Hi, I'm not sure if I would want this in the AD DB as this would mean a larger DIT (as every change is stamped... - how many versions are kept as history?) and additional replication traffic. I would prefer a better central auditing solution instead of having to check each DC to see for who made a change and when.
Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Tuesday, October 18, 2005 10:17 To: [email protected] Subject: Re: [ActiveDir] Knowing when users were deleted. joe wrote: > Correct, you can currenlty only get the when and the where (DC Where > not Client Where). > > Which raises the question. How many people would like a metadata stamp > with the GUID or SID of the userid that made the modification for a > given attribute (or value if appropriate)? Or would it be ok to just > have who made the last change to the object? Either way, none of the > "administrators group" nonsense, it points to a specific security principal. count me with this request -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
