If you are auditing Directory Service Access (for success and failure) you
will see a success event of ID 566 whenever an AD-intg record is
created/deleted (or modified).
The clue to the deletion is that you will see the following (in addition to
others):
Accesses: Write Property
Properties: Write Property
Default Property set
dnsRecord
dNSTomstoned
You will see the name of the person that did the deletion in "Client User
Name" and you will see the record deleted in "ObjectName".
Sincerely,
D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of James Green
Sent: Tue 5/17/2005 12:03 PM
To: [email protected]
Subject: [ActiveDir] AD-Integrated DNS Record Query
Hello folks
I hope someone can help here:
Scenario:
DC1 and DC2 with AD-Integrated DNS Zone called MYDNS.NET
I create a Host Record on DC1 in MYDNS.NET zone and gets AD-replicated to
DC2.
I can see the metadata of this record using Replmon etc - all ok so far!
Now, someone deletes this record!
I need to find that on which DC this got deleted from?
How can I do so?
Thanks All
james
_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!
http://toolbar.msn.co.uk/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
