Direct Inward Dialing: +1 408 916 9892
User accounts in Active Directory (AD) enable employees to log in and gain access to a system. Sometimes, a negligent admin or an attacker might delete a user account, resulting in the employee losing access to their system and files. In such situations, there are ways to find out who performed the deletion.
Perform the following actions on the Domain Controller (DC):
Note: If you are using a workstation, the following script should be run on PowerShell:
where
Note: If you are using a workstation, in the Event Viewer, right-click on Event Viewer (Local) on the left pane, and click on Connect to Another Computer... and enter the name of the DC in the following format:
The above two methods are complex and the insight provided is limited since it is impossible to keep track of each event as it occurs.
This will show you a detailed list of deleted user accounts, the user that performed the deletion, the time of deletion, and the DC that the deletion was performed in, along with a graphical representation.
ADAudit Plus enables you to monitor real-time AD object access and modifications.
Our team will be in touch with you shortly.
Sign up for a free live demo and discover why 15,000+ customers trust ManageEngine ADAudit Plus with their Active Directory security.