nico-
asked on
Tracking domain accounts in the administrator group
Hello
Is there a tool/method to track a domain account that appears several times in the administrator groups on servers ?
Thanks
Is there a tool/method to track a domain account that appears several times in the administrator groups on servers ?
Thanks
You can use below command to list members of groups.
dsget group "CN=GroupName,DC=domainame ,DC=local" -members
In order to find out changes, creation or deletion events, you must keep the “Account Management” auditing enabled.
Apart from the auditing, you can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships.
NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html
Quest: http://www.quest.com/changeauditor-for-active-directory/
dsget group "CN=GroupName,DC=domainame
In order to find out changes, creation or deletion events, you must keep the “Account Management” auditing enabled.
Apart from the auditing, you can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships.
NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html
Quest: http://www.quest.com/changeauditor-for-active-directory/
If these are domain groups you can check the metadata also
repadmin /showobjmeta test-dc01 "CN=Test Group,OU=Groups,DC=techeva n,DC=lab"
You will see something like
Type Attribute Last Mod Time Originating DSA Loc.USN Org.USN Ver Distinguished Name
=== ======== =========== ================= ======= ======= === =========================
ABSENT member 2010-11-05 16:55:28 TestSiteTEST-DC01 749327 749327 2 CN=Rick Sheikh,OU=Users,DC=techeva n,DC=lab
repadmin /showobjmeta test-dc01 "CN=Test Group,OU=Groups,DC=techeva
You will see something like
Type Attribute Last Mod Time Originating DSA Loc.USN Org.USN Ver Distinguished Name
=== ======== =========== ================= ======= ======= === =========================
ABSENT member 2010-11-05 16:55:28 TestSiteTEST-DC01 749327 749327 2 CN=Rick Sheikh,OU=Users,DC=techeva
ASKER
Hello
Other way around. Need to know how many times a domain account appears in the local administrators group in the server estate.
I've seen this done before but can't remember how. Maybe a tool like AD Manager ?
Other way around. Need to know how many times a domain account appears in the local administrators group in the server estate.
I've seen this done before but can't remember how. Maybe a tool like AD Manager ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
way over my head that :) but it looks good.
ASKER
No idea if that was right :)
4727 – A security-enabled global group was created.
4728 – A member was added to a security-enabled global group.
4730 – A security-enabled global group was deleted.
4731 – A security-enabled local group was created.
4732 – A member was added to a security-enabled local group.
4733 – A member was removed from a security-enabled local group.
4734 – A security-enabled local group was deleted.
4735 – A security-enabled local group was changed.
4737 – A security-enabled global group was changed.
4754 – A security-enabled universal group was created.
4755 – A security-enabled universal group was changed.
4756 – A member was added to a security-enabled universal group.
4757 – A member was removed from a security-enabled universal group.
4758 – A security-enabled universal group was deleted.