The only other way I can think of to track object deletion is to use auditing. Of course this involves somehow collating the event log information, but there are tools available to do this.
Tony ---------- Original Message ---------------------------------- Wrom: ULHPQQWOYIYZUNNYCGPKY Reply-To: [EMAIL PROTECTED] Date: Tue, 20 Jan 2004 16:07:46 +0300 Thank you all guys for your help. I've mode some investigation on this. Here are the results. Correct me if I'am mistaken. When AD object is deleted it is actually moved to the Deleted Objects container of the partition it is deleted from. But when it is moved to that container only a little part of its properties is taken with it. Alas, there is no DN property that can tell where the object was deleted from. In spite of the fact that parentGUID property remained in the tombstoned object it is set to the GUID of Deleted Object container, but not to the GUID of the recent object parent. It is a real mess. It all leads to that I can't determine DN of deleted object by any mean without storing some type of objects cache before their deletion! I can't accept that taking into account that object deletion is the most critical AD change. > I've been looking at ways for tracking static DNS record changes. So far > I've been focusing on the "dnsTombestone" property which has 3 values of > NULL, TRUE, and FALSE. > > Perhaps you can see if that object has a similar property? I'm not at an AD > terminal now, so I can't check, but it might be something you can check on. > > Just an Idea. :) > > J > > -----Original Message----- > Wrom: LEJGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBU > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, January 19, 2004 9:37 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] How to track object deletion? > > Hello, AD gurus. > I' ve been developing a DirSync program that tracks for object changes in > AD. > Everything is fine except for object deletion. > When AD object is deleted, as everybody knows here, it is tombstoned. As I > figured out that means that the object is moved to the > hidden container called 'Deleted Objects'. So when I delete an object > DirSync returns me the following > > CN=user1\DEL:5fce35d1-42dc-4d42-b4d6-fd4a5c773acd,CN=Deleted > Objects,DC=sbhbd1,DC=local > > as the DN of changed object. > > In the example above I deleted object with DN: CN=user1,CN=Users, > DC=sbhbd1,DC=local. > But I've lost some part of original object DN like: * ,CN=Users, * > > The question is: How to track AD objects deletion? I need to know object > original DN, but AD hides it from me. > I don't want to keep a copy of original AD or whatever similar to it. > > Thanks in advance! > > > > -- > Best regards, > (mailto:[EMAIL PROTECTED]) 19.01.2004, 18:27 > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > -- Best regards, (mailto:[EMAIL PROTECTED]) 20.01.2004, 15:57 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
