Audit a security Group in AD

Hi all, is there a way to look for all changes that have been applied to a security group in AD

This AD group had additional members added, but i need to find out when these people were added, is that possible?

The server in question is a Microsoft Windows Server 2008 Standard FE 6.0.6002  - Service Pack 2

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Auditing is possible at object level. Right click the object - properties - security - advanced - auditig.
With auditing activated, membership changes will trigger event creation in the security event log at the DCs.

But: this will not help in your case because that change has already happened back in time.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
You need to ensure that AD Auditing is enabled on the Default Domain Controllers Policy. You can then choose what you want to audit and from there you will be able to see how added/removed members from groups and much more.

Take a look at my HowTo which illustrates how to setup AD Auditing.

I would also recommend using Active Directory Auditor by Lepide Software which will help you visually collect and read the Security Logs from all of your DC's in your environment.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
If you have auditing turned on as well as have the logs since the creation of the group then sure.  Realistically speaking, security auditing generates large logs which are configured to overwrite after reaching certain and then to overwrite older entries.  I do not believe you will be able to find out what you are looking for unless the group was created in the last couple/few days and that is only possible if you have auditing turned on.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.