Active Directory group membership timestamp


I am trying to find a timestamp for when a Machine Object was added to an active directory group.

I know the object doesn't change it's "last modified" date when added to a group because it is the group that is being modified. I have a query in SCCM that checks the group every 24 hours. My helpdesk is saying it is not working, and I want to ensure the additions are happening when they say they are.

Best Answer

You can use repadmin to determine when values were added to the member attribute. (This may not work for very old groups that were created in Windows 2000 before Linked Value Replication).

repadmin /showobjmeta DCName "CN=Groupname,OU=SomeOU,DC=contoso,DC=Com"  

In the example below, the member was added on 2014-03-27 10:02:48.

repadmin /showobjmeta CONTOSOSEADC1 "CN=HQUsers,OU=Groups,OU=HQ,DC=contoso,DC=com"

11 entries.
Loc.USN                           Originating DSA  Org.USN  Org.Time/Date        Ver Attribute
=======                           =============== ========= =============        === =========
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 objectClass
  16521             CONTOSO-SEASite\CONTOSOSEADC1     16521 2015-12-04 10:09:13    1 cn
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 instanceType
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 whenCreated
  16521               CONTOSO-MDSite\CONTOSOMDDC1    520631 2015-04-16 04:21:30    6 nTSecurityDescriptor
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 name
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 objectSid
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 sAMAccountName
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 sAMAccountType
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 groupType
  16521               CONTOSO-MDSite\CONTOSOMDDC1    112064 2014-03-27 10:02:30    1 objectCategory
2 entries.
Type    Attribute     Last Mod Time                            Originating DSA  Loc.USN Org.USN Ver
======= ============  =============                           ================= ======= ======= ===
        Distinguished Name
PRESENT       member 2014-03-27 10:02:48            CONTOSO-MDSite\CONTOSOMDDC1   16963  112070   1
        CN=Greg Askew,OU=Users,OU=HQ,DC=contoso,DC=com