Open for Voting

preserve the SID in the logbook/change notification when deleting an object in AD

When you delete e.g. a user in ARM, there is no trace afterwards anymore what the SID was of the deleted user.

This is challenging when doing forensics if later on investigation is required, and "unknown" SIDs are found.

Therefore it would be useful to preserve the SID of the deleted object in the logbook

Workaround we do is manually copying the SID from the account view when the object is deleted (as it will display the SID after the deletion) into a seperate non-ARM logbook.