We have some homegrown stuff that monitors specified groups and sends an email nightly if anything changes. Been doing that for quite sometime.
An example of one easy approach is at http://www.winnetmag.com/WindowsScripting/Article/ArticleID/38400/38400. html Sure you can audit it with built in auditing, dump the logs and scrape out the info you need. Also have seen examples of WMI sinks to monitor in real time -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser Sent: Thursday, June 10, 2004 9:51 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Security I need to know when the Domain Admin Group has a user added to it or at least have that operation audited, is there anyway to perform this with GPO or something built into win2k server. Thanks, Aaron Visser List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/