Christian Hans
asked on
AD - Domain Admins Group - Track changes
Is there a way to find out who or when a "service account" or "user account" was added to the "Domain Admins" Security Group?
I need to track who on my dept added an account to it and track down what the need/purpose was...
Thanks
I need to track who on my dept added an account to it and track down what the need/purpose was...
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just install Powershell v5
Also, without being able to do that, you would not be able to view privileged account changes without auditing enabled and configured in AD to track directory changes. It's not set up by default, so open ADUC in the Advanced View, right click the group, go to properties, select the Security Tab, go to advanced, and then check the Auditing tab. If nothing is shown there, you can't view auditing data because it isn't being recorded. This is also the case if the auditing logs are not large enough to record data going back far enough.