Is Acitve Directory keeping track of old account names?

TheMSsForum.com: The Microsoft Software Forum

After an account has been renamed (and the proper audit settings have
been set) event 685 will be created in the security log of the DC.
Event 685's description displays the old Account name and the new
account name.

Does anyone know whether MS-AD itself keeps track of the old names? Are
the old names being stored in some attribute or is it possible to
enable such a feature?

Regards,

Frank
Top

Re: Is Acitve Directory keeping track of old account names? by Roger

Roger
Sat Jul 01 01:25:39 CDT 2006

I have never noticed mention of any such, and the attributes
that might be needed do not seem to be where one would
expect them to logically have been defined.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Frank" <f.donders@gmail.com> wrote in message
news:1151580523.205051.91490@75g2000cwc.googlegroups.com...
> After an account has been renamed (and the proper audit settings have
> been set) event 685 will be created in the security log of the DC.
> Event 685's description displays the old Account name and the new
> account name.
>
> Does anyone know whether MS-AD itself keeps track of the old names? Are
> the old names being stored in some attribute or is it possible to
> enable such a feature?
>
> Regards,
>
> Frank
>


Top

Re: Is Acitve Directory keeping track of old account names? by Frank

Frank
Sun Jul 02 08:14:57 CDT 2006

Thanks for your reply Roger.

The most likely atrribute to hold this kind of information would be the
AccountNameHistory attribute. But apparently this attribute is used for
something else as no information is stored in the attribute when
accounts are being renamed.


Roger Abell [MVP] schreef:

> I have never noticed mention of any such, and the attributes
> that might be needed do not seem to be where one would
> expect them to logically have been defined.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
>
> "Frank" <f.donders@gmail.com> wrote in message
> news:1151580523.205051.91490@75g2000cwc.googlegroups.com...
> > After an account has been renamed (and the proper audit settings have
> > been set) event 685 will be created in the security log of the DC.
> > Event 685's description displays the old Account name and the new
> > account name.
> >
> > Does anyone know whether MS-AD itself keeps track of the old names? Are
> > the old names being stored in some attribute or is it possible to
> > enable such a feature?
> >
> > Regards,
> >
> > Frank
> >

Top