To enable AD object auditing on a Windows Server 2008 RTM/R2 domain controller, perform the following steps:
1. From a member server or domain controller, click Start, All Programs, Administrative Tools, Group Policy Management.
2. Navigate to
3. Click Edit.
4. In the GPO window, navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, Audit Policy.
5. Under the Audit Policy setting, right-click on Audit Directory Service Access, and click Properties.
6. Check the Define These Policy Settings check box, and then check the Success and Failure check boxes, as shown in Figure 4.15.
7. Click OK to save the settings.
Global AD DS auditing on all DCs will subsequently be turned on. Audit event IDs will be displayed as Event ID 5136, 5137, 5138, 5139, or 5141, depending on if the operation is a modify, create, undelete, move, or delete respectively.