User's group memberships change without warning

  • Thread starter Thread starter John
  • Start date Start date
J

John

We are running Windows 2000 AD and occasionally a user's
membership to a specific group is removed so they cannot
access their group resources. This only happens to a small
number of people in the group, many others are still
listed as group members and have no problem.

Any ideas? Thanks.
 
John,

You can enable auditing for Directory Service Access on your DCs. You may
get more events then needed but you can then search on the username in the
Security event log when the group membership changes.

KB article 314955 explains how to enable AD object auditing:
http://support.microsoft.com/?id=314955

blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >Content-Class: urn:content-classes:message
| >From: "John" <[email protected]>
| >Sender: "John" <[email protected]>
| >Subject: User's group memberships change without warning
| >Date: Tue, 16 Dec 2003 07:06:36 -0800
| >Lines: 7
| >Message-ID: <[email protected]>
| >MIME-Version: 1.0
| >Content-Type: text/plain;
| > charset="iso-8859-1"
| >Content-Transfer-Encoding: 7bit
| >X-Newsreader: Microsoft CDO for Windows 2000
| >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| >thread-index: AcPD5jLwYJs1m5ogSF24UEmnp+T9vw==
| >Newsgroups: microsoft.public.win2000.active_directory
| >Path: cpmsftngxa07.phx.gbl
| >Xref: cpmsftngxa07.phx.gbl
microsoft.public.win2000.active_directory:59574
| >NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| >X-Tomcat-NG: microsoft.public.win2000.active_directory
| >
| >We are running Windows 2000 AD and occasionally a user's
| >membership to a specific group is removed so they cannot
| >access their group resources. This only happens to a small
| >number of people in the group, many others are still
| >listed as group members and have no problem.
| >
| >Any ideas? Thanks.
| >
 
Back
Top