I am seeing this Security event periodically. It is removing a domain account from the local admin for a specific windows 2008 R2 server.
Some Admin group accounts are being removed and readded programatically.
Some are being removed and not readded. Why is this occuring?
Where do I look?
It is causing my ADRMS services to not work.
A member was removed from a security-enabled local group.