?
Solved

windows 2008 event id database

Posted on 2011-02-16
8
Medium Priority
?
477 Views
Last Modified: 2012-05-11
when you do not know an event id but have an understanding of what you want to look for, is there a database where you can search by keyword - for example "remove user from group"- find it from the list, get the event id and then look in event viewer for that event id?

thanks
0
Comment
Question by:anushahanna
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 34909547
Best site is http://www.eventid.net/

Try this way while searching in google, this way you can drill down into the site

sites:http://www.eventid.net put your description
sites:http://www.microsoft.com exchange
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34909985
http://www.eventid.net to search by description is asking for membership.

trying
sites:http://www.eventid.net remove user from group
did not bring anything quickly or easily.

any other options?
0
 
LVL 44

Expert Comment

by:Amit
ID: 34910098
Search on google.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 6

Author Comment

by:anushahanna
ID: 34910499
I am trying..

compared to "remove user from group"
what are other appropriate words to search by?
0
 
LVL 44

Expert Comment

by:Amit
ID: 34910893
Try like

how to remove user from group active directory

what are you really trying to find. I can help you fast
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34916760
thanks Amit-

someone removed domain users from Admin group- just need to check the audit on that- when it was done.
0
 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 34917677
In order to trace that, first you need to enable the Auditing settings. Goto>Default Domain Controller policy and see what is enabled. Attaching screenshot.

Then goto to security logs and trace for event id

609 -  User Right Removed  

Here is the site which you are searching
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j

I hope you have all your answer now
audit.bmp
0
 
LVL 6

Author Comment

by:anushahanna
ID: 34919078
very very good - thanks.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question