Forum

We've been having some Windows 7 clients "disappearing" out of AD without generating event id 4743.  My first question:  Are there any auditing configurations that need to be performed in order to have event id 4743 generated when a computer object is deleted out of AD?

Thanks,

Tom 

auditpol /get /category:*

All domain controllers except one had the following audit policy:

System audit policy

Category/Subcategory                      Setting

System

  Security System Extension               Success and Failure

  System Integrity                            Success and Failure

  IPsec Driver                                   No Auditing

  Other System Events                       Success and Failure

  Security State Change                     Success and Failure

Logon/Logoff

  Logon                                    Success and Failure

  Logoff                                    Success and Failure

  Account Lockout                      Success and Failure

  IPsec Main Mode                         No Auditing

  IPsec Quick Mode                        No Auditing

  IPsec Extended Mode                   No Auditing

  Special Logon                              Success and Failure

  Other Logon/Logoff Events             Success and Failure

  Network Policy Server                    Success and Failure

Object Access

  File System                                  Success and Failure

  Registry                                       Success and Failure

  Kernel Object                                Success and Failure

  SAM                                             No Auditing

  Certification Services                        Success and Failure

  Application Generated                     Success and Failure

  Handle Manipulation                         No Auditing

  File Share                                            Success and Failure

  Filtering Platform Packet Drop        No Auditing

  Filtering Platform Connection         No Auditing

  Other Object Access Events            No Auditing

Privilege Use

  Sensitive Privilege Use                      No Auditing

  Non Sensitive Privilege Use             No Auditing

  Other Privilege Use Events              No Auditing

Detailed Tracking

  Process Termination                         Success and Failure

  DPAPI Activity                                     No Auditing

  RPC Events                                          Success and Failure

  Process Creation                                Success and Failure

Policy Change

  Audit Policy Change                          Success and Failure

  Authentication Policy Change         Success and Failure

  Authorization Policy Change            Success and Failure

  MPSSVC Rule-Level Policy Change No Auditing

  Filtering Platform Policy Change                     No Auditing

  Other Policy Change Events                             Success and Failure

Account Management

  User Account Management            Success and Failure

  Computer Account Management                   Success and Failure

  Security Group Management                          Success and Failure

  Distribution Group Management                    Success and Failure

  Application Group Management                     Success and Failure

  Other Account Management Events              Success and Failure

DS Access

  Directory Service Changes                               Success and Failure

  Directory Service Replication                          No Auditing

  Detailed Directory Service Replication          No Auditing

  Directory Service Access                Success and Failure

Account Logon

  Kerberos Service Ticket Operations              Success and Failure

  Other Account Logon Events                           Success and Failure

  Kerberos Authentication Service                   Success and Failure

  Credential Validation                         Success and Failure