Do I understand you correctly, that the "lastKnownParent" attribute of a tombstone doesn't contain the GUID of the OU the object was deleted from - instead it contains the GUID of the Deleted Object container? Is this right after deletion, or after you've changed some attributes of the object?
Regardless, if you've previously synched the objects to your secondary store (whatever it is) and have included the GUID of the objects in your DirSync program, you should be able to leverage this store to determine the original DN / OU of the deleted object. And your goal can really only be to report on which objects were deleted from which OU - right? You won't be able to reanimate (un-delete) the object back to a usable object without doing a lot of extra work anyways (e.g. recovering all the attributes which were stripped from the object during the deletion etc.). As such, you will have to rely on some kind of backup to provide you with this information... /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Dienstag, 20. Januar 2004 14:08 To: [EMAIL PROTECTED] Subject: Re[2]: [ActiveDir] How to track object deletion? Thank you all guys for your help. I've mode some investigation on this. Here are the results. Correct me if I'am mistaken. When AD object is deleted it is actually moved to the Deleted Objects container of the partition it is deleted from. But when it is moved to that container only a little part of its properties is taken with it. Alas, there is no DN property that can tell where the object was deleted from. In spite of the fact that parentGUID property remained in the tombstoned object it is set to the GUID of Deleted Object container, but not to the GUID of the recent object parent. It is a real mess. It all leads to that I can't determine DN of deleted object by any mean without storing some type of objects cache before their deletion! I can't accept that taking into account that object deletion is the most critical AD change. > I've been looking at ways for tracking static DNS record changes. So far > I've been focusing on the "dnsTombestone" property which has 3 values of > NULL, TRUE, and FALSE. > > Perhaps you can see if that object has a similar property? I'm not at an AD > terminal now, so I can't check, but it might be something you can check on. > > Just an Idea. :) > > J > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, January 19, 2004 9:37 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] How to track object deletion? > > Hello, AD gurus. > I' ve been developing a DirSync program that tracks for object changes in > AD. > Everything is fine except for object deletion. > When AD object is deleted, as everybody knows here, it is tombstoned. As I > figured out that means that the object is moved to the > hidden container called 'Deleted Objects'. So when I delete an object > DirSync returns me the following > > CN=user1\DEL:5fce35d1-42dc-4d42-b4d6-fd4a5c773acd,CN=Deleted > Objects,DC=sbhbd1,DC=local > > as the DN of changed object. > > In the example above I deleted object with DN: CN=user1,CN=Users, > DC=sbhbd1,DC=local. > But I've lost some part of original object DN like: * ,CN=Users, * > > The question is: How to track AD objects deletion? I need to know object > original DN, but AD hides it from me. > I don't want to keep a copy of original AD or whatever similar to it. > > Thanks in advance! > > > > -- > Best regards, > (mailto:[EMAIL PROTECTED]) 19.01.2004, 18:27 > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > -- Best regards, (mailto:[EMAIL PROTECTED]) 20.01.2004, 15:57 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
