Limit the number of domain admins, audit user and group management and use MOM to alert you to changes to the group membership of the Domain Admins group. You could likely script that alerting as well if you don't use MOM.
Phil
On 10/6/05, Devan Pala <[EMAIL PROTECTED]> wrote:
Hi,
We have about 7 domain administrators in a particular child domain. I just
found out someone added the DBA Group to part of the Administrators group in
this domain. Not necessary, not required nor is it a policy. Event logs have
obviously been overwritten therefore I would like to know the simplest
method to avoid this scenario from ever happening again.
What are my options?
Thank you so much.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
