Group Name vs. Account Name Expand / Collapse
Posted 5/28/2013 3:08:46 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 2/10/2014 3:26:52 PM
Posts: 4, Visits: 11
For Event ID 4728 (Member added to Global Group) the group's info is labelled as Group Name and Group Domain, which makes sense.  For Event ID 4756(Member added to Universal Group) the group's info is labelled as Account Name and Account Domain, which does not really make sense.  Is there a reason for this?  We forward our DC's security logs to a central log repository, and I am writing a query to allow users to find the results of group membership changes for a specified group.  I was basing my search on Group Name = <user specified group name>, which works on Global Groups but not Universal Groups.  After reviewing a few 4756 entries, I noticed they all refer to the group as Account Name, which is why my query does not work on them.

Before I modify my query to perform a differnet search based on the type of group, I wanted to know why there is a difference in the labelling of group names between event ID 4728 and 4756.

(I have attached a screen shot of each Event ID to show what I am referring to.)

  Post Attachments 
group events.png (5 views, 10.96 KB)
Post #1224
« Prev Topic | Next Topic »

Permissions Expand / Collapse

All times are GMT -5:00, Time now is 3:39pm