Active Directory: Group And Membership Changes (Windows Event IDs, Auditing, and Splunk)

By |2022-06-07T12:34:05-07:00May 1, 2020 - Friday|Security, Technology|5 Comments

Read: 12 mins. How do you find out who made a change to an Active Directory or Builtin Local Group? Which users were added to or removed from a group? When was a group deleted? In this post, we look at Group and Membership change Event IDs, and explore how to use Splunk to find relevant information to aid in your investigations.