Delete All Child Objects auditing entry for an Active Directory object does not record an event log entry in Windows Server 2003

When you set the Delete All Child Objects auditing entry for an Active Directory object in Microsoft Windows Server 2003, and then you delete an Active Directory object that you want to audit, the event log does not record the deletion.

This behavior occurs because when you set the Delete All Child Objects auditing entry, you must also set the Delete auditing entry.

This Windows Server 2003 behavior corrects the behavior in Microsoft Windows 2000 Server. In Windows 2000, you can set the Delete All Child Objects auditing entry without setting the Delete auditing entry. However, when an object is deleted, the event log entry does not specify which object was deleted. The event log states only that an object had been deleted from a specific container.

In Windows Server 2003, if you set the Delete auditing entry and the Delete All Child Objects auditing entry, and then you delete an audit child object, the event log specifies which object has been deleted and the container that the object was deleted from.

For additional information about auditing Active Directory objects, click the following article number to view the article in the Microsoft Knowledge Base: