Techit Tricks

You can download videos of CCNA | Azure | Vmware | AWS | Citrix | HP

Setup GPO for Active Directory | Find Who disabled a AD user account

Run gpedit.msc → Create a new GPO → Edit it : Go to "Computer Configuration" → Policies → Windows Settings → Security Settings → Local Policies > Audit Policy:
Audit account management → Define → Success.


Go to Event Log → Define:
Set the maximum security log size
Set the retention method for the security log to "Overwrite events as needed".

Link GPO to OU with User Accounts

Go to "Group Policy Management" → Right-click the defined OU → Choose "Link an Existing GPO" → Choose the created GPO.

Force a Group Policy update

In the "Group Policy Management" → Right-click the defined OU → Click "Group Policy Update".

Enable auditing for the domain using ADSI

Run adsiedit.msc → Connect to the Default naming context → Right-click the domain DNS object with the name of your domain → Click Properties → Select the Security (Tab) → Click Advanced (Button) → Select Auditing (Tab) → Add the principal "Everyone" → Type "Success" → Apply this to "This object and descendant objects" → Click Permissions → Select all check boxes except the following:
"Full control",
"List contents",
"Read all properties",
"Read permissions"
→ Click "OK"

Find Who disabled a AD user account

Open Event Viewer and search the security log for event ID 4722 (a user account was enabled)