Active Directory Group Membership Change Monitoring

Guest · Oct 31, 2005

I need Active Directory Group Membership Change Monitoring. I can find when
a group was changed but not who changed it.

Joe Richards [MVP] · Oct 31, 2005

You need to enable AD auditing or buy third party products to get the who.

Guest · Oct 31, 2005

How would we go about enabling auditing on the DC? Which part of the event
viewer will the information be displayed?

Joe Richards [MVP] · Oct 31, 2005

http://support.microsoft.com/default.aspx?scid=kb;en-us;314977&sd=tech

Once you have AD auditing enabled you will need to set the auditing ACEs on the
objects you want audited just like any other security auditing in Windows.

The events would show up in the security log with other audit events.

Brian Desmond [MVP] · Oct 31, 2005

There's some 600 series events logged in the sec log of the DC where a group
add/drop is originated. It includes who did it, who was added/removed, and
some other useful information. I found the information as to all the
eventids in the MS Press Security Res kit which is on technet or your local
bookstore.

I collect all this information into a large sql database and produce sql
report services reports.

--
Thanks,
Brian Desmond
Windows Server MVP

www.briandesmond.com

Jorge_de_Almeida_Pinto · Nov 1, 2005

I need Active Directory Group Membership Change Monitoring. I
can find when
a group was changed but not who changed it.

if auditing is enabled and configured you will also be able to see who
made the change

Guest · Jul 12, 2006

Hi Joe,
Can you recommend any 3rd party software that can do this Monitoring??

Joe Richards [MVP] · Jul 12, 2006

I would recommend looking at the NETPRO and QUEST tool sets.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

Rob · Apr 14, 2008

You might want to try netwrix active directory change reporter. It track
changes in all AD, and it's especially helpful because it show what changes
were made, who made those change and when.
Best wishes,
Robert Harris.

Bobby Arts · Jan 28, 2011

+ 1 for Netwrix, really nice product and much less expensive than Quest. BTW NetPro doesn't exist anymore (purchased by Quest).

aidansimister · Jan 31, 2012

Yeah - again, I'd definitely take a look at the NetWrix offerings.... Active Directory, Exchange, Group Policy... Change Auditing.. quite a few of their tools are free aswell... www.netwrix.co.uk

Autocomplete cache out of sync with AD	1	Feb 25, 2011
authoritative restore & group memberships	2	Jul 4, 2005
Reading Distribution List Membership	4	May 6, 2005
Active Directory Group Membership	0	Mar 14, 2008
retrieve group user membership when offline	6	Apr 22, 2008
AD and GroupMembershipSAM	1	Jan 4, 2005
filter to deny access based on group membership	1	Dec 17, 2004
URGENT HELP PLEASE! Problems with AD Permissions	2	Sep 22, 2009

Active Directory Group Membership Change Monitoring

Guest

Joe Richards [MVP]

Guest

Joe Richards [MVP]

Brian Desmond [MVP]

Jorge_de_Almeida_Pinto

Guest

Joe Richards [MVP]

Rob

Bobby Arts

aidansimister

Ask a Question

Similar Threads