Short Lived Windows Accounts
This search detects accounts that were created and deleted in a short time period.
This content is not mapped to any local saved search. Add mapping
Short Lived Windows Accounts Help
This search requires you to have enabled your Group Management Audit Logs in your Local Windows Security Policy and be ingesting those logs. More information on how to enable them can be found here: http://whatevernetworks.com/auditing-group-membership-changes-in-active-directory/
Open in Search