Mini-Seminars Covering Event ID 4728 Auditing Active Directory Changes with the Windows Security Log

4728. A member was added to a security-enabled global group. 4729. A member was removed from a security-enabled global group. 4730. A security-enabled global group was deleted. 4731. A security-enabled local group was created. 4732. A member was added to a security-enabled local group. 4733. A member was removed from a security-enabled local ...

4728: A member was added to a security-enabled global group: Windows: 4729: A member was removed from a security-enabled global group: Windows: 4730: A security-enabled global group was deleted: Windows: 4731: A security-enabled local group was created: Windows: 4732: A member was added to a security-enabled local group: Windows: 4733

4625: An account failed to log on On this page Description of this event ; Field level details; Examples; This is a useful event because it documents each and every failed attempt to logon to the local computer regardless of logon type, location of the user or type of account.

Find group membership additions and deletions in the security log. Some of the events we’ll talk about are 4728, 4729, 4732, 4733, 4756 and 4757; How to identify who made the change, which group was affected and who the member is; Then we’ll talk about what to do with these events once you find them.

4768: A Kerberos authentication ticket (TGT) was requested On this page Description of this event ; Field level details; Examples; This event is logged on domain controllers only and both success and failure instances of this event are logged.

Operating Systems: Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022 Windows Server 2025: Category • Subcategory: Object Access • File System • Registry Policy Change • Authorization Policy Change: Type

4648: A logon was attempted using explicit credentials On this page Description of this event ; Field level details; Examples; This is a useful event for tracking several different situations:

4728: A member was added to a security-enabled global group. 4729: A member was removed from a security-enabled global group. 4730: A security-enabled global group was deleted. 4731: A security-enabled local group was created. 4732: A member was added to a security-enabled local group. 4733: A member was removed from a security-enabled local ...

Operating Systems: Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022: Category • Subcategory: Account Management • User Account Management: Type