That can be explained by sdprop which runs every 60 mins on the PDCe. It sets ACLs on privileged groups as per those ACLs set on the AdminSDHolder object in the domain.
Different, unrelated issue, I'd say :) neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crawford, Scott Sent: 07 April 2005 16:13 To: [email protected] Subject: RE: [ActiveDir] AD logging I can't help much, but to say I've seen a similar situation. In my case, I had several group objects that I modified security on. After some time, say a few hours or so, the permissions would revert back to the default. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Thursday, April 07, 2005 9:41 AM To: [email protected] Subject: RE: [ActiveDir] AD logging Yes I saw Eric's post, which does make sense; my real problem is I have accounts once a week for the past 2 months that literally disappears from AD... I have removed everyone but myself from all privileged groups; I've had all my admins reset passwords, I've made sure no scripts are running that would cause this to happen. I've even removed all logon scripts. I've never seen user accounts just disappear like this... So I set up a few test account then deleted them, I want to see where this gets logged to help me troubleshoot why other accounts see to just vanish?!?! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, April 07, 2005 6:13 AM To: [email protected] Subject: RE: [ActiveDir] AD logging Did you notice ~Eric's post? I have to ask again: Why not just use the GPO? What drove you to the NTDS registry settings? That bit is still not clear to me. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Wednesday, April 06, 2005 5:42 PM To: [email protected] Subject: RE: [ActiveDir] AD logging Given the severity of the situation I set them all to 2 and have been watching the logs -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, April 06, 2005 1:50 PM To: [email protected] Subject: RE: [ActiveDir] AD logging Under diagnostics, there are many keys. Which one did you set? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Wednesday, April 06, 2005 4:47 PM To: [email protected] Subject: RE: [ActiveDir] AD logging HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics The default GPO also has auditing set for the domain right now to audit success and failure for all objects. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, April 06, 2005 1:31 PM To: [email protected] Subject: RE: [ActiveDir] AD logging Which registry setting did you set? And why there? Why not via GPO around account auditing? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer Sent: Wednesday, April 06, 2005 3:51 PM To: [email protected] Subject: [ActiveDir] AD logging Question, Hopefully this wont sound too newbie! Domain is 2003 native mode 6 domain controllers in 3 sites. I've turned up logging in the registry to a value of 2 on the server that holds the PDC Emulator role. I have also set success and failure auditing in the default domain GP on all objects. I created an account for testing then I deleted that account but I can't see a reference to the deletion anywhere? Where will I see a reference to the deletion? Wouldn't I find that in the Security log? Like I said sorry for the newbie question... Thanks in advance Mike List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================== List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
