MIM User and Group membership snaps

SerialAdmin123 21 Reputation points
2021-03-09T15:19:54.74+00:00

Hi,
I'm just wondering is it possible to make historical snaps for MIM with AD group membership?

We have DB where we are keeping the desired state for users. So we know that user1 must be a member of Group1.
If the user1 will be a member of Group2 this should be threatened as a security alert and the user must be removed from Group2. That could be done by MIM.

But if we want to track such changes and make something like historical snaps with user-group membership information for the security investigations? How it could be done?

Thanks.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
737 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,807 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,361 Reputation points Microsoft Vendor
    2021-03-10T01:02:52.61+00:00

    Hi,
    By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.
    Under the computer configuration,

    75979-3101.jpg
    https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-group-membership

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Fan Fan 15,361 Reputation points Microsoft Vendor
    2021-03-15T07:03:18.433+00:00

    Hi,
     
    Just want to confirm the current situations.
    If there's anything you'd like to know, don't hesitate to ask.

    Best Regards,

    0 comments No comments

  2. SerialAdmin123 21 Reputation points
    2021-03-15T12:02:38.61+00:00

    Hi, thanks for the answer.
    I was trying to do that with MIM, but this would be good option.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.