Garrett-
You need something to process your event logs with. I have used MOM for this as well as ACS (which never saw the light of day but will ship as part of MOM2007). Quest and NetIQ (and possibly NetPRO) also all have tools that can do this type of thing. I have used Ecora as well. It has nice pretty reports and is priced at an affordable price point. I prefer the MOM/ACS route mostly because I can play with the raw data to my liking. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mattingly, Garrett Sent: Friday, January 05, 2007 11:18 AM To: [email protected] Subject: [ActiveDir] AD Auditing and Change Control Hi All, I was asked if there was a way to find out all changes performed in AD by a particular user account. The personal was wondering if there is a AD attribute to query on to do this. Natively I believe that event log auditing is about the only way you can track this information natively which is almost useless because the security log overwrites after a day or so. As far as I know in AD you have a creation and modified date on objects in AD but there is no "created by" or "modified by" attribute that I am aware of. I thought maybe object owner might be and attribute but I did not see this listed in ADSIEdit. This is basically a "How can we find out what this guy is doing or did?" problem. Questions: Is this even possible with native tools? Are there recommended 3rd party tools that could do this? I've heard of something call ECORA Auditor Pro, anybody use this? Thanks, Garrett
