I found the issue, kinda. We’re in the midst of preparing for migration to O365. We have 2 DCs in Azure, setup in the ADFS area. One of those DCs touched all these objects, and changed some mail-related attributes. The one that messed us up, is that it set the msExchRequireAuthToSendTo attribute to TRUE, not only on these 16 DLs, but apparently all of our DLs. Bad juju, if you’re not actually setting up the list of accounts that have those rights. I’m working on figuring out how to clean up the mess now.
From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Thursday, October 13, 2016 12:31 PM To: [email protected] Subject: RE: [NTSysADM] Modified date on distribution group AD object Do you see a lot of other objects that have the same time stamp? If you happened to have upgraded the domain’s functional level it would have changed the time stamp on all objects in AD. (Anything with a newer time stamp notwithstanding.) I assume that’s not it, but just in case. Other things that change the time stamp are OU moves, PW changes (including machine PW changes every 30 days by default). For groups, additions and deletions of members as well as OU moves. Also, ACL changes. Might that be it? Is Netwrix auditing the ACLs or just the members? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, October 13, 2016 11:30 AM To: 'NT System Admin Issues Discussion list' <[email protected]<mailto:[email protected]>> Subject: [NTSysADM] Modified date on distribution group AD object We have 16 distribution groups that are showing the exact same Modified timestamp. A couple of these are used for automated message delivery for different applications. Since this change date, those messages are no longer being delivered. I use Netwrix to audit things, and it doesn’t have anything for these distribution groups changing in that whole week. What causes that modified timestamp to change? Where else can I look to try and see what got modified? Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<http://saveourwater.com/> SaveOurWater.com<http://saveourwater.com/> · Drought.CA.gov<http://drought.ca.gov/>
