Find who deleted user in Active Directory
When somebody deletes user accounts, these users will not be able to log into IT systems using domain authentication from any computer within the organization. If you delete a user account while the user is logged in, the user will lose access to email, SharePoint, SQL Server, shared folders and other systems. Therefore, it’s essential to monitor account deletions and quickly determine who deleted a user account, so you can quickly restore any improperly deleted account to minimize the risk of business disruption and system unavailability.
Native Auditing 1. Run GPMC.msc → Create a new policy→ Assign it to the needed OU → Edit it → Computer Configuration → Policies → Windows Settings → Security Settings:
|