How to detect rename or move operation on Active Directory user account?
Question
I want to know that, is there any way to know that, AD user account has been renamed or moved to different location within domain ? I know there is a way to track changes occurred in AD object by using DirSync feature but it doesn't detect rename or move operation. DirSync shows new DN of renamed or moved object from that we can't predict whether it is a move or rename operation. Is there any attribute which tells old DN of rename/moved user ? or Is there separate LDAP control available (like for deleted objects 1.2.840.113556.1.4.417) to detect rename operation ?
Thanks,
2 answers
solution1
1 2014-01-14 11:26:37
You need to enable audit logging for the domain, and configure it to audit AD access events:
http://support.microsoft.com/kb/814595
The events well show up in the Security Eventl logs on your DCs, and you'll need to make sure you have enough log space allocated to retain the events as far back as you want to be able to audit, or periodically save the event logs (or just the AD access events) for review later.
solution2
0 2014-01-15 12:24:21
Unfortunately, I do not believe there is another a direct method to detect moves and renames other than perhaps auditing.
The dyrSync control maybe helpful: http://support.microsoft.com/kb/891995
But, AS FAR AS I KNOW, you need to track and check for changes in the FDN or the parent to detect moves and renames.
-jim
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.