The user making the change to OU's can be found in the log locations provided below

• User making the change highlighted in green. (User_Making_Change)
• OU Change and Settings highlighted in yellow.
• Service account for LDAP authentication in blue. (LDAP_Service_Account)

This change can be audited through NSX /var/log/syslog, /var/log/proton/nsxapi.log, and var/log/proton/localhost_access_log.txt in NSX manager or utilizing Aria.

^{Log Location = /var/log/syslog will show Old value and New value with a user that made the change. This change is an example of going from old value "All OU" setting to new value "2-OU's"
OLD = 2025-##-##T18:58:02.403Z nsx-421-01 NSX 3710822 - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="3c93d99d-08d4-40f3-a35f-2048831a22cf" splitId="9mj83sW2" splitIndex="1 of 2" subcomp="manager" update="true"] UserName="User_Making_Change", Src="192.168.1.10", ModuleName="PolicyIdentity", Operation="PatchOrCreateFirewallIdentityStore", Operation status="success", Old value=[{"base_distinguished_name":"DC=IDFW-support-01,DC=Domain","netbios_name":"OU-ALL","sync_settings":{"delta_sync_interval":180,"sync_delay_in_sec":30},"selective_sync_settings":{"enabled":false},"resource_type":"IdentityFirewallAdStore","id":"identity-firewall-store-UUID-######","display_name":"IDFW-support-01.Domain","path":"/infra/identity-firewall-stores/identity-firewall-store-UUID-######}

^{NEW = New value=["identity-firewall-store-UUID-######" {} {"base_distinguished_name":"DC=IDFW-support-01,DC=Domain","netbios_name":"OU-ALL","sync_settings":{"delta_sync_interval":180,"sync_delay_in_sec":30},"selective_sync_settings":{"enabled":true,"selected_org_units":["OU=LABS,DC=IDFW-support-01,DC=Domain","OU=USERS,DC=IDFW-support-01,DC=Domain"]},"resource_type":"IdentityFirewallAdStore","id":"identity-firewall-store-UUID-######","display_name":"IDFW-support-01.local","path":"/infra/identity-firewall-stores/identity-firewall-store-UUID-######}

<sub>Log Location = /var/log/proton/nsxapi.log
2025-##-##T18:57:56.449Z  INFO http-nio-127.0.0.1-7440-exec-8 NsxTRestClient 3710822 POLICY [nsx@6876 comp="nsx-manager" level="INFO" reqId="3c93d99d-08d4-40f3-a35f-2048831a22cf" subcomp="manager" username="User_Making_Change"] NSX API POST http://127.0.0.1:7440/nsxapi/api/v1/directory/ldap-server?action=CONNECTIVITY is called with DirectoryLdapServerDto{domainName=  IDFW-support-01.Domain', host='DomainController.IDFW-support-01.Domain', port='389', protocol='LDAP', thumbprint='null', username='LDAP_Service_Account', super{ManagedResource{resourceType='null', aCreateUser='User_Making_Change', aCreateTime='175934900000', aLastModifiedUser='User_Making_Change', aLastModifiedTime='175935000000', aSystemOwned='null', aProtection='null', id='c22b7c0a-a9a0-46f8-a879-64d84824f80d', displayName='Domain_Controller', description='null', tags='null', super{RevisionedResource{aRevision='2', super{Resource{aSelf='null', aLinks='null', aSchema='null'}}}}}}}

API Call Location = var/log/proton/localhost_access_log.txt
2025-##-##T18:58:02.403Z - "PATCH /nsxapi/api/v1/infra/identity-firewall-stores/identity-firewall-store-UUID-###### HTTP/1.1" 200 - 6224 6224 +</sub>

Following the setting "selected_org_units" in the logs will show what the previous selection of OU's were. This will help put back the original configuration.

This setting can be changed back to All or select only the OU's that are needed for IDFW authentication.