No announcement yet.

Group Memberships

  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Memberships

    Hi everybody ! I'm new to this forum. I want to ask you a thing about group membership in Active Directory. Is it possible to know the date and time in which a user account was added into a group ?

    Thank you in advance for the consideration.

  • #2
    Re: Group Memberships

    Hi Lorenzo,

    Normally, you can check this in the security event log (if the account management auditing is turned on on the domain controllers).

    I guess it's turned on by default, but if not, you can turn it on via a policy.
    You can find it under computer configuration --> windows settings --> security settings --> local policies --> audit policy --> Audit account management

    Then you have to scan on specific events in the event logs on the DC's (there are tools for this available), e.g. event ID 632,

    An extraction of the help file :

    Audit account management
    This security setting determines whether to audit each event of account management on a computer. Examples of account management events include:
    A user account or group is created, changed, or deleted.
    A user account is renamed, disabled, or enabled.

    Account Management Events
    624 A user account was created.
    627 A user password was changed.
    628 A user password was set.
    630 A user account was deleted.
    631 A global group was created.
    632 A member was added to a global group.
    633 A member was removed from a global group.
    634 A global group was deleted.
    635 A new local group was created.
    636 A member was added to a local group.
    637 A member was removed from a local group.
    638 A local group was deleted.

    Hope this helps


    • #3
      Re: Group Memberships

      Yes Hagar, it helps a lot. Thank you very much.

      I think it would be nice if these informations were available also from the DSA.MSC.