Information From DOMAIN Controllers

[Guest]

Is there anyway to retrieve information on individual user accounts;

1. When an account was created
2. When it was last edited
3. When it was disabled
I'm currently being audited for Sarbanes-Oxley and the auditors are looking
for this information. Audit logs will not not show the an account for "jdoe"
had any admin activity.

Thanks.

 

[Phillip Windell]

You would have to enable auditing on those actions before they show in the
Event Logs. It will be there only until the first time you clear the logs,
which you would certainly do eventually. It may also be clear automatically
depending on the Log Settings. If "jdoe" was created a long time ago, it is
doubtfull it would be in the log no matter what,...unless you keep the Event
Log for years and years.

 

[Anthony Yates]

At the most basic level, what you are asking for is contained in the User
Object properties in AD (except for When Disabled). Assuming you want more
than that, the Active Directory Administration Tool from the Windows 2000
Support Tools does this, but you need to know your ldap.
There's a few scripts for things like this which you could adapt:
chkusers.vbs in the Windows 2000 Resource Kit, and one I came across for
unused accounts: search the newsgroups for Scripting, Unused Accounts.
Anthony

 

[Guest]

Thanks guys...I'll get my engineers on that and see what they can get for
me. If anyone needs any help with Sarbanes-Oxley or policy and procedure,
give a shout, maybe I can help, thanks again!

Donald

 

[Steven L Umbach]

You would have to configure auditing of account management in Domain
Controller Security policy ahead of time for events to show in the security
logs. There is a program from Somarsoft called Hyena that may be of help. I
am not sure exactly what it can all do but they do have a full featured time
limited download available and it can do custom AD searches. --- Steve

http://www.somar.com/hyena/ -- Hyena