feedburner
Enter your email address:

Delivered by FeedBurner


Auditing Changes Made to AD Objects

Labels:

Another important change to Active Directory that can be enabled in a Windows Server 2008 or Windows Server 2008 R2 functional domain is the concept of auditing changes made to Active Directory objects. Previously, it was difficult to tell when changes were made, and AD-specific auditing logs were not available. Windows Server 2008 RTM/R2 allows administrators to be able to determine when AD objects were modified, moved, or deleted.

To enable AD object auditing on a Windows Server 2008 RTM/R2 domain controller, perform the following steps:

1. From a member server or domain controller, click Start, All Programs, Administrative Tools, Group Policy Management.

2. Navigate to , Domains, , Domain Controllers, Default Domain Controllers Policy.

3. Click Edit.

4. In the GPO window, navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, Audit Policy.

5. Under the Audit Policy setting, right-click on Audit Directory Service Access, and click Properties.

6. Check the Define These Policy Settings check box, and then check the Success and Failure check boxes, as shown in Figure 4.15.

7. Click OK to save the settings.

Global AD DS auditing on all DCs will subsequently be turned on. Audit event IDs will be displayed as Event ID 5136, 5137, 5138, 5139, or 5141, depending on if the operation is a modify, create, undelete, move, or delete respectively.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

0 comments:

Post a Comment

Alltop, all the top stories
BlogMalaysia.com
All Malaysian Bloggers Project
Computer Blogs - BlogCatalog Blog Directory Add to Technorati Favorites
Technorati Profile
Top Computers blogs