Article ID: 828074
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise x64 Edition
SYMPTOMS
When you set the Delete All Child Objects auditing entry for an Active Directory object in Microsoft Windows Server 2003, and then you delete an Active Directory object that you want to audit, the event log does not record the deletion.
CAUSE
This behavior occurs because when you set the Delete All Child Objects auditing entry, you must also set the Delete auditing entry.
MORE INFORMATION
This Windows Server 2003 behavior corrects the behavior in Microsoft Windows 2000 Server. In Windows 2000, you can set the Delete All Child Objects auditing entry without setting the Delete auditing entry. However, when an object is deleted, the event log entry does not specify which object was deleted. The event log states only that an object had been deleted from a specific container.
In Windows Server 2003, if you set the Delete auditing entry and the Delete All Child Objects auditing entry, and then you delete an audit child object, the event log specifies which object has been deleted and the container that the object was deleted from.
For additional information about auditing Active Directory objects, click the following article number to view the article in the Microsoft Knowledge Base:
814595 HOW TO: Audit Active Directory objects in Windows Server 2003
Additional query words: AD
Keywords: kbprb kbwinservds kbactivedirectory kbbug kbwinserv2003presp1fix KB828074
