Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1554
  • Last Modified:

Domain Admins group was modified - security event log

Someone has modified Domain Admins group, added user that does not belong in the group.

What event ID we need to search for to find this even?

Thank you,
0
itmti
Asked:
itmti
1 Solution
 
xDUCKxCommented:
This should help to understand what you're looking for:

http://www.windowsecurity.com/articles/windows-active-directory-auditing.html
0
 
itmtiAuthor Commented:
http://www.windowsecurity.com/articles/auditing-users-groups-windows-security-log.html  

Windows logs 5 different event IDs for each group type and scope combination. The 5 events correspond to the 5 operations Windows audits for each group: creation, change, deletion, member added and member removed.

None of those events are logged, they look like Windows 2000 logging maybe?

Cant seem to find a log for Domain Group modification.

Any suggestions?
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now