<div>
I think that if you have auditing turned on then I think you can look in the security log for Event ID 5139.
</div>


I think that if you have auditing turned on then I think you can look in the security log for Event ID 5139.

<div>
5139 isn't correct in this.<br />
I found the following list from a few locations, when auditing is turned on. <br />
Open Event viewer and filter Security log to find event id’s (Windows Server 2003/2008-2012): <br />
- 631, 635, 648, 653, 658, 663/4727, 4731, 4754 , 4759, 4744, 4749 – Group created <br />
- 632, 636, 650, 655, 660, 665/4728, 4732, 4756 , 4761, 4746, 4751 – Member added to a group <br />
- 633, 637, 651, 656, 661, 666/4729, 4733, 4757, 4762, 4747, 4752 – Member removed from a group <br />
- 634, 638, 652, 662, 667, 657/4730, 4734, 4758, 4748, 4753, 4763 – Group deleted <br />
- 639, 641, 649, 654, 659, 664/4735, 4737, 4745, 4750, 4755, 4760 – Group changed <br />
- 566/4662 - An operation was performed on an object(OU Changes) (Type: Directory Service Access).
</div>


5139 isn't correct in this.
I found the following list from a few locations, when auditing is turned on.
Open Event viewer and filter Security log to find event id’s (Windows Server 2003/2008-2012):
- 631, 635, 648, 653, 658, 663/4727, 4731, 4754 , 4759, 4744, 4749 – Group created
- 632, 636, 650, 655, 660, 665/4728, 4732, 4756 , 4761, 4746, 4751 – Member added to a group
- 633, 637, 651, 656, 661, 666/4729, 4733, 4757, 4762, 4747, 4752 – Member removed from a group
- 634, 638, 652, 662, 667, 657/4730, 4734, 4758, 4748, 4753, 4763 – Group deleted
- 639, 641, 649, 654, 659, 664/4735, 4737, 4745, 4750, 4755, 4760 – Group changed
- 566/4662 - An operation was performed on an object(OU Changes) (Type: Directory Service Access).

<div>
That is awesome!<br />
Thanks pony10us
</div>


<div>
Glad I could help. &nbsp;<br />
<br />
Sorry I didn't give you all the information in the first response. &nbsp;We are a bit busy here and so I rushed my answer. &nbsp;I should know better. &nbsp;:(
</div>


Glad I could help.  

Sorry I didn't give you all the information in the first response.  We are a bit busy here and so I rushed my answer.  I should know better.  :(

<div>
<div class="content wysiwyg-content">
OS= Windows Server 2012<br />
<br />
In AD, if I have an OU name changed from &quot;OU=users&quot; to &quot;OU=Users&quot;, which log would I find this?
</div>
</div>


OS= Windows Server 2012

In AD, if I have an OU name changed from "OU=users" to "OU=Users", which log would I find this?

Windows Server 2012 logs

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.