Event id delete user active directory
Posted by hutsonford 2021-09-01T18:43:36Z Had a user contact us today stating that they couldn't log into their PC. Thinking it was a simple password issue, we went to unlock their account only to discover that their account no longer existed in AD. My logs are not showing the account as having been deleted, disabled or expired. Anyone have a suggestion to take a look into?
Read these next...
What is Event ID 4738?Event 4738 is generated every time a user object is changed. At times, this event may not show any changes—that is, all Changed Attributes appear as “-. “ This usually happens when a change is made to an attribute that is not listed in the event. In this case, there's no way to determine which attribute was changed.
What is event ID 4733?Event Description:
This event generates every time member was removed from security-enabled (security) local group. This event generates on domain controllers, member servers, and workstations. For every removed member you will get separate 4733 event.
What is event ID 5141?Description. This event documents deletion of AD objects, identifying the object deleted and user who deleted it.
What is Event ID 4732?Event ID 4732 – A member was added to a security-enabled local group. As described, this Event ID tracks when a member — either a domain user or local user — is added to any security-enabled local group. There are many local groups, but the most commonly monitored local group is the local Administrator group.
|