I am migrating FRS to DFSR and going from 'REDIRECTED' to 'ELIMINATED'.
During this phase the FRS service is stopped and Disabled.
I receive an alert in Change Auditor on Windows 2008 R2 DCs, but not on Windows 2012 R2 DCs. On a 2012 R2 DC, I see the follwoing entry in the 'InTrust for AD' event log:
AD object was successfully deleted.
Client Computer : fe80:0:0:0:9555:2222:1c5a:5978
Object DN : cn=NRUSCA-SWP9912,cn=Domain System Volume (SYSVOL share),cn=File Replication Service,cn=system,DC=nibr,DC=novartis,DC=net
Object Class : nTFRSMember
This appears nowhere in Change Auditor. Is there any reason for this? I would think that anytime something is deleted from AD, it would be reported.
We are running CA 6.8.1474
I can't speak to this specific use case, but I can tell you that for performance reasons, not everything is automatically audited by Change Auditor. You may need to go in and enable auditing for this particular object class. It is curious though that you say that you are seeing audit entries from some DCs? Are all your DCs managed by the same instance of Change Auditor? If yes, I would open an SR with Support once you have checked to make sure that auditing is enabled for this object class..