Event ID 4732 - A member was added to a security-enabled local group
Event ID | 4732 |
Category | Account management |
Sub category | Security group management |
Description | A member was added to a security-enabled local group |
When Active Directory objects such as an user/group/computer is added to a security local group, event ID 4732 gets logged.
This log data gives the following information:
Subject: User who performed the action | Security ID Account Name Account Domain Logon ID |
Member: Object added to the security group | Security ID Account Name |
Group: Security local group to which the object was added | Security ID Group Name Group Domain |
Additional Information | Privileges |
Why event ID 4732 needs to be monitored?
- Prevention of privilege abuse
- Detection of potential malicious activity
- Operational purposes like getting information on user activity like user attendance, peak logon times, etc.
- Compliance mandates
Pro tip:
ADAudit Plus audits, reports, and alerts group management actions performed on distribution and security groups making Active Directory auditing much easier.
Event 4732 applies to the following operating systems:
- Windows Server 2008 R2 and Windows 7
- Windows Server 2012 R2 and Windows 8.1
- Windows Server 2016 and Windows 10
Corresponding event ID for 4732 in Windows Server 2003 and older is 636
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools