Is Acitve Directory keeping track of old account names?

Is Acitve Directory keeping track of old account names?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Is Acitve Directory keeping track of old account names? Frank 06-29-2006
Posted by Frank on June 29, 2006, 7:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
After an account has been renamed (and the proper audit settings have
been set) event 685 will be created in the security log of the DC.
Event 685's description displays the old Account name and the new
account name.

Does anyone know whether MS-AD itself keeps track of the old names? Are
the old names being stored in some attribute or is it possible to
enable such a feature?

Regards,

Frank


Posted by Roger Abell [MVP] on July 1, 2006, 2:25 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have never noticed mention of any such, and the attributes
that might be needed do not seem to be where one would
expect them to logically have been defined.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

> After an account has been renamed (and the proper audit settings have
> been set) event 685 will be created in the security log of the DC.
> Event 685's description displays the old Account name and the new
> account name.
>
> Does anyone know whether MS-AD itself keeps track of the old names? Are
> the old names being stored in some attribute or is it possible to
> enable such a feature?
>
> Regards,
>
> Frank
>



Posted by Frank on July 2, 2006, 9:14 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks for your reply Roger.

The most likely atrribute to hold this kind of information would be the
AccountNameHistory attribute. But apparently this attribute is used for
something else as no information is stored in the attribute when
accounts are being renamed.


Roger Abell [MVP] schreef:

> I have never noticed mention of any such, and the attributes
> that might be needed do not seem to be where one would
> expect them to logically have been defined.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
>
> > After an account has been renamed (and the proper audit settings have
> > been set) event 685 will be created in the security log of the DC.
> > Event 685's description displays the old Account name and the new
> > account name.
> >
> > Does anyone know whether MS-AD itself keeps track of the old names? Are
> > the old names being stored in some attribute or is it possible to
> > enable such a feature?
> >
> > Regards,
> >
> > Frank
> >


Similar ThreadsPosted
Reset All User Account Passwords in Active Directory October 11, 2006, 9:02 pm
Re: Keeping a record (private!) September 13, 2008, 5:49 am
Are there progams out there which let you surf the web while keeping web sites from knowing where you are coming from? December 8, 2006, 10:26 pm
All Log in Names January 18, 2006, 3:02 pm
Are file names private? October 25, 2005, 11:19 pm
SIDs showing but domain names not - Help!! February 14, 2006, 12:01 pm
Stored user names and passwords May 2, 2006, 8:11 am
Terminal server rdp, tls certificates & subject alternative names? June 30, 2008, 11:03 am
Can we "stored user names and passwords" in Windows XP Home Edition? December 16, 2005, 5:57 am
Disks filling up - how to track it July 20, 2005, 10:00 pm

The site map in XML format XML site map

Contact Us | Privacy Policy