none
Removing GPO Deletes server object

    Question

  • We recently had around 25 server objects deleted from AD. According to the responsible party the cause of this was a deleted GPO. This was a first for me so I wanted to get more opinions on if this is even possible.
    Saturday, February 06, 2016 12:10 AM

Answers

  • Hello,

    If there is no events record the deletion of those servers, what you can get is what they told you. No matter what kinds of server they are, GPO deletion won't remove server objects, you may check whether those server is removed by scripts.

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 1:53 AM
    Moderator

All replies

  • Hello,

    GPO policy deletion has caused servers' objects to be deleted? It's not a normal situation. If you have Active Directory service's audit logging configured, you should review it for the true cause.


    My LinkedIn profile

    Saturday, February 06, 2016 4:03 PM
  • Hello,

    GPO deletion should not remove Domain computers from the domain.

    I would like to suggest you check your auditing log if you have auditing policy enabled.

    The article below should be helpful:

    Tracing down user and computer account deletion in Active Directory

    http://blogs.technet.com/b/abizerh/archive/2010/05/27/tracing-down-user-and-computer-account-deletion-in-active-directory.aspx

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, February 08, 2016 8:23 AM
    Moderator
  • We were able to trace the responsible party by going through the Event Viewer logs but it was unclear how the deletion was done. All we have to go on is what the user has told us. If it makes any difference the servers were virtualized Citrix servers.
    Thursday, February 18, 2016 6:56 PM
  • Hello,

    If there is no events record the deletion of those servers, what you can get is what they told you. No matter what kinds of server they are, GPO deletion won't remove server objects, you may check whether those server is removed by scripts.

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 1:53 AM
    Moderator