?
Solved

An Active Directory security group was deleted today. Is there an event ID I can look for an place in the event viewer I should look to find out what happened?

Posted on 2013-05-15
2
Medium Priority
?
559 Views
Last Modified: 2013-05-17
We had an active directory security group vanish today and have to assume one of us deleted it by accident or with a script. Is there a place in the AD event viewer that would display what happened? Windows 2008 domain
0
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 2000 total points
ID: 39169463
If you have auditing enabled you may search security logs of DC
Find below events based upon security Group type

4754 A security-enabled universal group was created.
4730 A security-enabled global group was deleted.
4734 A security-enabled local group was deleted
0
 
LVL 3

Expert Comment

by:violageek
ID: 39173351
As mentioned if you have auditing enabled you can look for event id 564 and event id 634 and event id 638 that are all related to deletion of objects.

Ref: http://support.microsoft.com/kb/174074
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses
Course of the Month11 days, 19 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question