I have an application which uses Dirsync to monitor the changes in AD. When I add/remove users to a group, AD creates an event for it. But when I delete a user from AD, it only create a changelog for user deletion. I don't get a changelog for "user removed from a group"
Is there some settings I can enable to view these kind of changes too?
When you delete an user, they are not automatically deleted from the group. Their SID is left lingering in the group membership unless you manually remove it. This happens to access controls as well, if you gave permission for a share to that user, you'll see a SID with no user information left on the share after you delete the user.
My organization adopted the policy of disabling users and moving them to a "Terminated Users" OU with a GPO attached that makes their session unusable if someone managed to re-enable the account. This allows us to avoid dangling SIDs and not have to worry about doing a full audit of group membership every time an employee leaves.
If you wish, you could do an audit once a year where you remove all permissions for a user, then delete the user, but I don't really feel it's necessary.
