AD User Creation/Modifying logging

Posted on 2010-11-30
Medium Priority
Last Modified: 2012-05-10
I just found a user account added to the Domain Admins domain group. Is there a way to find out when or who added this account to the Domain Admins group?

Using Windows Server 2003 AD.

Question by:OdyChris

Accepted Solution

GWNet-working earned 668 total points
ID: 34238526
If you have auditing enabled you may be able to find out who added them using the security log.

Assisted Solution

losip earned 668 total points
ID: 34239027
Yes, look for event ID: 632 in the Security log which is for members being added to a global group.  Also look for event ID: 612 which is a change to the vents that are audited, in case the perpetrator stopped auditing, then added the user to the Domain Admins.

Please say you have auditing enabled!
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 664 total points
ID: 34239037
If you do have auditing enabled look for event 632 in the security logs, more information and screenshots in a previous question I helped with


The one thing you do know is that it has to be someone with elevated rights (another domain admin) or someone that has been delegated the right to add members to the DA group.



Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question