Change to userWorkstations attribute not being logged

Regular Contributor

Hi all,


I'm trying to determine who modified the "userWorkstations" attribute of some accounts within Active Directory. (This is the attribute that stores the list of workstations that an account is allowed to sign in to, configured from the "Log on to..." link in ADAC.) Unfortunately, nothing appears to have been logged by MDI. I made a change to an account myself and checked in MDI after a while and confirmed that nothing was logged. Is this expected behavior? I see that MDI made note of changes to the "manager" attribute that I made to a couple accounts a few days ago, so I don't understand why this other change isn't being logged.



2 Replies
best response confirmed by Ryan Steele (Regular Contributor)

@Ryan Steele 

MDI doesn't track all attributes for all object types. See this page for the list of monitored activities.

Thanks Martin; this is helpful. I'm not sure I understand the rationale behind tracking changes to the "manager" field (which is unlikely to have any security implications) but not "userWorkstations" (which definitely does), but I will send feedback from the MDI portal about that.