Deleted AD user accounts reappearing

20 pts.
Tags:
Active Directory
Active Directory accounts
We delete user accounts, but after a while they come back. We have not restored a domain controller; where are these coming back from?

Software/Hardware used:
Windows 2008 R2

Answer Wiki

Thanks. We'll let you know when a new response is added.

Well exactly not confirmed but You can perform auditing to determine who may be creating accounts. 


There is a policy setting called “audit account management” that you can enable.
The description of the setting is below.

Audit account management
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Audit Policy

Description
Determines whether to audit each event of account management on a computer.
Examples of account managment events include:

a.. A user account or group is created, changed, or deleted
b.. A user account is renamed, disabled, or enabled
c.. A password is set or changed
By default, this value is set to No auditing in the Default Domain
Controller Group Policy object (GPO) and in the local policies of
workstations and servers.

If you define this policy setting, you can specify whether to audit
successes, audit failures, or not to audit the event type at all. Success
audits generate an audit entry when any account management event is
successful. Failure audits generate an audit entry when any account
management event fails. You can select No auditing by defining the policy
setting and unchecking Success and Failure.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • BestITSolution
    How is your domain structure single domain controller or multiples domain controller. so possibly someone also receive same request for Windows ID creation please check the object creation date / time that will give you better idea about it.
    40 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following