RE: [ActiveDir] Modifying Domain Admins & Administrators Group

[Travis.Weeks]

MOM works well to alert you to additions/removals from specific groups.  You’d be in trouble though if that’s your only method of monitoring it because someone could get added and do their damage before you can respond…or even worse, get added and then pull everyone else out before you can respond J   Travis   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Thursday, October 06, 2005 2:16 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Modifying Domain Admins & Administrators Group   Limit the number of domain admins, audit user and group management and use MOM to alert you to changes to the group membership of the Domain Admins group. You could likely script that alerting as well if you don't use MOM.   Phil   On 10/6/05, Devan Pala <[EMAIL PROTECTED]> wrote: Hi, We have about 7 domain administrators in a particular child domain. I just found out someone added the DBA Group to part of the Administrators group in this domain. Not necessary, not required nor is it a policy. Event logs have obviously been overwritten therefore I would like to know the simplest method to avoid this scenario from ever happening again. What are my options? Thank you so much. List info   : http://www.activedir.org/List.aspx List FAQ    : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/