Audit AD Group membership removal

Question

Hi All, 
 I have had a request for some audit trails that show people being removed from AD groups, either through attestation or the group owner removing them in the IT Shop. I can't quite work out which is the best table to query here... I have looked in JobHistory, DPRJournal...... 
 Can anyone recommend where I would find this info so that I can build a report to send to the Auditors? 
 Thanks 
 Paul

Barry Jackson · Answer

Hi, 
 You would need to enable delete logging on the UID_ADSGroup and UID_ADSAccount columns on the ADSAccountInADSGroup table. Then, assuming you have history enabled for propertylog (and you have a history database configured) you can query the DialogWatchOperation and DialogWatchProperty tables (on the main DB) and the WatchOperation and WatchProperty tables (on the history DB). 
 HTH, Barry.