Solved

User Acct. is being removed from AD group.

Posted on 2010-09-16
4
641 Views
Last Modified: 2012-06-22
I have added a user account to a Global group, and twice I have found the next day, that the account has been removed from the group.  I have Auding enabled, and have found the Event ID 633....

Type:      Audit Success
Source:      Security
Event ID:      633
Event Time:      9/16/2010 8:21:18 AM
User:      NT AUTHORITY\SYSTEM
Computer:      Pri-DCSVR00
Description:
Security Enabled Global Group Member Removed:
      Member Name:      CN=Joe Blow,OU=Contractors,OU=Technology Department,OU=STL,DC=acme,DC=com
      Member ID:      %{S-1-5-21-1814976544-1464880352-2118856591-5839}
      Target Account Name:      Test_Consult
      Target Domain:      Test
      Target Account ID:      %{S-1-5-21-1814976544-1464880352-2118856591-5712}
      Caller User Name:      -
      Caller Domain:      -
      Caller Logon ID:      (0x0,0x92837100)
      Privileges:      -

I am lost by the "User" that is removing the account from the Group, that user being "NT AUTHORITY\SYSTEM".  Is there a way to find out who or why this is getting removed?
0
Comment
Question by:mbigogno
  • 2
4 Comments
 
LVL 24

Accepted Solution

by:
Mike Thomas earned 250 total points
ID: 33698874
It is possibly being removed by a group policy.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33698877
And do you really have a contracter called Joe Blow? cos that's a cool name. ;)
0
 
LVL 22

Expert Comment

by:65td
ID: 33705156
I'd be leaning to a GPO as well, look in restricted groups.
0
 

Author Closing Comment

by:mbigogno
ID: 33734378
Sorry it took so long to get back.  Had another administrator mucking around with group policy.  That was the fix.  Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now