Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to find a change of data in AD?

Posted on 2013-06-26
16
Medium Priority
?
287 Views
Last Modified: 2014-07-31
A user has been given full admin rights!
Is there a way of finding out when this group was added to the user account?

Thanks
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
  • +2
16 Comments
 
LVL 42

Expert Comment

by:Meir Rivkin
ID: 39277306
which group?
do u mean when user were added to specific group?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39277307
domain admins
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39277308
yes
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 11

Accepted Solution

by:
mcnute earned 500 total points
ID: 39277309
You may not find out anymore, but you can in the future by modifying the logging properties of AD.
http://technet.microsoft.com/en-us/library/cc961809.aspx
0
 
LVL 42

Assisted Solution

by:Meir Rivkin
Meir Rivkin earned 1000 total points
ID: 39277322
for future auditing, u need to enable auditing for account management and check the event viewer
on the DC's for event id:
632 (add global group)
636 (add local group)
currently, You can see the last modification of the useraccount on the "Object" tab.
from http://www.winvistatips.com/define-date-user-has-been-added-ad-group-t708268.html
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39277332
enable auditing for account mgt.  - is this the same as mcnute has said?
0
 
LVL 42

Assisted Solution

by:Meir Rivkin
Meir Rivkin earned 1000 total points
ID: 39277423
yes kinda, u need to go and configure which audit properties you are interested in.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39277442
0
 
LVL 5

Assisted Solution

by:vin_shooter
vin_shooter earned 500 total points
ID: 39277554
Hi,

You can very well find who/when its been added.

You need to have follow the below steps,

step1:Use the command to get the DN path, dsquery user -name "logonid"

Need to replace logonid with actual userID. Now you'll get the DN Path of the account then,

Step 2: repadmin /showmeta "DNPATH" >>c:\temp\meta.txt

Navigate to c->temp & check for "meta.txt" open it & search the list of changes happened in the object. In that you'll get DC name in which the action of providing "full admin rights"  is performed. Search the security log's you'll came to know the ID who performed that activity.
0
 
LVL 2

Expert Comment

by:titan123
ID: 39277985
Is the auditing enabled ...???

If yes you can check at the logs.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39278014
It looks like (as per my link) its already been set, but i cannot find any records in the event logs...
0
 
LVL 5

Expert Comment

by:vin_shooter
ID: 39289465
Hi,

Have you followed the steps which i have given above..,
0
 
LVL 2

Expert Comment

by:titan123
ID: 39289653
If you are unable to find at the events logs at this case it is very impossible to say that this can be execute or not. Just for this case it is like if you would be using a third party applications also at that moment of case also this is bit impossible as they also can configure your ad auditing as you will go along with your Auditing Started.

If you want you can check out various auditing tools that are available but still there would be a compliance in the reports.

Thanks.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39289654
@  vin_shooter - yes.
@ titan - ?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39317110
Never got there in the end..
Oh well
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question