The event viewer (when auditing is enabled) shows the following event ids
for actions mentioned

Object          Event ID "created"      Event ID "modified/changed"
Event ID "deleted"
User            ID 624                  ID 642                          ID
630
Computer        ID 645                  ID 646                          ID
647
Local Group     ID 635                  ID 639                          ID
638
Global Group    ID 631                  ID 641                          ID
634
Universal Group ID 658                  ID 659                          ID
662 

Checking the event id, it only tells the NetBIOS domain name and the
samAccount. No DN..

Regards,

Jorge

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, January 19, 2004 16:37
To: [EMAIL PROTECTED]
Subject: [ActiveDir] How to track object deletion?

Hello, AD gurus.
I' ve been developing a DirSync program that tracks for object changes in
AD.
Everything is fine except for object deletion.
When AD object is deleted, as everybody knows here, it is tombstoned. As I
figured out that means that the object is moved to the hidden container
called 'Deleted Objects'. So when I delete an object DirSync returns me the
following

CN=user1\DEL:5fce35d1-42dc-4d42-b4d6-fd4a5c773acd,CN=Deleted
Objects,DC=sbhbd1,DC=local

as the DN of changed object.

In the example above I deleted object with DN: CN=user1,CN=Users,
DC=sbhbd1,DC=local.
But I've lost some part of original object DN like: * ,CN=Users, *

The question is: How to track AD objects deletion? I need to know  object
original DN, but AD hides it from me.
I don't want to keep a copy of original AD or whatever similar to it.

Thanks in advance! 



--
Best regards,
   (mailto:[EMAIL PROTECTED])    19.01.2004, 18:27
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

This e-mail and any attachment is for authorised use by the intended recipient(s) 
only. It may contain proprietary material, confidential information and/or be subject 
to legal privilege. It should not be copied, disclosed to, retained or used by, any 
other party. If you are not an intended recipient then please promptly delete this 
e-mail and any attachment and all copies and inform the sender. Thank you.
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to