Event ID - 632

Event Id632
DescriptionSecurity Enabled Global Group Member Added:

Member Name: <Member Name>
      Member ID: <Member ID>
      Target Account Name: <Target Account Name>
      Target Domain: <Target Domain>
      Target Account ID: <Target Account ID>
      Caller User Name: <Caller User Name>
      Caller Domain: <Caller Domain>
      Caller Logon ID: <Caller Logon ID>
      Privileges: <Privileges>      

Event InformationAccording to Microsoft :

Cause :
This event is logged when a user or group account was added to a global security group on the domain.
1)The Member Name field specifies the user who was added.
2)The Member ID field specifies the user's domain-qualified user name.
3)The Target Account Name and Target Domain fields specify the group to which the user was added.
4)The Target Account ID is the security identifier (SID) of the user or group that was added.
5)The Caller User Name field specifies the user who made the change.
6)The Caller Logon ID field specifies the logon ID of the user who made the change.
7)The Privileges field for this event is usually empty.

Resolution :
This is an information event and No user action is required.


Cause: This audit record indicates that a new member has been added to a global group. This event also occurs when a user account is created and added to the built-in None group used internally by Windows 2000. There is no Failure Audit form of this audit event record. Adding members to groups can have security implications. This is especially true when a user is added to the Administrator group.
Reference LinksEvent ID 632 from Source Security

Alternate Event ID in Vista and Windows Server 2008 is 4728.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.