Active Directory
A set of directory-based technologies included in Windows Server.
6,155 questions
User and group membership reconnaissance (SAMR)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 40%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
George OCAK
70
Reputation points
Hello,
We have received "User and group membership reconnaissance (SAMR)" from defender.
I only see the enumeration events no commands, process etc. related.
I was wondering how to find root cause for these queries from the user machine.
There is nothing seems suspicious but still we try to find what user machines made these.
Thanks.