Wednesday, November 4, 2015

Monitor Active Directory Security Group membership changes

In many environments permission to add members to strong security groups (lets say Domain Admins group) is granted to many users.
Sometime those permissions are getting out of hand, so audit those group membership become vital.
In this post I would like to demonstrate how to audit security groups with build-in tools.

First step
Enable Audit account management to success in default domain controller policy (enabled by default):
Read more »
Posted by at 1 comment:
Labels: , , ,
Subscribe to: Posts (Atom)