See LDIFDE. You can script a daily dump of AD using it and diff it against yesterday's to to see what changes were made.
http://support.microsoft.com/kb/q237677 Seth Robertson -----Original Message----- From: Greg Kelley [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 05, 2006 12:21 PM To: [email protected] Subject: Reading Active Directory Database Has anyone found an application that allows one to read the entire Active Directory file (NTDS.dit) from a Windows 2000 (or 2003) server? I know that Encase has a script to perform this function, but I believe it is missing information in the case I am working on. Greg Kelley, EnCE Vestige Digital Investigations Computer Forensics | Electronic Discovery | Corporate Surety 46 Public Square, Ste 220 Medina, OH 44256 (330)721-1205 x5432 (330)721-1206 Fax http://www.vestigeltd.com
