This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FRS -> DFSR migraiton and alerts in Change Auditor

I am migrating FRS to DFSR and going from 'REDIRECTED' to 'ELIMINATED'.

During this phase the FRS service is stopped and Disabled.

I receive an alert in Change Auditor on Windows 2008 R2 DCs, but not on Windows 2012 R2 DCs. On a 2012 R2 DC, I see the follwoing entry in the 'InTrust for AD' event log:

AD object was successfully deleted.

Client Computer : fe80:0:0:0:9555:2222:1c5a:5978

Object DN : cn=NRUSCA-SWP9912,cn=Domain System Volume (SYSVOL share),cn=File Replication Service,cn=system,DC=nibr,DC=novartis,DC=net

Object Class : nTFRSMember

This appears nowhere in Change Auditor. Is there any reason for this? I would think that anytime something is deleted from AD, it would be reported.

We are running CA 6.8.1474

Regards,

Waldo

0 JohnnyQuest over 9 years ago

I can't speak to this specific use case, but I can tell you that for performance reasons, not everything is automatically audited by Change Auditor. You may need to go in and enable auditing for this particular object class.

It is curious though that you say that you are seeing audit entries from some DCs?

Are all your DCs managed by the same instance of Change Auditor?

If yes, I would open an SR with Support once you have checked to make sure that auditing is enabled for this object class..
Cancel
Up 0 Down
0 david.werner over 9 years ago

Hi johnny,

My fault, maybe . . .
I had created a Service template for monitoring and assigned it to only my 2008 R2 DCs. I have now assigned it to my 2012r2 DCs. Let's see if it picks it up.

Waldo
Cancel
Up 0 Down