RE: [NTSysADM] Modified date on distribution group AD object

2016-10-14 Thread Heaton, Joseph@Wildlife 
I found the issue, kinda.  We’re in the midst of preparing for migration to 
O365.  We have 2 DCs in Azure, setup in the ADFS area.  One of those DCs 
touched all these objects, and changed some mail-related attributes.  The one 
that messed us up, is that it set the msExchRequireAuthToSendTo attribute to 
TRUE, not only on these 16 DLs, but apparently all of our DLs.  Bad juju, if 
you’re not actually setting up the list of accounts that have those rights.  
I’m working on figuring out how to clean up the mess now.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Charles F Sullivan
Sent: Thursday, October 13, 2016 12:31 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Modified date on distribution group AD object

Do you see a lot of other objects that have the same time stamp? If you 
happened to have upgraded the domain’s functional level it would have changed 
the time stamp on all objects in AD. (Anything with a newer time stamp 
notwithstanding.)

I assume that’s not it, but just in case. Other things that change the time 
stamp are OU moves, PW changes (including machine PW changes every 30 days by 
default). For groups, additions and deletions of members as well as OU moves. 
Also, ACL changes. Might that be it? Is Netwrix auditing the ACLs or just the 
members?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, October 13, 2016 11:30 AM
To: 'NT System Admin Issues Discussion list' 
<ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>>
Subject: [NTSysADM] Modified date on distribution group AD object

We have 16 distribution groups that are showing the exact same Modified 
timestamp.  A couple of these are used for automated message delivery for 
different applications.  Since this change date, those messages are no longer 
being delivered.  I use Netwrix to audit things, and it doesn’t have anything 
for these distribution groups changing in that whole week.

What causes that modified timestamp to change?  Where else can I look to try 
and see what got modified?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[NTSysADM] Modified date on distribution group AD object

2016-10-13 Thread Heaton, Joseph@Wildlife 
We have 16 distribution groups that are showing the exact same Modified 
timestamp.  A couple of these are used for automated message delivery for 
different applications.  Since this change date, those messages are no longer 
being delivered.  I use Netwrix to audit things, and it doesn't have anything 
for these distribution groups changing in that whole week.

What causes that modified timestamp to change?  Where else can I look to try 
and see what got modified?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov