Hmm. Do we really want to excuse prior failure of proper auditing by putting more data into AD? Wouldn't that lead into every request of non-configured auditing to requests for extending the AD? Do it right the first way.
I completely agree that we should make the people more auditing aware, and it would be great to have a centralized auditing together with some force of configuration instead of the per server events and auditing which is rearly configured. However I'm not sure if I want this kind of data in the AD. Just my Eurocents. Ulf |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of Laura |E. Hunter |Sent: Sunday, October 16, 2005 10:28 PM |To: ActiveDir@mail.activedir.org |Subject: Re: [ActiveDir] Knowing when users were deleted. | |Various thoughts from this thread: | |[1] I agree with Al and Paul[1] on a desire for that sort of metadata. | I'm not as convinced of the trade-off value of bloating the |DIT for full undelete information, particularly in monster big |environments. |For my teeny-tiny single domain it probably wouldn't be that |bad of a hit, but I imagine that the laws of diminishing |returns would quickly set in. | |[2] Please finish the thought, Brett, I'm sure I'd find it |helpful/enlightening/informative even if it's only speaking in |hypotheticals. | |[3] It's Gil and Darren's turn to crack me up today, I guess |joe is taking a break. | | |[1] *waves* Hi Paul! Glad to see you alive post-Summit. | |- L |List info : http://www.activedir.org/List.aspx |List FAQ : http://www.activedir.org/ListFAQ.aspx |List archive: |http://www.mail-archive.com/activedir%40mail.activedir.org/ | List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
