Last post Sep 19, 2007 07:50 AM by johram
Sep 14, 2007 05:53 AM|sunkoti|LINK
Hai, Can anyone of u tell how to access the user information of who made the changes in Active Directory and the details of the user. Since i am new to this topic please give some directions to solve this. And also i want to know how the API calls are occuring
in kernel level debugging to access the information of the user using Windbg. Please provide some relevant links which gives complete idea of accessing APIs using windbg. I dont know actually What kind of information we can get using windbg to solve the above
mentioned problem. And please suggest one better language (.net/C#/VC++) to approach this problem.
Sep 18, 2007 09:58 AM|johram|LINK
I don't think AD stores this information - I've been looking for this myself. But I think you can get it from audit logs for the AD in some way. You should be able to listen to the audit log and intercept messages sent there. Sorry cant help you with windbg.
Too low level for me ;-)
Sep 19, 2007 04:25 AM|sunkoti|LINK
Hi thank u for giving reply,
can u please tell me if u know how to get the LDAP APIs of AD for windows server 2003 through which we can hook into that APIs and get the information.
I need these apis list, where we can find them.
Sep 19, 2007 07:50 AM|johram|LINK
Here's an article on MSDN that gives an overview of different options for tracking changes in the AD:
Also, if you are using .net 2.0 you may find the DirectorySynchonization object useful.