Solved

An Active Directory security group was deleted today. Is there an event ID I can look for an place in the event viewer I should look to find out what happened?

Posted on 2013-05-15
2
556 Views
Last Modified: 2013-05-17
We had an active directory security group vanish today and have to assume one of us deleted it by accident or with a script. Is there a place in the AD event viewer that would display what happened? Windows 2008 domain
0
Comment
Question by:Thor2923
2 Comments
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 500 total points
ID: 39169463
If you have auditing enabled you may search security logs of DC
Find below events based upon security Group type

4754 A security-enabled universal group was created.
4730 A security-enabled global group was deleted.
4734 A security-enabled local group was deleted
0
 
LVL 3

Expert Comment

by:violageek
ID: 39173351
As mentioned if you have auditing enabled you can look for event id 564 and event id 634 and event id 638 that are all related to deletion of objects.

Ref: http://support.microsoft.com/kb/174074
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question