When was an Active Directory Group Created or Modified?

This week I needed to figure out when a group was created in one of the Active Directory environments that I provide support for. I looked at the group using “Active Directory Users and Computers” and didn’t see anything that would tell me when it was created. I did a quick Google search and found a way to accomplish this for a similar item (a user object) using VBScript. The example for a user object that I found was on a “Hey, Scripting Guy! Blog”.

Here’s an example of how to find out when a group in Active Directory was created:

And here’s an example of how to find out when a group in Active Directory was modified:



  1. kimberly

    sign me up

  2. dan

    I’m not a coder, just a computer enthusiast who need to know when an account was created on a computer running XP Pro SP3.
    Where do I type the above code?
    Do I need to substitute any part of it with the specific account name?
    Please advice on how to use the above code.
    Thank you and I appologize for my computer skils not being up to par.

  3. Scott

    The script won’t offer the kind of reporting and filtering capabillities necessary for compliance purposes. If you need to monitor changes to AD for compliance, use the freeware version of netwrix active directory change reporter (www.netwrix.com), which monitors all changes made to AD. It sends daily reports that highlight all modifications, including those made to group memberships. It’s pretty useful.

  4. Kevin

    I haven’t run the script so don’t know if it provides more detail. isn’t the information simply found on the Object tab of the Properties dialog box? This shows creation and last modified dates.

  5. Ivan

    Just open AD in advanced view than you have Tab Object and there is when group/user/… was created and modifed

  6. pawan

    How to find out who created the group?

  7. Yathish Sukumar

    Use the AD advanced option and search the group, Go to the group security tab, click on advanced and click on Owner. You shoul dbe able to see the creator / Owners account updated. Though you can change it manually. In most of the case the data is genuie / untouched.

  8. Denial Parl

    Auditing must be enabled to track such changes in AD infra.
    By the way, Lepide active directory auditing also provides an automated way to track the changes made in active directory into real time. More information can be obtained at http://www.lepide.com/lepideauditor/active-directory-auditing.html


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: