Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

An Active Directory security group was deleted today. Is there an event ID I can look for an place in the event viewer I should look to find out what happened?

Posted on 2013-05-15
2
Medium Priority
?
562 Views
Last Modified: 2013-05-17
We had an active directory security group vanish today and have to assume one of us deleted it by accident or with a script. Is there a place in the AD event viewer that would display what happened? Windows 2008 domain
0
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 2000 total points
ID: 39169463
If you have auditing enabled you may search security logs of DC
Find below events based upon security Group type

4754 A security-enabled universal group was created.
4730 A security-enabled global group was deleted.
4734 A security-enabled local group was deleted
0
 
LVL 3

Expert Comment

by:violageek
ID: 39173351
As mentioned if you have auditing enabled you can look for event id 564 and event id 634 and event id 638 that are all related to deletion of objects.

Ref: http://support.microsoft.com/kb/174074
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question