I believe our AD may have been compromised. A user with
no Ad rights disabled an account. I reviewed their permissions and they have non to accomplish this.
I feel that in the past this user may have had been given delegation rights or some sort of LDAP rights. I need to audit all security on AD to find the hole.
I hoping someone might know of a good tool to accomplish this.
