We currently have our policies set to prevent privileged account modifications.
So we are seeing in the logs attempts by people who are administrators to modify the accounts.
This is great. It shows who attempted the modification, on what computer and what privileged group they tried to modify.
What I am wondering is if there is any way to see what account they are trying to add.
So one of our workstyles is for users who are still administrators. We see them trying to modify the groups.
Since they are already admins themselves they are not trying to add themselves. Therefore, I would like to see who they are trying to add.