Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Delete All Child Objects auditing entry for an Active Directory object does not record an event log entry in Windows Server 2003


View products that this article applies to.

Symptoms

When you set the Delete All Child Objects auditing entry for an Active Directory object in Microsoft Windows Server 2003, and then you delete an Active Directory object that you want to audit, the event log does not record the deletion.

↑ Back to the top


Cause

This behavior occurs because when you set the Delete All Child Objects auditing entry, you must also set the Delete auditing entry.

↑ Back to the top


More information

This Windows Server 2003 behavior corrects the behavior in Microsoft Windows 2000 Server. In Windows 2000, you can set the Delete All Child Objects auditing entry without setting the Delete auditing entry. However, when an object is deleted, the event log entry does not specify which object was deleted. The event log states only that an object had been deleted from a specific container.

In Windows Server 2003, if you set the Delete auditing entry and the Delete All Child Objects auditing entry, and then you delete an audit child object, the event log specifies which object has been deleted and the container that the object was deleted from.

For additional information about auditing Active Directory objects, click the following article number to view the article in the Microsoft Knowledge Base:
814595 HOW TO: Audit Active Directory objects in Windows Server 2003

↑ Back to the top


Keywords: KB828074, kbwinserv2003presp1fix, kbbug, kbactivedirectory, kbwinservds, kbprb

↑ Back to the top

Article Info
Article ID : 828074
Revision : 4
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 344