MOM works well to alert you to additions/removals from specific groups.  You’d be in trouble though if that’s your only method of monitoring it because someone could get added and do their damage before you can respond…or even worse, get added and then pull everyone else out before you can respond J

 

Travis

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf
Sent: Thursday, October 06, 2005 2:16 PM
To: [email protected]
Subject: Re: [ActiveDir] Modifying Domain Admins & Administrators Group

 

Limit the number of domain admins, audit user and group management and use MOM to alert you to changes to the group membership of the Domain Admins group. You could likely script that alerting as well if you don't use MOM.

 

Phil

 

On 10/6/05, Devan Pala <[EMAIL PROTECTED]> wrote:

Hi,

We have about 7 domain administrators in a particular child domain. I just
found out someone added the DBA Group to part of the Administrators group in
this domain. Not necessary, not required nor is it a policy. Event logs have
obviously been overwritten therefore I would like to know the simplest
method to avoid this scenario from ever happening again.

What are my options?

Thank you so much.


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

 

Reply via email to