Hi All,
I have group policy which is linked to domain controllers container, Policy contains audit settings for directory service access and I have enabled it only for failure.
I have one non-privileged domain user account which has the capability to read the groups in domain.
Whenever I try to query any group, for ex: domain admins. In my case I should not receive any event in event viewer on mentioned domain controller in below command as I have not enabled "Success" audit,
However though I am able to successfully enumerate the groups using my domain user account it still giving me Audit failure event 4662.
Get-adgroupmember "domain admins" -server aaaadc.test.domain
Kindly advise what is the reason I am getting audit failure.
Regards
Afsar Shariff