success and Failure in the Domain
Controllers policy. Also ensure that you run gpupdate to force the policy to
apply. I would then (at a suitable time) take out one of the groups and put
it back in. You can then check the security log to ensure that everything is
being logged.
If it happens again at least you know it should have been captured.
"Jeremy" wrote:
The only vaguely relevant entry in the security log is as follows:.
Event Type: Success Audit
Event Source: Security
Event Category: System Event
Event ID: 516
Date: 10/09/2007
Time: 16:48:29
User: NT AUTHORITY\SYSTEM
Computer: SENIOR
Description:
Internal resources allocated for the queuing of audit messages have been
exhausted, leading to the loss of some audits.
Number of audit messages discarded: 4
Mind you, I only had Directory Services logging failures. I've reset it to
log successes as well now.
"Jorge Silva" wrote:
I agree with steve, you should look at the logs to check what is going on...
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Steve B" <SteveB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A2D67D5A-0EEC-4887-BD40-F0817041259D@xxxxxxxxxxxxxxxx
OK...have you checked the security logs on the DC's. This should now tell
you who/the process and time that the students group was removed.
"Jeremy" wrote:
Moved forest/domain level to 2003.
Members of "Students" disappeared again overnight. I have turned on
auditing of management as Jorge suggested although I think the likelihood
of
anyone other than me being able to edit AD is low.
"Steve B" wrote:
Whilst it will not explain why your groups disappeared - I would
suggest you
investigate switching your domain/forest level to Windows 2003. This
allows
you to take advantage of all the AD features.
Did you manage to check what auditing was turned on?
"Jeremy" wrote:
Hmmm... okay, further investigation reveals:
Domain Functional Level: Windows 2000 native
Forest Functional Level: Windows 2000
"Steve B" wrote:
What's the forest functional level? Do you have auditing turned on?
If so,
what are you auditing?
"Jeremy" wrote:
I should add that this is W2k3 AD
"Jeremy" wrote:
I have set up a Global Security Group called "Students" which
on a good day
contains Global Security Groups "2000", "2001"... "2007". I
recently set up
a second domain controller. Now, every morning I look in
Students and all
the Global Security Groups supposed to be members ("2000",
"2001"... "2007")
have disappeared from the list of members. There are no errors
in the Event
Logs and RepAdmin shows replication occurring correctly. To
apply a
temporary fix I visit both DCs and add the missing groups. I
also use ADUC
on my XP Pro workstation and re-apply the groups using that too
if they are
not showing.
Why do these groups disappear from the membership list of the
"Students"
group and how can I stop it happening?
- Follow-Ups:
- Re: Global Security Group members disappear
- From: Jeremy
- Re: Global Security Group members disappear
- References:
- Re: Global Security Group members disappear
- From: Jorge Silva
- Re: Global Security Group members disappear
- From: Jeremy
- Re: Global Security Group members disappear
- Prev by Date: Re: Global Security Group members disappear
- Next by Date: Re: AD Not working
- Previous by thread: Re: Global Security Group members disappear
- Next by thread: Re: Global Security Group members disappear
- Index(es):
Relevant Pages
|
