I have an issue where a task/job run by the NT AUTHORITY\SYSTEM removes users from the Domain Admins. I am unable to find out if this is a task, GPO, or what is causing one our domain controllers to execute this. I then have to go and add all of our domains admins back in the group about 1 or 2 times a day. Is there a powershell command, utility, or any recommendation that will display what time a task or GPO runs to help troubleshoot this process? I need help figuring out what is causing the system account 'NT Authority\System' to remove the users from the domain admins.