Member '-' was removed from security-enabled... Expand / Collapse
Posted 3/8/2013 2:01:18 PM
Junior Member

Junior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior Member

Group: Forum Members
Last Login: 10/17/2013 10:38:49 AM
Posts: 16, Visits: 3
Once I came across a peculiar event ( 4729 - Fortunately I managed to understand that it was an event triggered when a member removed from a security group ) recorded in the security log of a Domain controller, however the member name field was with " - " . I followed the trail taking the member SID and found that the user was disabled a week before and moved to a different OU.

In our environment, we have three tier methodology to remove expired users from groups in Active Directory.

1. Disable the user account
2. Move it to a different OU ( Disabled User accounts OU )
3. We run a shell script weekly which would remove the users from all the groups in which they were a member of

Is that some thing happened because of the script or does it signify any action ?
Post #1185
Posted 8/20/2015 1:50:59 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/20/2015 1:47:20 PM
Posts: 1, Visits: 0
Hey I would be very much interested in seeing your shell script so I could possibly use it in my environment in a similiar fashion. I already do the ou for disabled users. I'm guessing your script checks that ou and if someone is in there grabs that username and checks to see if there are any security permissions for any folders with those credentials. and in theory if those credentials exist removes them? Idk.. I would really like a tool like that to make sure i'm cleaning up as much that needs to be.

Post #4827
« Prev Topic | Next Topic »

Permissions Expand / Collapse

All times are GMT -5:00, Time now is 8:42am